Main menu

Pages

Windows PCs targeted for Sophos firewall zero-day attacks


Windows PCs targeted for Sophos firewall zero-day attacks


According to a Sophos report, Windows PCs using the company’s XG firewall were recently a target for ransomware injection. The Sophos firewall zero-day attacks fall within the scariest category for several reasons.

As with all zero-day exploits, the cybersecurity firm had just discovered a security flaw in its firewall product. That also means the corporate didn't have a fix available to supply affected users.
In such a scenario, the corporate is racing against both time and hackers actively trying to take advantage of the software vulnerability.
There is excellent news beginning of the whole ordeal, however. Sophos beat the attackers twice.

Sophos firewall zero-day attacks

The first phase of the attack happened toward the top of April. That was after a nasty actor had discovered they might breach the Sophos firewall by remotely injecting an SQL script.
They deployed a Trojan into a database after successfully exploiting the firewall’s RCE loophole.

From the breached Windows machines, they were ready to access and retrieve differing types of knowledge . The stolen info included the license and serial number of the firewalls and email addresses related to user accounts stored on the PCs.
They were also ready to obtain the names and usernames of the affected firewall users.
Too bad for the hackers, they stole encrypted Sophos user passwords! they might have used the stolen the info to breach the remainder of the network.

But after Sophos discovered the zero-day vulnerability, they issued hotfixes, which secured the targeted firewalls.
Still, the attackers made a second move aimed toward unpatched Windows devices. Sophos foiled the next attempts too.

within the hours after Sophos issued hotfixes that secured firewalls targeted by unknown threat actors, the attackers pivoted to a replacement phase of the attack, adding new components—including files intended to spread ransomware to unpatched Windows machines inside the network. Unfortunately for the threat actors, the hotfixes also prevented the next attempted attacks.

You can minimize your machine’s exposure to Sophos firewall zero-day attacks and similar threats by installing the newest version of all software running on your Windows 10 computer.

Also, make certain to put in up-to-date security fixes from your vendor.



Comments