SonicWALL Vulnerability Traded on Dark Web: A Dire Risk for Corporate network in Bangladesh

SonicWALL SSL-VPN is a product developed by SonicWALL, a network security company. SSL-VPN (Secure Socket Layer Virtual Private Network) allows secure remote access to an organization’s internal network and resources over an encrypted SSL connection. This type of VPN is particularly useful for providing employees and partners with secure access to internal applications and data from remote locations. 

SonicWALL SSL-VPN Exploit Details

A hacker has advertised an exploit targeting SonicWALL SSL-VPN systems for $1000. This exploit purportedly allows attackers to bypass two-factor authentication (2FA) and access records from the RADIUS base, leading to unauthorized access to sensitive information.

Capabilities of the Exploit:

1. Bypasses 2FA, compromising a key security measure.
2. Accesses RADIUS base records to retrieve sensitive data.

Additional incentive, the seller is offering bonus items with the purchase:

1. Dorks for IP search
2. A list of IP addresses

Exposed Information Includes:

1. User cookies
2. Login credentials
3. Passwords
4. Domain information
5. Active Directory Rules details

Previous SonicWALL Exploits

SonicWALL has been targeted by various exploits in the past. Some notable incidents include:

2021 SonicWall Breach: Hackers exploited zero-day vulnerabilities in SonicWall’s SMA 100 series VPN appliances, leading to unauthorized access and data breaches.

2019 Vulnerability: A critical vulnerability in SonicWall’s Secure Mobile Access (SMA) and Secure Remote Access (SRA) products was discovered, which could allow attackers to execute arbitrary code and gain control over the affected systems.

These incidents underscore the importance of promptly addressing security vulnerabilities and maintaining up-to-date patches for all network security products.

How Bangladesh Corporates Can Be Compromised

There are more than a million of users compromised by the info stealer and those users’ data sold on the dark web. This includes sensitive information from corporate, financial, government organizations.

Hackers can leverage these stolen credentials in conjunction with the SonicWALL SSL-VPN exploit to access classified information and conduct data breaches. Furthermore, this access can be used to launch ransomware attacks against organizations.

To mitigate these risks, it is crucial for organizations to remain vigilant and continuously monitor their Security Information and Event Management (SIEM) systems and Security Operations Center (SOC) for any suspicious activity, 24/7.