SonicWall has admitted that it's been the target of a cyber attack which saw hackers take advantage of zero-day vulnerabilities in its secure remote access products.
The network security provider issued a statement confirming the incident after being contacted by SC Media, which received an anonymous tip that SonicWall's systems had been breached.
The company stated that it had “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products”.
The company didn’t specify when exactly the incident took place. IT Pro contacted SonicWall for a timeline of the attack but is yet to receive a response from the company.
Over the weekend, SonicWall issued an additional statement which ruled out that its NetExtender VPN Client product had been compromised, adding that the only products to remain under investigation are from the SMA 100 series which “provide Secure, Mobile and Remote Access” to SMBs.
However, SonicWall clarified that, despite the investigation, all “SMA 100 series products may be used safely in common deployment use cases”.
The company also said that it “fully understands the challenges previous guidance had in a work-from-home environment, but the communicated steps were measured and purposeful in ensuring the safety and security of [its] global community of customers and partners”.
“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations,” it added.
Despite a decline in the number of security incidents, the last year was deemed as the worst for data breaches on record.
The news of the incident comes months after SonicWall released patches for a critical vulnerability in the SonicOS operating system, which is responsible for running SonicWall virtual private network (VPN) appliances.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Making sense of a quickly evolving ZTNA marketWhitepaper New insights from the Enterprise Strategy Group
-
Advancing your risk management maturityWhitepaper A roadmap to effective governance and increase resilience
-
The top zero trust use casesWhitepaper The challenges organizations solve to reduce risk and cost
-
Modernising identity for a secure, agile hybrid workforceWhitepaper Pave the way towards a modern, secure, efficient, and sustainable hybrid workplac
-
The Okta hybrid work report 2023Whitepaper How European leaders are building long-term strategies for hybrid working
-
Defending against malware attacks starts hereWhitepaper The ultimate guide to building your malware defence strategy
-
The global use of collaboration solutions in hybrid working environmentsWhitepaper How companies manage security risks
-
Research: Luxury cars and emergency services vehicles vulnerable to remote takeoverNews A "global API issue" has been highlighted through months-long research into brands such as Ferrari and Mercedes-Benz, leaving owners open to hacking, account takeovers, and more
