SonicWall Issues Urgent Firmware Update to Fix Rootkit Malware on SMA 100 Devices as Cyber Threats Escalate

Cyberattacks continue to grow in number and complexity, often targeting businesses of all sizes. Recently, SonicWall, a well-known network security company, faced another serious cyber challenge. To protect its customers, the company has released a new firmware update designed to remove rootkit malware that was discovered on some of its SMA 100 series devices.

Researchers at Google's Threat Intelligence group (GTIG) revealed that the attacks on SonicWall's SMA 100 devices were carried out by the hacker group UNC6148. The organization utilized a rootkit malware known as OVERSTEP. Rootkit malware is a sort of malware that allows hackers to gain secret control over a computer or device. Rootkits, unlike typical malware, are designed to remain undetectable. They hide deep within the system and can silently change settings, steal data, and open backdoors for attackers all without the user's knowledge.Unlike ordinary malware, which can occasionally be detected by antivirus software, rootkits frequently operate silently in the background, giving attackers complete control for extended periods of time.

The problem is particularly concerning because many of these devices will reach their end-of-support date on October 1, 2025, which means they will no longer receive authorized security upgrades. SonicWall responded immediately, releasing firmware build 10.2.2.2-92sv, which contains enhanced file inspection and the ability to remove known rootkit malware. The business strongly advises that all users of SMA 210, 410, and 500v devices upgrade immediately.

Cybersecurity experts have noted similarities between these attacks and previous ransomware incidents, such as Abyss malware campaigns where hackers installed hidden web shells to stay inside networks.This shows that attackers are not only becoming more creative but also more persistent, often finding ways to bypass updates and continue their activities.

SonicWall also reminded customers of another recent issue: brute-force attacks that exposed firewall configuration backup files for some users. The company urged everyone to reset their credentials, review their systems for unusual activity, and apply all recommended security patches.

The latest SonicWall events serve as a reminder that cybersecurity is a continuous process. Attackers are continuously looking for vulnerabilities, whether in obsolete firmware or overlooked configurations.

To close security vulnerabilities, businesses must keep all devices up to date with the latest firmware, change and strengthen passwords on a regular basis to limit the chance of unauthorized access, and continuously monitor systems for any unusual or suspicious activity. Furthermore, obtaining cybersecurity insurance and implementing effective backup strategies can give additional safety and support in the event of an attack, allowing companies to recover quickly and reduce damage.

The SMA 210 is often used by businesses with a limited number of users who need secure remote connectivity without exposing their systems to cyber threats. However, it must be regularly updated with the latest firmware and security patches to protect against evolving cyberattacks.

Information referenced in this article is from Bleeping Computer