Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Aussie cyber agency sounds the alarm over an uptick in malicious activity targeting a year-old vulnerability in Gen 5, Gen 6, and Gen 7 SonicWall devices.
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has issued a high alert warning regarding an increase in hacker activity targeting Australian organisations.
“We are aware of the Akira ransomware targeting vulnerable Australian organisations through SonicWall SSL VPNs,” the ASD said in a 10 September statement.
“The vulnerability enables an attacker to achieve unauthorised access and in specific conditions causes the firewall to crash.”
The ASD said Australian organisations should review their use of Gen 5 and Gen 6 SonicWall devices and Gen 7 devices running SonicOS 7.0.1-5035 and older versions, while SonicWall has already warned its customers to change their passwords and update to the latest versions.
“Organisations remain vulnerable if they have not fully implemented the mitigation advice by updating credentials after updating the firmware,” the ASD said.
SonicWall began actively investigating the exploitation of its firewall devices in early August after multiple security analysts warned of the malicious activity.
“We are actively investigating these incidents to determine whether they are connected to a previously disclosed vulnerability or if a new vulnerability may be responsible,” SonicWall said in a 4 August statement.
By 22 August, the company had confirmed that the activity was not related to an unknown zero-day, but rather CVE-2024-40766, an improper access control vulnerability that was first disclosed in August 2024.
“We now have high confidence that the recent SSLVPN activity is not connected to a zero-day vulnerability. Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in our public advisory SNWLID-2024-0015,” SonicWall said in its most recent advisory update.
“We are currently investigating less than 40 incidents related to this cyber activity. Many of the incidents relate to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over during the migration and not reset. Resetting passwords was a critical step outlined in the original advisory.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
