Review their networks for the presence of affected SonicWall products.
The Australian Cyber Security Centre has issued an alert over SonicWall, a network and cyber security appliance vendor, reporting that ransomware activity is currently targeting their Secure Mobile Access (SMA) and Secure Remote Access (SRA) products. This ransomware activity is reported by SonicWall as abusing stolen credentials.
The ACSC is aware of stolen credentials affecting Australian organisations that were likely the result of vulnerable SonicWall devices being exploited.
The ACSC has previously issued an alert on a remote credential access vulnerability affecting SonicWall products.
Mitigation
Australian organisations should review their networks for the presence of affected SonicWall products which are outlined in the security notice from SonicWall. If vulnerable products are identified, Australian organisations should review and implement the recommended mitigations provided by SonicWall.
On 22 January 2021, cyber security vendor SonicWall identified an internal systems breach using a likely zero-day in the SonicWall NetExender VPN client and Secure Mobile Access (SMA) products. On 23 January 2021, SonicWall provided an updated stating that only the SMA 100 Series is potentially vulnerable and customers may continue to use the NetExtender component for remote access as it is not susceptible to exploitation.
SonicWall has released a patch for the now confirmed vulnerability within the SMA 100 series 10.x code. SMA 100 firmware prior to 10.x is unaffected by this vulnerability.
For information on the patch, affected devices and recommended mitigation advice, please refer to SonicWall product notification.