Rapid response to reports of network attacks

What just happened?

Earlier this month, we were alerted by Huntress, one of our SOC partners, to a developing cybersecurity event targeting SonicWall firewalls. Huntress, which specializes in proactive threat hunting rather than just prevention, was one of two companies (the other was Arctic Wolf) to first recognize a pattern of attack across a large number of SonicWall devices.

Of particular concern, attackers were able to bypass MFA on firewalls running one of the more modern and frequently used kinds of VPN to deploy ransomware. MFA (multi-factor authentication) is the layer of additional security that lets cybersecurity officers and Macktez team members sleep at night. In this case, evidence suggested that these firewalls — the primary point of defense for any local network — were vulnerable even with MFA enabled.

Of course, Huntress also alerted SonicWall. And though SonicWall was not able to immediately confirm the attack pattern or identify a root cause, Huntress and Arctic Wolf provided sufficient evidence to convince SonicWall that the threat was real and needed to be contained.

Erring on the side of security, SonicWall advised all impacted users to disable SSL VPN immediately while its investigation continued. And Macktez followed that recommendation right away for all impacted client networks: we suspended SSL VPN service to secure their environments until a permanent update was issued by SonicWall.

Why it’s important

This vulnerability turned out not to be a “zero-day” exploit (a cyberattack that preys on a previously unknown vulnerability) as was initially suspected, but the overall response of the security community — and that of Macktez’s security team — was appropriately decisive in identifying the service that could be exploited and shutting it down to protect clients from an active exploit. Before SonicWall could provide a more nuanced remedy, it made sense to just close down the road cyberattackers were riding.

Not every reported vulnerability requires immediate action, but in this case, the potential exposure to ransomware and the strong reputations of the entities reporting on the event were sufficient to provoke a quick response all around.

What we learned

The value to Macktez — and to our clients — of partnering with the cybersecurity team at Huntress for network security is multifaceted. Huntress provides organizations with access to a level of cybersecurity expertise and 24/7 vigilance that would be difficult and costly to achieve independently.

By focusing on human-powered threat hunting, rapid response, and a deep understanding of the tactics used by modern adversaries, Huntress empowers businesses to not only defend against current threats but also to build a more resilient and secure digital future. Huntress is not just a security solution; it’s a strategic investment in an organization’s long-term success and cyber-resilience.

What you should know

Malicious actors continually probe networks and devices, seeking to identify vulnerabilities. Most organizations, on their own, don’t have the resources to protect themselves against all these threats. Collaborating with a trusted partner like Macktez to help manage network, device, and identity security is a critical part of modern-day operations.