SonicWall: Ransomware Attacks Targeting End-of-Life Appliances

A new SonicWall urgent security notice warns of imminent ransomware attacks targeting unpatched, end-of-life appliances.

While collaborating with third parties, SonicWall learned of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched, and end-of-life (EOL) 8.x firmware. This is an imminent ransomware campaign using stolen credentials.

The exploitation targets a known vulnerability that has been patched in newer versions of firmware, SonicWall said.

Organizations that fail to take appropriate actions to mitigate these vulnerabilities are risking a ransomware attack, it said.

“If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation,” SonicWall said.

To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, SonicWall is providing a virtual SMA 500v until Oct. 31.

Act ‘Like Your House is On Fire’

Andrew King is BreachQuest‘s CISO. He said if a vendor is telling you there’s a threat, “you should probably take them seriously and act immediately, like your house is on fire.”

BreachQuest’s Andrew King

“These events continue to highlight the need for life cycle management, patch management and privileged access management,” he said. “None of these processes are sexy. They’re monotonous, never-ending tasks that are fundamental to a security program. They take spend on technology, on people and vendors to implement and maintain, and are not quick fixes.”

Tim Wade is technical director of Vectra‘s CTO team.

Vectra’s Tim Wade

“By hook or by crook, criminals are motivated to find an entry point into the enterprise,” he said. “Software exploitation today, phishing tomorrow, and software exploitation again the next day. Same story, different names and faces.”

Enterprises must maintain resilience against the inevitability of their prevention and protection practices failing, Wade said.

“As security practitioners, we’ll never prevent, patch and harden our way out of this problem,” he said.

Path of Least Resistance

Alec Alvarado is threat intelligence team leader at Digital Shadows. He said this highlights how ransomware actors continue to identify the path of least resistance.

Digital Shadows’ Alec Alvarado

“The targeting of end-of-life (EoL) products is a proven and effective technique for extortion actors,” he said. “Examples include the targeting of Accellion’s FTA, which was on its way out at the point of exploitation, but resulted in a significant fallout after the Cl0p ransomware group obtained data belonging to Accellion’s customers through a vulnerability.”

Targeting EoL products serves as a reminder of the importance of maintaining accountability of old and new technologies, Alvarado said.