Corporate predators get more than they bargain for when their prey runs SonicWall firewalls

Routine mergers and acquisitions are giving extortionists an easy way in, with Akira affiliates reaching parent networks through compromised SonicWall gear inherited in the deal, according to ReliaQuest.

In every Akira attack the threat detection firm analyzed between June and October that involved buggy SonicWall SSL VPN appliances, the ransomware operators gained access to the bigger, acquiring enterprises because they had already compromised the smaller companies' SonicWall gear. 

"In these cases, the acquiring enterprises were unaware that these devices existed in their new environments, leaving critical vulnerabilities exposed," ReliaQuest threat intel analyst Thomas Higdon said in a Tuesday blog.

Over the summer, Akira affiliates exploited buggy SonicWall firewalls and SSL VPN misconfigurations to gain access to vulnerable devices and conduct ransomware and data-stealing attacks.

While the security shop says that it can't determine if the criminals were purposely targeting mergers and acquisitions, SonicWall SSL VPN devices are commonly used ...