Sunday, June 7, 03:28
Home security The patch on Sophos XG firewalls prevented ransomware attacks

The patch on Sophos XG firewalls prevented ransomware attacks

Sophos XG firewalls

The company security Sophos published yesterday an update on its investigation into a recent series of attacks. In these attacks, The hackers they had tried to take advantage a zero-day vulnerability in XG firewalls. Sophos moved quickly as soon as she learned about them hacking attempts and issued one urgent repair. Apparently, the attackers panicked modified their attack. So they replaced the original theft payload data and tried to develop ransomware on corporate networks protected by Sophos firewall.

Sophos said the XG firewalls, which received the fix, blocked subsequent ransomware installation efforts.

A brief history of the initial attacks

The initial attacks took place between 22 and 26 April. In a report released at the time, Sophos said the attackers had discovered one SQL injection vulnerability (CVE-2020-12271) in Sophos XG firewall.

The hackers tried to exploit the vulnerability to attack the firewall's built-in PostgreSQL database server and install malware to the device.

The company said the original payload was one trojan (which he named Asnarök). The trojan stole usernames and passwords for Sophos firewall accounts.

In addition, the hackers left behind two files that functioned as backdoors and which provided a way to control infected devices.

Within four days (after learning of the attacks), Sophos issued the correction for the XG firewalls, which was automatically installed on all firewalls that had the auto-update option enabled.


The attacks changed after its release patch

In one new report published yesterday, Sophos said that as soon as they became known attacks and the patch was released, the attackers changed the type of attack.

The new attack included the following payloads:

  • EternalBlue: SMB exploit in Windows allows intruders to infect computers on the internal network beyond the firewall.
  • DoublePulsar: To gain access to computers internally network.
  • Ragnarok: A crypto-ransomware.

However, according to Sophos, the new ones attacks failed. Updated firewalls removed all traces of malware, including both backdoor mechanisms. Thus, the new attack and successful installation of ransomware was not possible.

XG firewalls, in which the ability to automatically update or not manually "update" by administrators were not enabled, were most likely infected.

According to the company, this incident emphasizes the need for constant updating of our systems and reminds that any IoT device could be used as a basis for access on Windows machines.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...