Have you heard about the recent breach at SonicWall?
In this episode of The Cybersecurity Insider hosted by Yigal Behar of 2Secure Corp, we examine the details of this coordinated attack on the networking device maker’s internal systems.
SonicWall Breach: Expert Analysis & Security Recommendations
Yigal discusses SonicWall, a security firm known for its firewalls and security products, which experienced a recent network breach. The breach occurred two days ago and affected a specific solution called SMA 100 through a zero-day vulnerability. While investigations are ongoing, there are indications that this was a sophisticated attack, possibly orchestrated by a nation-state.
SonicWall has issued the latest update as of January 28, 2021, detailing the affected products and providing user recommendations. SonicWall suspects that “highly sophisticated threat actors” exploited zero-day vulnerabilities in some of their secure remote access products.
Although only one product is officially confirmed as affected, Yigal advises all SonicWall users to take precautionary measures.
SonicWall first thought its NetExtender VPN and SMA gateways were affected, but later found only SMA 100 series devices might have a zero-day vulnerability. To help customers, they suggested using firewalls to restrict access to SMA devices or disabling NetExtender VPN access. They also advised using two-factor authentication for extra security.
Regardless of the specific product, Yigal recommends updating SonicWall devices with the latest firmware, changing admin passwords, and enabling multi-factor authentication. This will strengthen the security of privileged accounts and mitigate potential risks.
SonicWall also suggests enabling a geo-IP botnet location feature to block traffic from countries not relevant to the user’s business. They also recommend setting up stronger controls on devices that connect to your network. Even though there aren’t many details yet, Yigal says it’s best to follow these steps to improve your SonicWall security posture.
Additional Security Measures & Ongoing Updates
Yigal gives more tips on how to stay safe if you use SonicWall SMA 100. He recommends restricting access to the portal by limiting login durations and closely monitoring firewall traffic to identify any suspicious activity.
For users without a Security Information and Event Management (SIEM) system, Yigal suggests implementing one to enhance security monitoring capabilities.
Yigal says to reduce the risk, it’s important to limit who can access the SMA device. He suggests creating a list of trusted people or devices allowed to connect. By allowing SSL VPN connections only from known IP addresses, the risk of unauthorized access can be reduced.
While SonicWall’s initial recommendations have been updated since January 22nd, Yigal’s advice to prioritize vigilance and implement access restrictions remains relevant. He assures listeners that further updates on the situation will be shared as they become available.
Yigal says there are no further updates on the SonicWall breach since the last update on January 23rd.
If you have any questions about the topic (or anything cybersecurity-related), drop them in the comments section. Like and subscribe to The Cybersecurity Insider podcast, YouTube channel, Apple, and Spotify for more cybersecurity news and updates. If you need more personalized advice, please feel free to book a consultation with 2Secure. Let’s work together to keep your digital world safe.
