Windows PCs targeted for Sophos firewall zero-day attacks

Don Sharpe
by Don Sharpe
Author
Loading Comments
Download PDF

  • According to a Sophos report, Windows PCs using the company’s XG firewall were recently a target for ransomware injection.
  • Sophos delivered hotfixes and repulsed the cyber attacks twice.
  • Visit the News page to for more enlightening updates.
  • Hacking threats are a persistent problem. Feel free to check out our cybersecurity section to stay up-to- date. 
Hacker

According to a Sophos report, Windows PCs using the company’s XG firewall were recently a target for ransomware injection. The Sophos firewall zero-day attacks fall in the scariest category for many reasons.

As with all zero-day exploits, the cybersecurity firm had just discovered a security flaw in its firewall product. That also means the company did not have a fix on hand to offer affected users.

In such a scenario, the company is racing against both time and hackers actively trying to exploit the software vulnerability.

There is good news coming out of the entire ordeal, however. Sophos beat the attackers twice.

Sophos firewall zero-day attacks

The first phase of the attack took place toward the end of April. That was after a bad actor had discovered they could breach the Sophos firewall by remotely injecting an SQL script.

They deployed a Trojan into a database after successfully exploiting the firewall’s RCE loophole.

From the breached Windows machines, they were able to access and retrieve different types of data. The stolen info included the license and serial number of the firewalls and email addresses associated with user accounts stored on the PCs.

They were also able to obtain the names and usernames of the affected firewall users.

Too bad for the hackers, they stole encrypted Sophos user passwords! They could have used the stolen the data to breach the rest of the network.

But after Sophos discovered the zero-day vulnerability, they issued hotfixes, which secured the targeted firewalls.

Still, the attackers made a second move aimed at unpatched Windows devices. Sophos foiled the subsequent attempts too.

In the hours after Sophos issued hotfixes that secured firewalls targeted by unknown threat actors, the attackers pivoted to a new phase of the attack, adding new components—including files intended to spread ransomware to unpatched Windows machines inside the network. Unfortunately for the threat actors, the hotfixes also prevented the subsequent attempted attacks.

You can minimize your machine’s exposure to Sophos firewall zero-day attacks and similar threats by installing the latest version of all software running on your Windows 10 computer.

Also, be sure to install up-to-date security fixes from your vendor.

Do you have any questions or suggestions about OS or firewall security? You’re welcome to leave your feedback in the comments section below.