SonicWall Vulnerability Exploited in Potential Ransomware Attacks

SonicWall Vulnerability Exploited in Potential Ransomware Attacks

A newly disclosed vulnerability in SonicWall firewalls has raised significant concerns in the cybersecurity community. The flaw, identified as CVE-2024-40766, was first disclosed in August 2024 and affects multiple versions of SonicWall’s SonicOS, including Gen 5, Gen 6, and Gen 7 firewalls. This critical vulnerability is linked to improper access control, allowing attackers to gain unauthorized access to resources or cause firewall crashes.

Security experts, including Arctic Wolf, have speculated that this vulnerability may have been used in recent ransomware attacks. The Akira ransomware group, known for targeting various sectors, is believed to have potentially exploited compromised SSLVPN user accounts on SonicWall devices. However, Arctic Wolf has not definitively confirmed this exploitation. What is concerning is that many of the compromised accounts lacked multi-factor authentication (MFA), leaving them highly vulnerable.

Another cybersecurity firm, Blackpoint, has also observed attacks targeting SSLVPNs but has not confirmed a direct link to CVE-2024-40766. As investigations continue, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that the threat is serious but requiring further evidence before attributing it to specific attacks.

This vulnerability highlights the growing risks posed by ransomware actors targeting critical infrastructure and business systems. Experts recommend that organizations using SonicWall firewalls update their systems immediately, enable MFA for all accounts, and monitor network traffic for signs of suspicious activity.

As the investigation unfolds, SonicWall and security teams are working closely to mitigate the risk, ensuring that users are protected from further exploitation.

Sources:

• (SecurityWeek)
• (World Economic Forum)