Tag Archive for: SonicWALL

Ransomware attacks surged 2X in 2021, SonicWall reports

/in


Join today’s leading executives online at the Data Summit on March 9th. Register here.

In the latest indicator of just how severe the ransomware problem became last year, new data released today by cybersecurity vendor SonicWall reveals that the total number of ransomware attacks more than doubled in 2021 – jumping 105% during the year compared to 2020.

It’s a stunning increase, considering how bad ransomware already was in 2020, and shows that ransomware has solidified its status even further as a “weapon of choice” for cyber criminals, said Bill Conner, president and CEO at SonicWall.

In case there was any doubt about it at this point, ransomware is “not going away anytime soon,” Conner said.

The data was released in the 2022 SonicWall Cyber Threat Report, and based on telemetry data from SonicWall’s customer base as well as from infrastructure such as honeypots operated by the company’s threat research team. SonicWall offers security products across network, email, endpoint, and secure access, and reports having more than 500,000 customers.

Due to the massive amount of data that SonicWall is able to capture, the company says that its findings can be viewed as representative of the ransomware issue on the whole. The findings are a “statistical proxy for what’s going on out there” in terms of overall ransomware attacks, said Dmitriy Ayrapetov, vice president of platform architecture at SonicWall.

Accelerated threat

The 105% spike in ransomware attacks in 2021 was also a significant acceleration from the rate of increase in the previous year, when ransomware attacks climbed 62%, year-over-year, according to SonicWall.

And compared to 2019, ransomware attacks were more than three times higher in 2021, marking a 231% increase in two years, the report says.

To put the 2021 ransomware surge further in perspective, the worst month for attacks in 2020 would’ve qualified as one of the better months in 2021, according to the report.

The bottom line is that ransomware is only growing in popularity with cyber criminals because it’s “where the money is,” Ayrapetov said. “If you’re going to monetize an attack, and want…

Source…

Hackers used SonicWall zero-day flaw to plant ransomware

/in


Security

Image: Pixabay

Ransomware group UNC2447 used an SQL injection bug to attack US and European orgs

Print

PrintPrint

Pro

Read More: security SonicWall

Security researchers have discovered a new strain of ransomware designed to exploit a SonicWall VPN zero-day vulnerability before a patch was available.

According to researchers at Mandiant, the flaw exists in SonicWall’s SMA-100 series of VPN products. Hackers, who Mandiant dubbed UNC2447, targeted organizations in Europe and North America with a new ransomware known as FiveHands, a rewritten version of the DeathRansom ransomware.

Hackers deployed the malware as early as January this year along with Sombrat malware at multiple victims that were extorted. Researchers noted that in one of the ransomware intrusions, the same Warprism and Beacon malware samples previously attributed to UNC2447 were observed. Researchers are certain that the same hacking group used Ragnar Locker ransomware in the past.

 
advertisement


 

“Based on technical and temporal observations of HelloKitty and FiveHands deployments, Mandiant suspects that HelloKitty may have been used by an overall affiliate program from May 2020 through December 2020, and FiveHands since approximately January 2021,” the researchers said.

Researchers said FiveHands is…

Source…

SonicWall Issues Patch For Zero-Day Vulnerability

/in


Just days after disclosing that a highly skilled cyber attacker had exploited zero-day vulnerabilities in some of its secure remote access products, SonicWall has issued a patch for the affected products.

The firewall and cybersecurity company is urging users of the SMA 100 series 10.X firmware to update immediately to patch a zero-day vulnerability on SMA 100 series 10.x code.

This comes about a week after the vulnerabilities were disclosed on several versions of the company’s Secure Mobile Access (SMA) series of gateway products.

Exploits included the possibility to gain admin credential access and a subsequent remote-code execution attack, according to SonicWall.

“All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation,” reads a message on the company’s website.

Affected SMA devices with the 10.x firmware that require the patch include physical appliances like the SMA 200, SMA 210, SMA 400 and SMA 410. Virtual appliances that need patching include SMA 500v (Azure, AWS, ESXi, HyperV).

Last week, the company said in a series of posts on its website that it identified a coordinated attack on its internal systems by sophisticated cyber actors via probably zero-day vulnerabilities.

“SonicWall provides cybersecurity products, services and solutions designed to help keep organizations safe from increasingly sophisticated cyber threats,” the company said in a post last week.

“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations.”

On Wednesday, the company said it isn’t yet aware of forensic data that can determine if a user’s device was attacked.

According to SonicWall, vulnerable virtual SMA 100 series 10.x images have been pulled from AWS and Azure marketplaces and updated images will be re-submitted as soon as possible.

The approval process is expected to take several weeks. For now, customers in Azure and AWS can update via incremental updates.

How to update and patch the vulnerability

Customers can download the update on the company’s website, regardless of…

Source…

SonicWall Partners On High Alert After Hack Exposes Tool Flaw

/in


SonicWall’s 21,000 channel partners had a very long weekend after the company admitted a sophisticated cyberattack against its internal systems had revealed zero-day product vulnerabilities.

Silicon East President Marc Harrison and two of his employees put in 36 hours of work Saturday and Sunday with almost no sleep after the Milpitas, Calif.-based platform security vendor disclosed it was hacked in at 11:15 p.m. ET Friday. The Marlboro, N.J.-based partner has 17 customers with 800 users on versions of the NetExtender VPN client or SMA 100 product that were initially reported compromised.

Harrison said Silicon East spent between four and six hours Saturday turning off SSL-VPN connections for all impacted users, and ended up working until 2 a.m. ET Sunday. Then at 10:45 p.m. ET Saturday, SonicWall updated its guidance to tell customers that NetExtender didn’t have a zero-day vulnerability after all, and that only its Secure Mobile Access (SMA) 100 series product remains under investigation.

[Related: SonicWall Breached Via Zero-Day Flaw In Remote Access Tools]

As a result, Harrison and his associates returned to work Sunday morning to re-enable SSL-VPN access for the 14 customers and more than 400 employees at organizations using only NetExtender but not SMA 100. But given how extensively SSL-VPN connections have been used for remote work during COVID-19, Harrison needed to help the three clients and 400 users who were being blocked from work.

“This has been extreme pain,” Harrison said. “People are annoyed and upset, but understand it could have been a lot worse if they had been breached.”

For Silicon East’s three SMA 100 customers, Harrison attempted to follow SonicWall’s guidance to use NetExtender for remote access with the SMA 100 series while disabling Virtual Office, but couldn’t figure out how to do it. Harrison tried unsuccessfully to reach SonicWall tech support for 12 hours Sunday, and finally connected with someone Monday who told him they also weren’t aware of any way to do this.

“The workaround SonicWall published Saturday night is not implementable,” Harrison said. He expected SonicWall would provide partners with more…

Source…