SonicWall said Monday that it is investigating whether a recent surge in attacks targeting its Gen 7 firewalls is related to a possible zero-day vulnerability or exploitation of an existing flaw. The warnings follow an Aug. 1 Arctic Wolf report about hackers deploying the Akira ransomware variant in attacks that began on July 15.
Researchers saw an uptick in hands-on-keyboard activity last week and warned that the attacks were targeting fully patched devices after their users had rotated credentials. SonicWall said the current attacks are similar to a series of hacks last year involving an improper access control vulnerability tracked as CVE-2024-40766.
UPDATE – SonicWall recently announced that the recent SSLVPN activity is not connected to a zero-day vulnerability. Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in our public advisory SNWLID-2024-0015.
What You Should Do
- Update firmware to version 7.3.0, which includes enhanced protections against brute force attacks and additional MFA controls. Review the Firmware update guide for guidance.
- We highly recommend upgrading to SonicWall’s Managed Protection Security Suite (MPSS), a security service that adds dedicated firewall monitoring and management. Upgrades come with automatic updates, health check/productivity reports, enhanced support and embedded cyber warranty.
If you have questions or need assistance, contact a member of the Admiral team.
