SonicWall has recently issued a critical security advisory in response to a significant uptick in cyberattacks targeting its Generation 7 (Gen 7) firewalls, particularly those with the Secure Sockets Layer Virtual Private Network (SSLVPN) feature enabled. Over the past 72 hours, both internal monitoring and reports from external cybersecurity firms have highlighted this alarming trend.
The company is actively investigating these incidents to determine whether they stem from previously disclosed vulnerabilities or if they exploit new, unidentified flaws. SonicWall is collaborating closely with external threat research organizations, including Arctic Wolf, Google’s Mandiant, and Huntress, to analyze the attacks and identify their root causes. The company has committed to providing continuous updates as the investigation progresses and has pledged to release updated firmware and clear instructions promptly if a new vulnerability is confirmed.
In the interim, SonicWall strongly advises all customers using Gen 7 firewalls to implement immediate defensive measures to mitigate potential risks. The primary recommendation is to disable SSLVPN services wherever practical. For organizations where disabling SSLVPN is not feasible, SonicWall has outlined a series of crucial security steps:
– Restrict Access: Limit SSLVPN connectivity exclusively to known and trusted source IP addresses.
– Enable Security Services: Activate features such as Botnet Protection and Geo-IP Filtering to detect and block known malicious actors targeting SSLVPN endpoints.
– Enforce Multi-Factor Authentication (MFA): While enabling MFA for all remote access is a critical best practice to reduce the risk of credential abuse, SonicWall warns that some reports suggest MFA enforcement alone may not be sufficient to protect against the specific activity currently under investigation.
– Audit User Accounts: Administrators are urged to remove any inactive or unused local user accounts on the firewall, paying special attention to those with permissions for SSLVPN access.
– Practice Password Hygiene: Review all user accounts to ensure they adhere to strong password policies, with regular updates encouraged.
SonicWall emphasizes the importance of remaining vigilant and applying these mitigations without delay to safeguard against potential threats.
