- BishopFox scanned the internet for SonicWall VPNs and found hundreds of thousands that can be accessed via the internet
- Tens of thousands were running old, vulnerable software versions
- Some were past their end-of-life date, putting them at risk of attack
Tens of thousands of SonicWall VPN firewall platforms are vulnerable to different flaws, putting their users at risk of remote exploitation, data breaches, privilege escalation, and more.
Cybersecurity researchers at BishopFox scanned the internet with Shodan and BinaryEdge, and running proprietary scripts to analyze the returning data, discovered there were 430,363 endpoints exposed to the internet.
While this doesn’t necessarily mean they’re vulnerable, endpoints such as these ones should not be connected to the wider internet to begin with, since it means crooks could try to access them and look for holes.
End of life
“The management interface on a firewall should never be publicly exposed, as this presents an unnecessary risk,” BishopFox said in its report. “The SSL VPN interface, although designed to provide access to external clients over the internet, should ideally be protected by source IP address restrictions.”
Drilling deeper, BishopFox found that almost 120,000 endpoints were running versions affected by serious vulnerabilities, including 25,485 endpoints with critical severity flaws, and 94,018 endpoints with high severity bugs. Furthermore, they said that 20,710 endpoints were running versions of the software that are no longer supported by the vendor.
This presents a rather large attack surface that threat actors can exploit. SonicWall SSL VPN devices are often targeted in different campaigns, including the recent strikes by both Fog and Akira ransomware groups. These threat actors were abusing flaws to gain initial access to corporate networks, where they later deployed ransomware encryptors and wreaked havoc across enterprise infrastructure.
To tackle the threat, businesses should make sure they are always running the latest versions of their software, and that their endpoints are still supported by their respective vendors.
Via BleepingComputer
You might also like
- Sneaky malware abuses CAPTCHA to bypass browser protections
- Here’s a list of the best antivirus
- These are the best endpoint protection tools right now