In the last 72 hours, a wave of cyberattacks has targeted SonicWall Gen 7 firewalls with SSLVPN enabled, prompting emergency advisories from SonicWall and top cybersecurity firms including Arctic Wolf, Google Mandiant, and Huntress. The situation is rapidly evolving, and the threat is active and escalating.
What’s Happening?
Attackers are exploiting vulnerabilities in SonicWall’s SSLVPN service, potentially bypassing authentication and gaining unauthorized access. It’s unclear whether this is a known exploit or a new zero-day vulnerability.
What You Must Do – Right Now
If your organization uses Gen 7 SonicWall firewalls, take these critical steps immediately:
- Disable SSLVPN if possible.
- Restrict access to trusted IP addresses only.
- Enable Botnet Protection and Geo-IP Filtering.
- Enforce Multi-Factor Authentication (MFA) for all remote users.
- Audit user accounts and remove any that are unused or unnecessary.
- Strengthen password policies across the board.
These actions are essential to reduce exposure and stay ahead of this fast-moving threat.
Ongoing Investigation
SonicWall is:
- Collaborating with external threat research partners.
- Preparing updated firmware and guidance if a new vulnerability is confirmed.
- Providing real-time updates via their official support channels.
Sure Systems Is Here to Help
Our cybersecurity team is on standby to assist with:
- Firewall audits
- MFA implementation
- Threat response and remediation
If you’re a Sure Systems customer, no worries! We already got you covered. For anyone interested in a free consultation to assess your current IT environment, please don’t hesitate to reach out to us.
