SonicWall NetExtender VPN Client and SMA 100 Zero-Day

Cyber Security Threat Advisory
25th January 2021

*Update 1/25: From SonicWall, “While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners. Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.”

Threat Update

SonicWall has released a statement regarding their investigation into a “coordinated” attack against their internal network that they believe made use of zero-day vulnerabilities in their remote access point products.

Technical Detail & Additional Information

What Is The Threat?

The statement released by SonicWall does not offer a detailed account of the breach or the vulnerability, however they do state that they believe the attackers utilized zero-day vulnerabilities for their NetExtender VPN Client and Secure Mobile Access platforms. These platforms are used by enterprise environments to secure access to their internal networks, so any unreported and unpremeditated vulnerabilities represent a significant security risk for any enterprise that utilizes their products. They also do not reveal any information about the nature of the breach and how their network was affected.

In their coverage of the incident, ZDnet reports that, “Multiple sources in the threat intel community told ZDNet after the publication of this article that SonicWall might have fallen victim to a ransomware attack”. This has not been substantiated by SonicWall at this time.

What Is The Exposure Or Risk?

Affected Devices:

  • NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls.
  • Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance.

According to SonicWall, the SMA 1000 series is NOT susceptible to this vulnerability.

What Are The Recomendations?

At the time of writing this advisory, SonicWall has not released any patch fix for the suspected zero-day vulnerability, however, they do recommend enabling MFA across all their devices. They have also provided the following remediations for each affected platform version:
SMA 100 Series: This product remains under investigation for a vulnerability, however we can issue the following guidance on deployment use cases: 

  • Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.
  • We advise SMA 100 series administrators to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet while we continue to investigate the vulnerability.

References:

For more in-depth information about the recommendations, please visit the following links:

Advisory Source: https://getskout.com/cybersecurity-threat-advisory-0003-21-sonicwall-netextender-vpn-client-and-sma-100-zero-day/

NetUtils New Managed Services Offers Enterprise Grade Cyber Security For Smaller Businesses Budgets

UK’s most qualified cyber security provider launches four new managed service bundles to help businesses gain enterprise class technologies at SME per user pricing

Kent, United Kingdom – 9th, December 2020, NetUtils, a leading IT specialist has launched a new, highly integrated managed cyber security services portfolio to help businesses gain enterprise class protection at competitive price points to suit small and medium sized organisations.

The new four tier bundles combine between 4 and 16 cyber security services ranging from Endpoint Protection and Email Security all the way up to fully fledged SOC services with prices starting at just £8 per user per month.

With a heritage spanning over 27 years, NetUtils is one of the UK’s longest serving specialist integrators of network, security and data solutions for enterprise, telco, MSPs and ISPs. Today, it serves over 400 enterprise and service provider clients including many listed within the FTSE 100. NetUtils has built a reputation for technical excellence and is the most certified Juniper Networks partner in Europe and maintains over 420 industry and vendor accreditation within its team including CISSPs and CISMPs, Fortinet’s NS7, and Juniper JNCIPs. Netutils is also ISO 9001 and ISO 27001 registered and a Crown Commercial Service supplier.

“Managed security services provide a huge array of benefits for our enterprise customers yet have tended to be outside of the price range of smaller business that are just as likely to be attacked by cyber criminals,” says Ashok Thomas, CEO for NetUtils. “By building a set of integrated managed security services, using multiple vendors along with our own 24/7 teams, we are typically able to deliver our bundles at an overall cost that is between 40% to 70% less than a small business trying to buy and implement all of the separate solutions – and that’s even before staffing costs.”

The new managed security services also aim to address the significant skills shortage that UK   businesses face in recruiting and retaining skilled cyber security professionals. A problem highlighted by the 2020 ISACA’s Global State of Cybersecurity that found 62% of respondents indicated that their organisation’s cybersecurity team is either somewhat or significantly understaffed.

One of the first organisations to sign up for the new managed service is London based Polar Capital, a specialist investment fund manager. As Mike Catlin, CTO explains, “In the past, we have run some of the elements within the NetUtils managed service in-house but the cost of the hardware, licensing fees and difficulty in finding staff with strong cyber security skills has been a real challenge.  NetUtils helped us setup our existing IT systems and the new managed services provide us with better cyber security protection backed by a skilled team and for a lower cost.”

NetUtils has invested over £1.2 million adding more staff, enhanced training, and additional data centre capacity to deliver the new cyber security services. As David Bundock, COO for NetUtils explains, “Our aim is to offer the same level of professionalism and technical expertise that our current clients receive to a wider range of organisations that are keen to focus on their core business – while letting a trusted partner take care of the security burden.”

As part of the launch, NetUtils are offering a free Dark Web scan to any organisation to evaluate areas of risk around security credentials and the potential benefits of moving to its managed services model. For more information, please visit https://netutils.com/dark-web-id-lp/

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries:

Kara Jenkinson

Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

w: http://www.netutils.com

NetUtils Named A Supplier on Crown Commercial Service’s Framework

Kent, United Kingdom – November 2020, NetUtils have been named as a supplier on Crown Commercial Service’s (CCS) Technology Products Catalogue framework.

NetUtils, a leading cyber security and managed services provider have recently announced they are to feature as a supplier on the Crown Commercial Services Technology Online Purchasing Content Framework. NetUtils are now able to provide their wide and diverse portfolio of cyber security and networking products and services via the platform.

The Technology Online Purchasing platform gives buyers a flexible, cost effective and efficient route to buy a range of technology products through an online catalogue. It is available to the UK public sector and their associated bodies and agencies.

Ashok Thomas, Chief Executive Officer, NetUtils said: “With continuously shrinking budgets and the growing IT skills gap the need to be on frameworks supports our vision in helping public sector procurement and gives them a trusted commercially aware partner to work with now and in the future.”

About Crown Commercial Service

Crown Commercial Service supports the public sector to achieve maximum commercial value when procuring common goods and services. In 2019/20, CCS helped the public sector to achieve commercial benefits worth over £1bn – supporting world-class public services that offer best value for taxpayers.

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

Network Utilities joins Nokia Global Partner Program

Kent, United Kingdom – October 2020, Network Utilities today announced it has signed a channel partner agreement with Nokia.

As a result of this relationship, Network Utilities will market, distribute and service Nokia’s product line of AAA services and cyber security products.

Ashok Thomas, Chief Executive Officer, Network Utilities said: “Network Utilities is delighted to be partnering with Nokia to bring its AAA and cyber security solutions to our customers. We feel Nokia is the perfect partner to bring the breadth of experience and end-to-end solutions needed to help customers secure themselves against today’s ever evolving threats.”

Phil Siveter, Head of Enterprise UK&I, Nokia said: “The Global Partner Program is important to Nokia as it gives us a route into new and exciting enterprise customers. We are pleased to welcome Network Utilities to the Nokia Global Partner Program to drive growth and establish new customer relationships together.”

About Network Utilities

Network Utilities are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 25-years history and over 400 enterprise and service provider clients. Network Utilities represents a great vehicle to share Nokia’s formidable capability traditionally housed in the telco arena with its enterprise customers.

Network Utilities Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

Why Are So Many Organisations Turning to Managed Security Service Providers?

The technology industry is one that never stands still, but the cyber and security space specifically are even more fast paced than most other sectors of the industry. This in many cases can be attributed to the fact that the activities of cyber criminals are squarely focused on breaching enterprise security defences, because this is how they generate their income. Put simply your business is their primary target.

The pressures on IT operations, compliance and security posture are immense. Organisations constantly have to navigate the complexities of industry jargon and trends to keep abreast of the latest offerings and figure out the best fit for their business. This can be a full-time job in itself. But if IT is not your core business, then why should you burden yourself with managing it yourself?

The very nature of a Managed Security Service Provider (MSSP) is to alleviate the pressure by allowing you as a company to spend your time focusing on your core business, customers and innovation, in the knowledge that the necessary tasks that are required to keep your company safe and operational are in hand with the experts.

The Experts

An MSSP is a specialist, who’s core business is IT. As a result, you’re leveraging the expertise of a bigger team, who are up to date in all areas, that is, not just on general industry knowledge or the threat landscape, but also on the specific solutions and applications deployed within your business. It’s our responsibility to make sure the tools we use and the services we provide are always best of breed.

We spend the time and investment to train our teams, to get certified and fully compliant. We spend the time working closely with our vendor partners to understand the best ways of installing and using their products. We spend the time evaluating new and innovative solutions to the market.

We put in all the hard work, so you don’t have to.

Proactive Operational Efficiency

Managing the daily IT related tasks of most organisations can take most of the working day. Focusing on continuous improvements to revenue generating business critical tasks as well as customer service improvements, is what in many businesses determines their bottom line. It should not be surprising to learn therefore that most IT related operational improvements and security tasks can often be relegated to the back of the line. As long as things are working, then in many cases businesses are content and happy to focus their attentions elsewhere. Until of course something goes wrong.

By outsourcing the important IT operational management tasks to a trusted MSSP, you are ensuring that your IT environment remains operational at all times, because it is the responsibility of your provider to take care of security advisory notices, security patching, configuration management, access management, performance management, availability management, audit management and many other mundane but absolutely essential tasks to maintain a highly available and secure infrastructure. It’s our responsibility to be proactive on your behalf rather than reactive.

Speed of Implementation

It is no secret that there is a growing trend for many companies to outsource certain services, be that networking, telecommunications, cloud or security services. Besides the obvious cost savings and controls it affords, it certainly also helps free up internal resources and time. But there is one other major reason why MSSP services are being consumed at quite a staggering rate and that is speed.

Speed of implementation, widely known as how fast one can act on an idea, strategically or tactically, is often times what can set you apart from your competition. With the massive growth of cloud adoption and the improvements in its capabilities, we see a huge increase in the abilities of an MSSP to provision and deliver services to customers that would have previously taken weeks or months in only days and even hours in some cases. The reason for this is often that the provider has already provisioned its service capabilities ahead of time, so the service is simply ready to onboard new customers as and when they are ready. This of course takes a lot of planning and forethought on the part of the MSSP in order to be able to offer these ready to go services, so it can be said that the customers speed of implementing a new or replacement service is directly related to that provider taking earlier action.

We’ve launched 4 new managed service bundles to help small and medium sized businesses gain enterprise class technologies and services wrapped up in a per user per month price.

Priced from as little as £8 per user per month it’s never been easier or more cost effective to have the big tech normally out of reach to smaller businesses. These bundles combine between 4 and 16 cyber security services ranging from Endpoint Protection and Email Security Gateway all the way up to a fully-fledged SOC.

[Webinar On-Demand] Security Awareness During Times of Disruption

A recent report reveals a massive 667% increase in spear-phishing attacks due to the current pandemic, with over 9000 phishing attack campaigns, related to COVID-19, being detected in March versus just over 1100 in February and only 137 in January. These attacks are taking on all forms including; brand impersonation, business email compromise, scams and even blackmail. *

Organisations like yours have asked traditional office-based employees to work from home. The potential for cyber criminals to get your users to react to these types of spear-phishing attacks is high due to the coronavirus theme being exploited and all organisations need to ensure their users remain vigilant.

Is your newly formed remote workforce armed with the knowledge to keep themselves and your network safe? Watch our webinar below and learn:

  • About the tactics the bad guys are using now to exploit COVID-19
  • Why remote workers are an easy target for cyber criminals
  • How to enable your last line of defence with tools and training
  • Why security awareness training is critical within your security strategy

Now more than ever Security Awareness Training is vital for your remote employees and your network.

* Source: Barracuda Sentinel [https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/]

2020 Phishing by Industry Benchmarking Report from KnowBe4

As cybercrime continues to surge, security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment. Many organisations fall into the trap of trying to use technology as the only means of defending their networks and forgetting that the power of human awareness and intervention is paramount in arriving to a highly secured state.

Every security leader faces the same conundrum: even as they increase their investment in sophisticated security orchestration, cybercrime continues to rise. Security is often presented as a race between effective technologies and clever attack methodologies. Yet there’s an overlooked layer that can radically reduce an organisation’s vulnerability: security awareness training and frequent simulated social engineering testing.

Verizon’s 2019 data breach investigation report shows that phishing remains the #1 threat action used in successful breaches linked to social engineering and malware attacks.

These criminals successfully evade an organisation’s security controls by using clever phishing and social engineering tactics that often rely on employee naivety. Emails, phone calls and other outreach methods are designed to persuade staff to take steps that provide criminals with access to company data and funds.

Each organisation’s employee susceptibility to these phishing attacks is known as their Phish-Prone™ percentage (PPP). By translating phishing risk into measurable terms, leaders can quantify their breach likelihood and adopt training that reduces their human attack surface.

Do you know how your organisation compares to your peers of similar size? Download the KnowBe4 benchmarking report to find out! 

You will learn more about:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

Exponential growth of COVID-19 themed phishing attacks. Are your users prepared?

A new report reveals a massive 667% increase in spear-phishing attacks due to the current pandemic, with over 9000 phishing attack campaigns, related to COVID-19, being detected in March versus just over 1100 in February and only 137 in January. These attacks are taking on all forms including; brand impersonation, business email compromise, scams and even blackmail. *

Many organisations like yours have asked traditional office-based employees to work from home and while technology allows that to happen, is your newly formed remote workforce armed with the knowledge to keep themselves and your network safe?

The potential for cyber criminals to get access to your users and to elicit a response to these types of spear-phishing attacks is high due to the coronavirus theme being exploited and all organisations need to ensure their users remain vigilant.

Now more than ever Security Awareness Training is critical for your remote employees.

  • Cyber-attacks focus on employees as targets – Phishing attacks remain the single-most used attack vector to allow the bad guys direct access to your organisation’s endpoints, credentials, applications, and data. If a phishing email is presented to one of your employees, it means your security solutions haven’t detected it as malicious, leaving the employee to be your last line of defence.
  • Employee’s aren’t thinking about organizational security – Think about it; your average remote worker is sitting at a make-shift desk, trying to balance helping their kids with distance learning assignments and attending online meetings. They’re learning new digital workplace platforms, applications, and processes before they even shower for the day. Security is the last thing on an employee’s mind.
  • Attacks and scams are increasingly aligning with remote working – Cybercriminals conjure up scams that seem familiar to users. The use of shipping, billing, and banking stories, as well as the use of impersonated domains, business, and people, all have traditionally worked in favour of the bad guy. But, new scams are being moulded around the current work circumstances. For example, we’ve recently seen the massive growth in Zoom-related attacks simply because of Zoom’s increase in popularity for business use. Organisations should expect this to trend.

*Source: Barracuda Sentinel https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/

Secure Remote Access Emergency Readiness – Top Tips

How to ensure business resiliency, user productivity and security

Many circumstances and compliance obligations require organisations to activate or rapidly extend remote access capabilities as part of a business continuity strategy.  Beyond impacting user productivity, this emergency workplace shift can stress IT infrastructure and operations. With advanced planning, crises that require immediate, increased and varied remote access capacity should not increase threat exposure, cyberattack and data leakage risks.

Top Tips

Here are some important Secure Access Emergency Readiness tips to ensure business continuity, operational efficacy and protected accessibility.

Understand your remote access needs in terms of users, applications and resources in order to assess respective physical, virtual or user-based connection capacity and throughput. 

Identify key applications and resources, whether on-premises or cloud, that will require increased capacity and apply to an emergency capacity plan. 

Explore application and security tool license and capacity shifting options set in advance with your vendors to handle burst utilisation. 

Review and maintain application, data and role mapping to ensure users only access the resources they need, and have processes in place to quickly respond to user or role escalation and ad hoc privileged access and revocation. 

Consider virtual and cloud environment deployment and clientless mode to allow for more rapid on-demand deployment and scalability. 

Establish Disaster Recovery (DR) sites to provide secure access services in case of a primary site outage or failure and explore Secure Access solutions’ DR options for active/active or active/ passive modes. 

Build, publish and review emergency remote work guidelines, resources and communications. 

Activate advanced secure access usability features for streamlined access, such as: always-on, per-application and simultaneous tunneling, configuration lock down, clientless operation and online portals. 

Ensure emergency means to simulate on-premise access, including Layer-3 access to a specific subnet, HTML5 access to local machines, or Virtual Desktop Infrastructure by privileged users and technicians. 

Enforce endpoint compliance policy and activate self-remediation capabilities to reduce phishing and ransomware threats introduced by increased remote users and potential vulnerable devices. 

Invoke mobile device security options, such as mobile VPN, device security, segregating corporate apps and information, and data encryption to allow for broader for corporate and personal device use. 

Utilise Adaptive Authentication and User Entity Behaviour Analytics (UEBA) to better understand and react to new user/device usage, as well as unwanted and anomalous activity. 

Leverage usage analytics, bandwidth “throttling” and optimised gateway selection capabilities to better distribute workloads and to deliver “essential” applications to users without performance degradation. 

In a world where natural and man-made disasters occur, we want to help keep your business running effectively and securely so you can focus on what’s really important – and keeping your employees, friends, and family safe. If and when these unplanned events and disasters intensifies, organisations must adjust for increased stay, connect and work from home mandates. Beyond impacting user productivity, this emergency workplace shift can stress IT infrastructure and operations.

Download the Pulse Secure Solution Brief

Download the Secure Remote Access Emergency Readiness Solution Brief here to get these important tips to ensure business resiliency, user productivity, and continued secure access.

[Webinar On-Demand] Social Engineering. Is the Worst Yet to Come?

Did you know that 77% of successful social engineering attacks start with a phishing email?

Social engineering attacks include phishing, spear phishing, CEO fraud, ransomware and more. Learn about different attack methods and how you can manage this ongoing problem in your organisation.

Watch our webinar on-demand to discover:

  • Common techniques used by hackers
  • Real world examples
  • Social engineering red flags
  • How to prevent attacks

There’s no substitute for preparation when it comes to dealing with cybercriminals, take the steps needed to future proof your organisation against these types of attacks.

Social engineering tip sheet

The below infographic will show your users what to watch out for in emails. We highly recommend you print it out, it’s a great at a glance reminder.

Download the Security Awareness Training datasheet to discover more!