SonicWall Partners On High Alert After Hack Exposes Tool Flaw

SonicWall’s 21,000 channel partners had a very long weekend after the company admitted a sophisticated cyberattack against its internal systems had revealed zero-day product vulnerabilities.

Silicon East President Marc Harrison and two of his employees put in 36 hours of work Saturday and Sunday with almost no sleep after the Milpitas, Calif.-based platform security vendor disclosed it was hacked in at 11:15 p.m. ET Friday. The Marlboro, N.J.-based partner has 17 customers with 800 users on versions of the NetExtender VPN client or SMA 100 product that were initially reported compromised.

Harrison said Silicon East spent between four and six hours Saturday turning off SSL-VPN connections for all impacted users, and ended up working until 2 a.m. ET Sunday. Then at 10:45 p.m. ET Saturday, SonicWall updated its guidance to tell customers that NetExtender didn’t have a zero-day vulnerability after all, and that only its Secure Mobile Access (SMA) 100 series product remains under investigation.

[Related: SonicWall Breached Via Zero-Day Flaw In Remote Access Tools]

As a result, Harrison and his associates returned to work Sunday morning to re-enable SSL-VPN access for the 14 customers and more than 400 employees at organizations using only NetExtender but not SMA 100. But given how extensively SSL-VPN connections have been used for remote work during COVID-19, Harrison needed to help the three clients and 400 users who were being blocked from work.

“This has been extreme pain,” Harrison said. “People are annoyed and upset, but understand it could have been a lot worse if they had been breached.”

For Silicon East’s three SMA 100 customers, Harrison attempted to follow SonicWall’s guidance to use NetExtender for remote access with the SMA 100 series while disabling Virtual Office, but couldn’t figure out how to do it. Harrison tried unsuccessfully to reach SonicWall tech support for 12 hours Sunday, and finally connected with someone Monday who told him they also weren’t aware of any way to do this.

“The workaround SonicWall published Saturday night is not implementable,” Harrison said. He expected SonicWall would provide partners with more…