In the latest ransomware attack, operators have started using a critical bug in SonicWall SonicOS firewall devices as an entry point for compromising business networks. The vulnerability, identified as CVE-2024-40766, is from the management access interface of the firewall and thus impacts all current devices spanning across Generation 5, Generation 6, and Generation 7. A patch was issued by SonicWall on August 22 to address the issue and asked its users to update their appliances. It later turned out that the same weakness also affects the SSLVPN feature of the devices, which has recently been exploited in the wild.
Arctic Wolf security researchers reported that operators of the Akira ransomware strain have been leveraging the bug for initial access to business networks. These appeared to be the types of attacks that involved compromised accounts, local to the affected devices and independent of centralised authentication systems such as Microsoft Active Directory. What’s more, the affected accounts were noted to have MFA disabled, further compromising them. The affected breached devices were running firmware versions in the range vulnerable to CVE-2024-40766.
Apart from Arctic Wolf’s discovery, the incidents of ransomware groups making their ways into SonicWall SSLVPN accounts were also reported by the security firm Rapid7. While the incidents being connected to the vulnerability CVE-2024-40766 are purely speculative, the company has underlined the need to take precautions.
Immediate Security Recommendations
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.