Particle.news
Download on the App Store
6 ARTICLES
·
3w ago

SonicWall Blames CVE-2024-40766 and Legacy Passwords for SSLVPN Ransomware Surge

After linking fewer than 40 breaches to a known bug and unmanaged migrated credentials, SonicWall has ordered firmware upgrades and password resets.

Image
SonicWall
SonicWall appliances targeted
Image

Overview

  • SonicWall confirmed on August 7 that the recent spike in Akira ransomware attacks on Gen 7 SSLVPN endpoints is not due to a zero-day flaw but hinges on the documented CVE-2024-40766 vulnerability.
  • The vendor is investigating fewer than 40 incidents, many of which involved local user passwords carried over from Gen 6 to Gen 7 firewalls without the resets recommended in its original advisory.
  • Researchers observed attackers bypassing time-based one-time password MFA and credential rotations to gain access, aligning with known Akira ransomware-as-a-service tactics.
  • SonicWall is urging all users to update to SonicOS 7.3, reset every local user account password, and enable Botnet Protection and Geo-IP Filtering to thwart brute-force and MFA-bypass attempts.
  • Security teams including Arctic Wolf, Huntress and GuidePoint are collaborating with SonicWall to share indicators of compromise and refine mitigation strategies.