Thousands of SonicWall VPN devices are facing worrying security threats

An illustration of a hand holding a set of keys in front of a laptop, accompanied by a padlock symbol, fingerprint, and key.

(Image credit: Getty Images)

BishopFox scanned the internet for SonicWall VPNs and found hundreds of thousands that can be accessed via the internet
Tens of thousands were running old, vulnerable software versions
Some were past their end-of-life date, putting them at risk of attack

Tens of thousands of SonicWall VPN firewall platforms are vulnerable to different flaws, putting their users at risk of remote exploitation, data breaches, privilege escalation, and more.

Cybersecurity researchers at BishopFox scanned the internet with Shodan and BinaryEdge, and running proprietary scripts to analyze the returning data, discovered there were 430,363 endpoints exposed to the internet.

While this doesn’t necessarily mean they’re vulnerable, endpoints such as these ones should not be connected to the wider internet to begin with, since it means crooks could try to access them and look for holes.

End of life

"The management interface on a firewall should never be publicly exposed, as this presents an unnecessary risk," BishopFox said in its report. "The SSL VPN interface, although designed to provide access to external clients over the internet, should ideally be protected by source IP address restrictions."

Drilling deeper, BishopFox found that almost 120,000 endpoints were running versions affected by serious vulnerabilities, including 25,485 endpoints with critical severity flaws, and 94,018 endpoints with high severity bugs. Furthermore, they said that 20,710 endpoints were running versions of the software that are no longer supported by the vendor.

This presents a rather large attack surface that threat actors can exploit. SonicWall SSL VPN devices are often targeted in different campaigns, including the recent strikes by both Fog and Akira ransomware groups. These threat actors were abusing flaws to gain initial access to corporate networks, where they later deployed ransomware encryptors and wreaked havoc across enterprise infrastructure.

To tackle the threat, businesses should make sure they are always running the latest versions of their software, and that their endpoints are still supported by their respective vendors.

Via BleepingComputer

Sneaky malware abuses CAPTCHA to bypass browser protections
Here's a list of the best antivirus
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.