Think Your VPN is Safe? Think Again
Table of Contents
- By Dawna M. Roberts
- Published: Jul 27, 2021
- Last Updated: Mar 18, 2022
On July 14, Sonicwall, a networking equipment manufacturer, posted an urgent message on its website to alert customers of a serious ransomware threat using some of its products.
What is the Issue?
In its notice, Sonicwall said collaboration with trusted third-parties led them to the discovery of bad actors exploiting its “Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.”
Sonicwall assures customers that the vulnerability has since been patched in an updated version of the firmware.
What Should Customers Do?
According to Sonicwall, some of the products are not updatable. Therefore, they should be disconnected, and passwords reset. In addition, they posted the following instructions for customers of these products:
“Organizations using the following end-of-life SMA and/or SRA devices running firmware 8.x should either update their firmware or disconnect their appliances per guidance below.
-
SRA 4600/1600 (EOL 2019).
-
Disconnect immediately.
-
Reset passwords.
-
-
SRA 4200/1200 (EOL 2016).
-
Disconnect immediately.
-
Reset passwords.
-
-
SSL-VPN 200/2000/400 (EOL 2013/2014).
-
Disconnect immediately.
-
Reset passwords.
-
-
SMA 400/200 (Still Supported, in Limited Retirement Mode).
-
Update to 10.2.0.7-34 or 9.0.0.10 immediately.
-
Reset passwords.
-
Enable MFA.
-
While not part of this campaign targeting SRA/SMA firmware 8.x, customers with the following products should also ensure that they’re on the latest version of firmware to mitigate vulnerabilities discovered in early 2021.
-
SMA 210/410/500v (Actively Supported).
-
Firmware 9.x should immediately update to 9.0.0.10-28sv or later.
-
Firmware 10.x should immediately update to 10.2.0.7-34sv or later.”
-
“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk” Sonicwall said in its notice.
The company posted a strict warning that if the device cannot be updated and customers continue to use it, it may very well result in ransomware. Sonicwall reassured SMA 1000 customers that these devices are not affected but should be updated to the latest firmware anyway.
Additional tips include turning on two-factor authentication and resetting all passwords.
This latest issue is the fourth in a series of vulnerabilities putting Sonicwall device users at risk.
What is a VPN?
A VPN is a virtual private network and may be a software or hardware device. VPNs are used as a security measure to mask a user’s IP address and conceal their online browsing activities to keep private/personal information out of the hands of hackers.
VPNs use secure encryption to protect internet connections between user devices and the servers they are browsing. The VPN essentially creates a private tunnel through which the user can access online resources and send personal information (such as entering credentials into a login form) without anyone intercepting the data. Using a VPN also hides your IP address, making it appear that you are logging in from a different location (which could even be another country).
Some people use VPNs to access streaming services that are not available in their residential location.
VPNs come in both software and hardware versions. They are highly regarded as a safe, private way to access the internet and protect personal information. However, hardware and software flaws leave users open to cyber attacks, as with the Sonicwall example.
When using VPN software or hardware, keep it updated with the latest security patches and if a device reaches its “end-of-life,” discard it and replace it with a newer version. The idea behind using a VPN is safety and security, and if the appliance is no longer viable, then that protection is lost.