WBM Protects Clients from SonicWall Vulnerability

SASKATOON, SK – February 12, 2021  – When SonicWall experienced a zero-day vulnerability in its remote access equipment, WBM’s managed IT services team took immediate action to protect clients across Western Canada. Locking down vulnerable equipment and then implementing workarounds kept clients safe while enabling them to continue working.

SonicWall updated its customers with an urgent advisory on January 22, warning that attackers had compromised its Secure Mobile Access (SMA) 100 appliance along with its NetExtender VPN client. These products enable remote users to access a company’s network, making them especially critical during the pandemic when most employees are still working from home.

The attack was sophisticated, using a zero-day vulnerability. These are difficult bugs to find. Attackers hoard them, only using them with high-value targets. When they use them, there is no immediate software patch to fix a system. Instead, customers must often apply a series of workarounds until the manufacturers can update their product. That can be difficult for those without adequate in-house resources.

SonicWall’s advisory listed several immediate measures for customers to take, but it arrived at 11pm on a Friday evening. That left many of its customers defenceless at least overnight, if not for the entire weekend or more.

WBM’s managed security team works 24 hours a day, 7-days a week, so that it can deal with situations like these. It took action to protect its clients immediately. Data and Security services manager Chris Zimmer immediately sent the notification to WBM’s Central Services manager Patrick Garman, who found 11 WBM clients at risk from the vulnerability.

“He and I immediately got on a call together and, based on the information we had at the time, disabled VPN connectivity and services on affected devices,” Zimmer recalled. The team also turned off the remote connection to customers’ SonicWall firewalls for extra protection and implemented client communications procedures to rapidly notify those customers of their actions.

Having protected clients from any immediate attack, WBM was able to spend the weekend reintroducing functionality safely for its customers. The next morning it gathered a response team to investigate the situation further and monitor for any new advisories from SonicWall.

The manufacturer updated its advisory, stating that the NetExtender client was not affected after all. That enabled WBM to reactivate those devices for its clients, leaving just one affected SMA client.

“Over the weekend the technicians were able to implement a workaround for that company to prevent business disruption,” said Zimmer. That involved whitelisting almost 100 IP addresses so that the client’s employees would only be able to access the system from known locations.

The client had peace of mind knowing that their security services were in place. “It helps a lot to know we have a partner watching over us, and to know that in these type of situations they have the scale and expertise to react when we can’t,” it said.

For additional details from SonicWall, you can access the company’s advisory here.

If you would like to speak with WBM, contact us for more information.