An investigation is currently underway after network security provider SonicWall became the latest cybersecurity vendor to confirm a breach on its systems. Allegedly, attackers were able to exploit a vulnerability in the company’s products to access its internal network.
On January 22nd, SonicWall revealed in a report that it had “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
In the most recent update on January 23rd, SonicWall has confirmed that after continued investigation, the following products have not been affected and require no further action from customers or partners:
NetExtender VPN Client
SMA 1000 Series
SonicWave Access Points
However, the product with an investigation still currently underway is the SMA 100 Series. SonicWall explains, “This product remains under investigation. However, SMA 100 series products may be used safely in common deployment use cases. For details on these use cases and further mitigation steps, please read: https://www.sonicwall.com/support/product-notification/210122173415410.”
A Growing Trend
In recent months, more and more security vendors are revealing that they’ve experienced a breach. These include FireEye, Microsoft, Malwarebytes, and others that were affected by the SolarWinds supply chain attack. The massive SolarWinds campaign targeted many US governmental agencies and businesses, and the total victims are still being determined.
However, these increased reports don’t necessarily mean that cybersecurity vendors are being targeted more frequently – their access and permissions have always made them prime targets for attacks. It likely just means that they are opting for a more transparent approach. Whether that be for compliance reasons or to keep the public aware of threats, their honesty will garner them the respect and admiration of their clients and the community.
Of course, that doesn’t mean they can relax. Just because an attack wasn’t as successful as it could have been doesn’t mean it shouldn’t be taken seriously. Attackers also use this as an opportunity to target the tools security vendors use to detect and defend against cyberattacks. If they manage to wear down the confidence in these tools, that could prove beneficial for them.
What This Means for Third-Party Risk
Security teams rely on their tools; however, they pose a risk for being such appealing targets due to their trust-based nature. The best thing to do for now is to maintain vigilance and set a standard that everyone can follow. One option is to use multiple vendors, so that in the event of another incident, you have a better chance of having a vendor that wasn’t affected.
Vendors, too, must act responsibly and maintain honest communication with their clients. Their response can make all the difference to a client. Immediately following an incident, they should be able to explain what happened, what was affected, how to mitigate and provide a timeline.
These are uncertain times in the cybersecurity space. However, we must remember the defense-in-depth strategy is the best way to deal with relentless vulnerabilities that seem to pop out of nowhere. Trusting one vendor or putting all your faith in one security appliance can no longer be an option if you’re looking to sleep at night. Businesses need to make sure they have vulnerability management programs and disaster recovery plans that are adaptable and can respond to a failure in one or more systems assigned to protect the environment.
Written by Elizabeth Dasenbrock
Elizabeth Dasenbrock is a marketer/graphic designer whose mission has always been to creatively express stories and ideas. Her skill set allows her to convey concepts to particular audiences in a visually appealing way. At TechGuard, she works on the marketing team with a focus on graphic design. In her free time, she can usually be found working on personal creative projects, tending to her houseplants, or spending time with friends and family.