Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw

The Akira ransomware group is likely exploiting a combination of three attack vectors to gain unauthorized access to vulnerable appliances.

The Akira ransomware group has been exploiting a year-old vulnerability in SonicWall firewalls in a fresh round of attacks, potentially combining three attack vectors for initial access, Rapid7 warns.

The targeted flaw, tracked as CVE-2024-40766 (CVSS score of 9.3), is described as an improper access control issue that could allow attackers to access restricted resources and crash the firewall in certain conditions.

Exploitation of the bug was observed shortly after SonicWall published its advisory in August 2024. The company updated the initial information to provide additional mitigation recommendations.

“SonicWall strongly recommends that all users of Gen5 and Gen6 firewalls with locally managed SSLVPN accounts immediately update their passwords to enhance security and prevent unauthorized access. Administrators must enable the ‘User must change password’ option for each local account,” the ...