Details about the nature of the vulnerability have not been made public to prevent other threat actors from studying it and launching their own attacks.
Looking at this issue for Digital Journal is Troy Gill, Threat Hunter and Security Research Manager at Zix I AppRiver.
Troy Gill places the latest incident in the context of other major security breaches. Here he notes: “The SonicWall hack is just one the latest in a string of zero-day vulnerabilities targeting email security solutions.”
A zero-day refers to a computer-software vulnerability which is unknown to those who should be interested in its mitigation. This often applies to newly released software. The danger is that until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.
Gill continues: “For customers and others impacted by any zero-day vulnerabilities, it is imperative that security teams not only complete the necessary solution patching, but that they also conduct a security audit in order to identify, isolate, and mitigate any additional threats.”
Gill outlines some of the things that can be done. Recommendations include: “Changing admin rights and user passwords, and implementing multi-factor authentication should also be built into organizations’ best practices and incident response recovery plans.”
Looping back to the incident at hand, Gill states: “The SonicWall attack is also a proof point for organizations still using legacy, on-premise solutions or applications that have reached end-of-life to consider migrating to newer, more secure solutions in the cloud with auto patching capabilities.”
Gill ends by suggesting: “A final best practice would be the implementation of a backup solution so in the event of a compromise, you can still access your business critical data.”