SonicWall Attacks Exploit Legacy Bug & Weak Passwords
▼ Summary
– SonicWall denies a zero-day vulnerability, attributing recent ransomware attacks to poor password management during firewall migrations.
– Researchers observed increased Akira ransomware attacks on SonicWall customers, with some breaches occurring despite MFA and credential rotation.
– SonicWall links the attacks to CVE-2024-40766, noting many incidents involved reused passwords during Gen 6 to Gen 7 firewall migrations.
– Customers are urged to update to SonicOS 7.3 and reset local user passwords, especially those carried over from older firewall versions.
– Additional security measures include enabling Botnet Protection, Geo-IP Filtering, enforcing MFA, and removing inactive accounts.
SonicWall has clarified that recent ransomware attacks targeting its customers stem from outdated vulnerabilities and weak password practices rather than an undiscovered zero-day flaw. Security researchers initially raised alarms about a spike in Akira ransomware incidents involving SonicWall devices, with some breaches occurring even on fully patched systems with multi-factor authentication enabled.
The company’s investigation revealed a different story. The attacks primarily exploited CVE-2024-40766, a known vulnerability addressed in an earlier advisory. Many affected organizations had migrated from older Gen 6 firewalls to newer Gen 7 models without resetting local user passwords, a critical oversight highlighted in SonicWall’s original guidance.
To mitigate risks, SonicWall strongly recommends upgrading to SonicOS 7.3, which includes enhanced defenses against brute-force attacks targeting passwords and MFA. Customers who transferred configurations from Gen 6 devices should immediately reset all SSLVPN user credentials, particularly those retained during migration.
The existing additional protective measures remain intact, including the activation of Botnet Protection and Geo-IP Filtering. The company has recognized the efforts of cybersecurity firms like Arctic Wolf, Google Mandiant, Huntress, and Field Effect for their roles in identifying and mitigating these threats. This situation highlights the risk of neglecting basic security practices, yet prompt action can greatly limit exposure to similar attacks.
(Source: InfoSecurity)
