Close Menu
Cybercrime and Ransomware

SonicWall Launches SMA100 Firmware Update to Eradicate Rootkit Malware

Staff WriterBy No Comments4 Mins Read0 Views

Quick Takeaways

  1. SonicWall released firmware 10.2.2.2-92sv to help remove rootkit malware, specifically targeting SMA 100 series devices, following reports of attacks deploying OVERSTEP malware.
  2. OverSTEP is a user-mode rootkit that grants persistent access, stealing sensitive files and credentials, with overlaps noted with Abyss ransomware incidents.
  3. Researchers warn that using outdated SMA firmware poses significant risks, urging users to upgrade to security-compliant versions immediately.
  4. SonicWall also addressed recent threats like credential theft from backup files and clarified that the Akira ransomware gang is exploiting a previously patched vulnerability (CVE-2024-40766).

The Core Issue

SonicWall has released a crucial firmware update, version 10.2.2.2-92sv, specifically designed to detect and eliminate rootkit malware on SMA 100 series devices, including the SMA 210, 410, and 500v models. This update was prompted by findings from Google Threat Intelligence Group (GTIG) that revealed a cyber threat group known as UNC6148 deploying a sophisticated rootkit called OVERSTEP on these devices, many of which are nearing their end of support on October 1, 2025. OVERSTEP malware is particularly insidious because it operates in user mode, allowing attackers to maintain persistent access by hiding malicious components, stealing sensitive data such as credentials and certificates, and establishing reverse shells for continuous control. Although the specific goals of these attacks remain unclear, there are concerning overlaps with other ransomware activities, notably those linked to the Abyss group, which has previously compromised SMA devices to install malicious web shells.

The story is reported by SonicWall, a cybersecurity company that actively monitors and responds to threats affecting its customer base. The company has been advising users to promptly upgrade their firmware to mitigate risks associated with older, vulnerable versions, especially given the rising frequency of cyberattacks exploiting unpatched systems. SonicWall’s warnings also extend to recent attacks where hackers, like the notorious Akira ransomware gang, exploited vulnerabilities (such as CVE-2024-40766) to target unpatched firewalls, underscoring the ongoing threat landscape. These developments highlight the importance of regular updates and robust security measures to defend against evolving malware threats and ensure the safety of network infrastructure.

Critical Concerns

Cyber risks pose significant threats to organizations, exemplified by SonicWall’s recent firmware update targeting rootkit malware on SMA 100 series devices, which are being exploited by threat actors like UNC6148 using OVERSTEP malware to establish persistent, stealthy access, steal sensitive data, and potentially deploy ransomware such as Abyss. These risks are compounded by vulnerabilities in outdated firmware and weak credential practices, with studies revealing that nearly half of environments have experienced successful password cracking—almost doubling last year’s rate—highlighting vulnerabilities that adversaries exploit via brute-force and zero-day exploits. The impact of such cyber threats can be devastating, resulting in unauthorized access, data exfiltration, system compromise, and disruption of critical services, underscoring the urgent need for timely firmware updates, robust security protocols, and vigilant monitoring to mitigate potentially severe financial and reputational damage.

Fix & Mitigation

Maintaining swift and effective remediation for SonicWall’s SMA100 firmware update addressing rootkit malware is crucial to prevent extensive security breaches and protect sensitive data. Prompt action ensures the integrity of communication channels and minimizes downtime, safeguarding organizational assets from persistent threats.

Mitigation Steps

  • Immediate Firmware Update: Install the latest firmware released by SonicWall to eliminate vulnerabilities.
  • System Backup: Create a full backup before updating to preserve current configurations and facilitate recovery.
  • Network Segmentation: Isolate affected systems to prevent malware spread across the network.
  • Enhanced Monitoring: Increase surveillance of network traffic for unusual activity indicative of malware presence.
  • Password Reset: Change all administrative and user passwords to prevent unauthorized access.
  • Malware Scan: Conduct comprehensive scans using trusted security tools to identify and remove remnants of malware.
  • Access Controls: Implement strict access policies, limiting permissions to essential personnel only.
  • Incident Response Plan: Activate or develop a response plan for rapid containment and recovery.
  • Vendor Support: Consult SonicWall support for guidance and assistance tailored to the specific malware threat.
  • User Awareness: Educate staff on recognizing and preventing security threats related to malware.

Explore More Security Insights

Stay informed on the latest Threat Intelligence and Cyberattacks.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.