"Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug. Akira is also poking holes in SonicWall SSLVPN misconfigurations, abusing all of these security risks to gain access to vulnerable devices and conduct ransomware attacks, according to a Rapid7 warning on Wednesday. "The number of Rapid7 customers utilizing SonicWall appliances is in the hundreds, and we've already responded to a double-digit number of customer incidents stemming from one or more of the three threats we've outlined in today's advisory," the Rapid7 incident response team told The Register. "Therefore, we think there is a potential for widespread industry impact here.""
"The attacks are tied to CVE-2024-40766, a 9.8 CVSS-rated improper access control flaw originally disclosed in August 2024. Both Akira and Fog ransomware criminals used this CVE last year to gain initial access to victim orgs, and last month SonicWall said not all companies took the needed steps to mitigate the issue. "In terms of exposure, over 438,000 SonicWall devices were still publicly accessible in the last 30 days, representing a significant attack surface," Bitsight researcher Emma Stevens told The Register. In other words: quite a few organizations still have some patching and other mitigations to check off their lists."
"Between September and December 2024, at least 100 organizations were compromised via CVE-2024-40766, according to Stevens, with both Akira and Fog ransomware gangs abusing the security hole to "gain initial access, typically moving to full encryption in under 10 hours in some cases." In early August of this year, SonicWall confirmed that it was investigating a wave of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs."
Akira ransomware affiliates are exploiting a high-severity SonicWall improper access control vulnerability (CVE-2024-40766) and SSLVPN misconfigurations to gain initial access and execute ransomware. The flaw carries a CVSS score of 9.8 and was disclosed in August 2024. Both Akira and Fog gangs used the vulnerability last year to compromise organizations, often progressing to full encryption within ten hours. Rapid7 reported multiple customer incidents and warned of potential widespread impact, while Bitsight observed over 438,000 publicly accessible SonicWall devices. Many organizations remain unpatched or misconfigured, leaving a significant attack surface.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]