Close Menu
Cybercrime and Ransomware

Akira Ransomware Sparks Surge in SonicWall Flaw Exploits

Staff WriterBy No Comments4 Mins Read1 Views

Essential Insights

  1. The Akira ransomware group is exploiting a year-old SonicWall vulnerability (CVE-2024-40766) along with securing access through SSLVPN Default Users Group and Virtual Office Portal misconfigurations to conduct attacks.
  2. The CVE-2024-40766 flaw, rated with a CVSS score of 9.3, allows unauthorized resource access and firewall crashes, with exploitation observed shortly after SonicWall’s August 2024 advisory.
  3. Rapid7 warns that Akira may be using a combination of the vulnerability, default user group exploitation, and accessible Virtual Office Portal to penetrate networks and deploy ransomware.
  4. Organizations are urged to urgently patch SonicWall devices, update passwords, enable MFA, and restrict access to mitigate the compounded risks of these multiple attack vectors.

The Issue

The Akira ransomware group has exploited a year-old vulnerability in SonicWall firewalls—specifically the CVE-2024-40766 flaw with a high severity score—to conduct a renewed wave of cyber attacks. This vulnerability involves improper access control, enabling hackers to gain unauthorized access, crash the firewalls, and potentially compromise restricted resources. Rapid7 security researchers observed that, following SonicWall’s August advisory and subsequent updates, the attackers employed a sophisticated combination of attack vectors, including exploiting the SSLVPN Default Users Group and accessing the publicly accessible Virtual Office Portal. These tactics suggest that Akira is not relying solely on the known vulnerability but possibly leveraging multiple vulnerabilities simultaneously to infiltrate, escalate privileges, and deploy ransomware, targeting edge devices to steal data, erase backups, and encrypt files at the hypervisor level.

The attacks, attributed to the Akira ransomware gang, have been ongoing since at least 2023 and are part of a broader campaign to exploit SonicWall appliances. SonicWall has urgently recommended immediate patching, password resets, enabling multi-factor authentication, and restricting access to critical services to prevent further breaches. The motivations behind these intrusions are driven by the gang’s intent to infiltrate organizations, carry out ransomware operations, and cause extensive disruption. The report of this activity comes from Rapid7, a cybersecurity firm tracking these exploitations, which underscores the evolving sophistication of ransomware groups and their multi-vector approach to breaching defenses and maximizing damage.

Potential Risks

The Akira ransomware group has recently intensified its attacks by exploiting a year-old vulnerability in SonicWall firewalls, specifically CVE-2024-40766, which scores a high 9.3 on the CVSS scale due to its improper access control flaw that allows attackers to gain unauthorized access or crash the system. Rapid7 reports that these attackers have been combining multiple exploit vectors—including breaching local SSLVPN accounts, leveraging default user groups, and exploiting publicly accessible Virtual Office Portals—to infiltrate networks, escalate privileges, exfiltrate data, and deploy ransomware at the hypervisor level. This multifaceted attack strategy underscores the significant threat malicious actors pose to organizations’ cybersecurity posture, especially when vulnerabilities remain unpatched or mitigations are overlooked. Organizations utilizing SonicWall devices are urged to apply the latest patches, enforce password rotations, enable multi-factor authentication, address SSLVPN default settings, and restrict access to critical portals immediately to thwart further exploitation and consequential operational disruptions.

Possible Next Steps

In the evolving landscape of cybersecurity threats, addressing vulnerabilities promptly is crucial to prevent extensive damage and protect sensitive data. The recent surge in Akira ransomware attacks exploiting a SonicWall flaw underscores the urgent need for swift mitigation to thwart malicious actors and maintain network integrity.

Mitigation Strategies

  • Immediate Patch Deployment: Apply the latest firmware updates provided by SonicWall to fix the exploited vulnerability.
  • Enhanced Monitoring: Increase network surveillance for unusual activities or signs of compromise.
  • Access Controls: Restrict administrative privileges and implement multi-factor authentication to limit potential entry points.
  • Backup Verification: Ensure that data backups are current and stored securely to facilitate recovery if infected.
  • User Education: Train staff to recognize phishing attempts and avoid unsafe links or attachments that could initiate attacks.
  • Incident Response Planning: Develop and regularly update a comprehensive response plan to manage and contain breaches effectively.

Continue Your Cyber Journey

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.