Attacks Prompt Immediate SonicWall SSL VPN Deactivation Warning

share
Header image

Attacks Prompt Immediate SonicWall SSL VPN Deactivation Warning

share

Multiple intrusions have been seen within a short period of time.


Users of the SonicWall Gen 7 firewalls have been urged by the company to deactivate SSL VPN services.

Amid Akira ransomware attacks which have been aimed at vulnerable SonicWall firewalls, which have been underway since mid-July, SonicWall in an advisory that users should restrict SSL VPN connectivity to trusted IP addresses alone, allow Botnet Protection, Geo-IP Filtering, bolster remote access with multi-factor authentication, and remove accounts that are no longer in use

Experts at Arctic Wolf first revealed the incidents on Friday, reports The Record. The company said it has seen multiple intrusions within a short period of time, and all of them involved access through SonicWall SSL VPNs.

“In some instances, fully patched SonicWall devices were affected following credential rotation,” Arctic Wolf said, referring to the process of regularly resetting logins or other access.

Vulnerability

In an email to SC UK, SonicWall said that it is actively investigating a recent increase in reported cyber incidents involving a number of Gen 7 firewalls running various firmware versions with SSLVPN enabled. "These cases have been flagged both internally and by third-party threat research teams, including Arctic Wolf, Google Mandiant, and Huntress," it said. "We are working closely with these organisations to determine whether the activity is tied to a previously disclosed vulnerability or represents a zero-day vulnerability." 

"As always, we will communicate openly with our partners and customers as the investigation progresses. If a new vulnerability is confirmed, we will release updated firmware and guidance as quickly as possible."

Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Network SecurityRansomware Published: 6 August Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Ransomware disrupts Autovista's systems

Ransomware disrupts Autovista's systems

 Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate

 Novel CyberStrikeAI tool exploited in attacks

Novel CyberStrikeAI tool exploited in attacks
Industry urges reform to retain women in tech

Industry urges reform to retain women in tech

 NCSC flags heightened threat in Middle East

NCSC flags heightened threat in Middle East

 Europe moves toward teen social media limits

Europe moves toward teen social media limits
EU flags TikTok, alleging addictive app design

EU flags TikTok, alleging addictive app design