SonicWall, a leading cybersecurity firm, is actively investigating reports of a potential zero-day vulnerability affecting its Gen 7 firewalls with SSL VPN enabled. This follows a notable increase in cyber incidents over the past 72 hours, both internally and externally reported, involving these devices. The company is collaborating with third-party threat research teams, including Arctic Wolf, Google Mandiant, and Huntress, to determine whether these activities are linked to a previously disclosed vulnerability or if a new zero-day flaw is responsible.
The surge in attacks has been linked to the Akira ransomware group, which has been exploiting the suspected vulnerability to gain unauthorized access to networks. Researchers have observed a swift transition from intrusion to encryption, with attackers often using Virtual Private Servers to mask their origin. The FBI and CISA are currently monitoring the situation, underscoring the severity of the threat.
In response to these developments, SonicWall has urged organizations using Gen 7 firewalls to implement immediate security measures. Recommendations include disabling SSL VPN services where practical, limiting SSL VPN connectivity to trusted IP addresses, activating services such as Botnet Protection and Geo-IP Filtering, enforcing multi-factor authentication, removing inactive or unused local user accounts with SSL VPN access, and encouraging regular password updates across all user accounts.
The company has also acknowledged the critical nature of the situation and is working diligently to identify the root cause of the attacks. SonicWall has committed to releasing updated firmware and guidance as quickly as possible if a new vulnerability is confirmed.
As the investigation continues, organizations are advised to remain vigilant and adhere to the recommended security practices to mitigate potential risks associated with this emerging threat.
