A vulnerability has been found in a SonicWall VPN server, the second VPN-related issue to hit the company in recent months.
Ethical hackers from Dutch company Computest Security discovered the vulnerability which allowed them to take over the server and potentially access the internal company network, exposing sensitive data.
SonicWall offers a variety of VPN clients, aimed at securing corporate networks. However, exploitable vulnerabilities are not features of the best business VPNs, and this isn't the first time SonicWall has had a vulnerability exposed. In October 2024, hackers targeted SonicWall VPNs to spread ransomware.
How was the vulnerability exploited?
The hackers found vulnerabilities at login. A username and password is needed to access the VPN server and start a session. A unique number is then used to identify the session and with every command, the system knows it is this user.
This identifying number should be untraceable – however, the hackers could predict the numbers. This allowed them to impersonate a user and theoretically move through the network without being detected.
Computest Security reported the vulnerabilities to SonicWall and a patch is now available, but the vulnerabilities found highlight the need for more attention to peripheral security such as VPN servers, routers, and firewalls.
What to look for in a business VPN
With many of us working remotely, a business VPN can allow employees to securely access servers, networks, and company information.
Business VPNs provide additional layers of security by encrypting company data and protecting it from cyberattacks. Businesses are prime targets for hackers, with small and medium sized businesses being the most attractive.
Many business VPNs come with additional security features, making them a cost-effective security solution and reducing the amount of hardware required. They often use cloud-based systems and are designed with multiple team members in mind, ensuring everyone can access the same encrypted data and files.
Looking beyond VPNs
As well as implementing business VPNs, it is important for businesses to stay on top of their cybersecurity practices. Human error is the leading cause of data breaches, and an IBM report found the average cost of a breach in 2024 was $5 million. Therefore, employee education is vital and investing in cybersecurity awareness and training programmes is an excellent first step.
Having your businesses audited by an independent cybersecurity company can help identify security weaknesses and expose vulnerabilities. It can also improve your relationship with customers, building your reputation as a secure company.
Using tools such as the best password managers is useful as well. They can generate and store complex and unique passwords, ensuring your data is protected. 123456 is the world's most popular password, and weak passwords can be cracked in seconds. Having a strong password is another easy first step to take.
