Recently, SonicWall, one of the leading cybersecurity companies, witnessed a severe security breach. In August 2024, the CVE-2024-40766 weakness was identified and rated as CVE Score 9.3 and allowed an attacker to gain unauthorized access to a system. A ransomware attack against several organizations utilizing SonicWall firewalls exploited this vulnerability.
Ransomware Groups Capitalize on the Vulnerability on SonicWall
SonicWall VPN was exploited by two prominent ransomware groups named Akira and Fog and compromised at least 30 organizations, encrypting the sensitive data with disruption in the critical operation. Reported by Artic Wolf Labs
It targeted various ranges of industries and organizations with different sizes. In other cases, the attackers steal sensitive data such as HR and finance records. This speed is alarming since it encrypts within hours.
Impact and Response on SonicWall VPN
his vulnerability can have great impact. Tens of hundreds of thousands of devices are vulnerable to this problem, and the majority of the organizations have not learned about the problem or the patches yet.
SonicWall has tried to overcome this problem. They published security patches, and even issued warnings to their customers. However, the immediate response from the cyber world is a signal that prompt patching and strong security measures are highly required.
Reactions By Expertise
It has been noted that both the Fog and Akira ransomware attacks were exploiting weaknesses of SonicWall VPN gateways that lacked MFA, and a number of them were operating out-of-date software that left them open to breaches.
MFA is, Tiquet says, “a very critical layer of security.” If an attacker does get the password, “with MFA the other hurdle that will need to be crossed reduces the likelihood of a successful attack”.
Another very valuable tool is password managers. Those can generate and store different unique, strong passwords for every account, and so it would be hard for attackers to crack those ones. Password managers also have very robust MFA options.
‘Security professional Jason Soroko says the biggest threat of delayed patching is that attack wouldn’t have much time to reverse-engineer the patch and develop the custom malware that exploits the given vulnerability. It very much calls for immediate patching from the customers even without a research-exploit code release.”.
Urgent Need For Action
This is a critical reminder of how important it is to have a strong security posture. Organizations must take care of their security measures so that their systems, data, and reputation are well protected. The organization should take immediate action to fix the vulnerability and implement best practices to reduce the risk of cyberattacks and protect its future.
