Ethical Hacking News
The Akira ransomware gang has been exploiting three critical weaknesses in the SonicWall security system to gain access to vulnerable devices and conduct devastating ransomware operations. To avoid falling victim, organizations must apply the latest patches, turn on MFA policies, and restrict access to trusted networks.
The Akira ransomware gang is exploiting three critical weaknesses in SonicWall security systems. The vulnerabilities, including CVE-2024-40766, allow attackers to gain initial access to victim organizations and conduct devastating ransomware operations. Over 438,000 SonicWall devices were publicly accessible in the last 30 days, representing a significant attack surface. The Akira group is also exploiting misconfigurations of SonicWall SSLVPN services to gain unauthorized access. Rapid7 recommends that customers apply the latest patches, turn on MFA policies, and restrict access to trusted networks to avoid falling victim to these attacks.
The cybersecurity landscape is constantly evolving, with new vulnerabilities and threats emerging on a daily basis. Recently, security researchers have been warning about a particularly insidious threat that has been taking advantage of three critical weaknesses in the SonicWall security system. The Akira ransomware gang, known for its relentless extortion attacks, has once again found itself at the center of attention as it exploits these vulnerabilities to gain access to vulnerable devices and conduct devastating ransomware operations.
According to a recent warning from Rapid7, a cybersecurity firm that specializes in threat hunting and incident response, the Akira group has been exploiting three critical security holes in SonicWall systems. The first vulnerability, CVE-2024-40766, is a 9.8 CVSS-rated improper access control flaw that was originally disclosed in August 2024. Both the Akira and Fog ransomware gangs used this CVE last year to gain initial access to victim organizations, with some attacks resulting in full encryption within under 10 hours.
In early August of this year, SonicWall confirmed that it was investigating a wave of ransomware activity targeting its firewall devices following multiple reports of a zero-day bug under active exploit in its VPNs. The company stated that it had thoroughly investigated the matter and had high confidence that this activity was related to CVE-2024-40766, which was previously disclosed and documented in their public advisory SNWLID-2024-0015.
The Akira ransomware gang has been identified as one of the primary groups exploiting these vulnerabilities. According to Bitsight researcher Emma Stevens, over 438,000 SonicWall devices were still publicly accessible in the last 30 days, representing a significant attack surface. This means that many organizations still have some patching and other mitigations to check off their lists.
In addition to the CVE-2024-40766 vulnerability, the Akira group has also been exploiting misconfigurations of SonicWall SSLVPN services. The firm noted that some default configurations allow public access to the Virtual Office portal, which can be used by attackers to configure MFA and time-based one-time password (TOTP) settings with valid accounts if there is a prior username and password credential exposure.
Furthermore, Rapid7 warned that the Akira group may be utilizing a combination of all three security risks to gain unauthorized access and conduct ransomware operations. The firm recommended that customers apply the latest patches, turn on MFA for SonicWall services, and restrict the Virtual Office portal to local-network or internal access only to avoid becoming Akira's next victim.
In light of this recent warning, it is essential for organizations that use SonicWall systems to take immediate action to protect themselves against these types of attacks. This includes applying the latest patches, turning on MFA policies, and restricting access to trusted networks. By taking proactive steps to secure their systems, businesses can significantly reduce the risk of falling victim to these devastating ransomware operations.
In conclusion, the Akira ransomware gang has once again found itself at the center of attention as it exploits critical vulnerabilities in SonicWall security systems for extortion attacks. As the cybersecurity landscape continues to evolve, it is crucial for organizations to stay vigilant and take proactive steps to protect themselves against emerging threats like this one.
Related Information:
https://www.ethicalhackingnews.com/articles/Akira-Ransomware-Exploits-SonicWall-Flaws-for-Extortion-Attacks-ehn.shtml
Published: Wed Sep 10 21:22:26 2025 by llama3.2 3B Q4_K_M
