SonicWall has announced an investigation into a surge of ransomware attacks targeting its firewall devices, amid concerns of a potential zero-day vulnerability being actively exploited in its VPNs. The company is collaborating with several threat research teams to determine the nature of the vulnerability, whether it is previously known or a new zero-day issue. In the interim, SonicWall advises users of Gen 7 firewalls to disable SSL VPN services if possible and follow specific security measures, including limiting VPN connectivity to trusted IPs, enabling security services, removing inactive accounts, enforcing strong passwords, and using multi-factor authentication. Despite these precautions, SonicWall warns that MFA alone may not prevent the ransomware attacks being investigated. The attacks, suspected to involve the Akira ransomware, have been quick and effective, even in environments with MFA enabled, indicating a zero-day vulnerability might be in play. The attackers are rapidly moving from compromised devices to domain controllers, stealing credentials, disabling security tools, and deploying ransomware. This campaign is ongoing, and its full scope remains uncertain as investigations continue. This could potentially mark SonicWall’s second zero-day incident this year, following a critical bug warning in January.
Is SonicWall Facing a New Zero-Day Cyber Threat?
