Asnarök Malware Dents a Hole in Sophos XG Firewalls

Asnarök, the data-stealing malware, has left the customers of Sophos firewall stunned, after it was found exploiting a zero-day vulnerability in the XG Firewall product.

  • On April 22, 2020, Sophos received some information about suspicious activities related to field values in the management interface, which was identified as an attempted attack against physical and virtual XG Firewall units.
  • The attack revealed a previously unknown zero-day SQL injection vulnerability in some of its firewall products, which could lead to remote code execution.
  • Sophos immediately released a hotfix to patch the vulnerability, along with details about the attack.

Not the first time

In the past, there have been a few occasions where Sophos security products were found vulnerable to attacks.

  • In October 2019, vulnerabilities were found in Sophos Cyberoam firewall appliances, which could allow attackers to remotely gain root permissions on any vulnerable device.
  • In April 2010, Sophos fixed three vulnerabilities in its Unified Threat Management platform, that were impacting processes like user enumeration, expiration of cookies, and inbound email handling.
  • In October 2018, two vulnerabilities were discovered in Sophos HitmanPro Alert, the malware detection and protection tool. One vulnerability allowed an attacker to read kernel memory contents, while another flaw allowed code execution and privilege escalation.
  • In June 2018, several vulnerabilities were found in Sophos SafeGuard full-disk and file encryption products, which could allow an attacker to escalate privileges on a compromised device and execute arbitrary code with SYSTEM permissions.

What about other security vendors?

Sophos is not the only security vendor facing the heat of product vulnerabilities. In the past, several major security vendors have patched vulnerabilities in their security products that were under active use.


How to stay protected?

Vulnerabilities in all such products indicate that security products are also akin to any other kind of software product, and that they could be equally prone to cyber threats. Here are a few quick recommendations to further minimize the security risks:

  • Keep the security products updated with the latest patches, and wherever possible, use automatic updates for such products to ensure immediate security from known threats.
  • Leverage a layered security architecture, by using a combination of multiple security products can help ensure better security across the technology stack.