Overview

• SonicWall confirmed it is probing a surge of ransomware intrusions on its Gen 7 firewalls and is collaborating with Arctic Wolf Labs, Google Mandiant and Huntress to assess a potential zero-day exploit.
• No patch is available yet, so the vendor recommends disabling SSL VPN services where feasible and restricting connectivity to known, trusted IP addresses.
• Additional interim defenses include enabling botnet protection and geo-IP filtering, removing inactive firewall user accounts and enforcing robust password hygiene and multi-factor authentication.
• Arctic Wolf Labs observed a sharp increase in malicious VPN logins starting July 15 that compromised fully patched devices with TOTP-based MFA, indicating exploitation beyond credential attacks.
• Formal warnings from the FBI and CISA urge organizations to bolster network defenses and monitor for VPN logins originating from VPS hosts until a security update is released.