Vulnerabilities Traced Back to Ancient SonicWall Bug and Habitual Password Practices
In recent developments, SonicWall has issued a series of advisories to address an increase in cyber activity affecting its Gen 7 and newer firewalls with SSLVPN enabled. According to the company, these successful attacks are not believed to be due to a zero-day vulnerability.
Researchers from multiple threat detection providers, including LunarSec, have observed a rise in Akira ransomware intrusions against SonicWall customers in late July. Many of these incidents relate to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over during the migration and not reset.
Arctic Wolf has reported that in some instances, fully patched SonicWall devices were affected following credential rotation, despite Time-based One-Time Password (TOTP) Multi-Factor Authentication (MFA) being enabled. This underscores the importance of resetting passwords, a critical step outlined in SonicWall's original advisory.
SonicWall has high confidence in its assertion that these attacks are not due to a zero-day vulnerability. The company states that the recent SSLVPN activity is not connected to a zero-day vulnerability, contrary to some initial speculations.
To mitigate these risks, SonicWall urges customers to reset all local user account passwords for any accounts with SSLVPN access, especially if they were carried over during migration from Gen 6 to Gen 7. The security vendor also recommends updating to SonicOS 7.3, which has built-in protection against brute-force password and MFA attacks.
Previous advice from SonicWall includes enabling Botnet Protection and Geo-IP Filtering, removing unused or inactive user accounts, enforcing MFA, and strong password policies. SonicWall thanks the research community, including Arctic Wolf, Google Mandiant, Huntress, and Field Effect, for their vigilance.
SonicWall has also issued a public advisory SNWLID-2024-0015 regarding CVE-2024-40766. The company notes a significant correlation with threat activity related to this vulnerability. Without these additional protections, password and MFA brute-force attacks are more feasible.
SonicWall is currently investigating less than 40 incidents related to this cyber activity. The company continues to work closely with the security community to provide updates and guidance as the investigation progresses.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Stopping Osteoporosis Treatment: Timeline Considerations
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
