Hackers target SonicWall VPNs to spread ransomware

3 weeks ago 2

Even using the best business VPNs can't keep you safe if you're not making sure they're updated regularly. A vulnerability in SonicWall VPNs has been used to breach over 30 different organizations, cybersecurity experts have warned.

Hackers from the Akira and Fog ransomware networks have been able to access corporate networks via compromised VPN accounts. These accounts are compromised due to a software vulnerability that was initially discovered in August 2024 and patched soon after, but many accounts – and an estimated 168,000 endpoints – have not installed this crucial update, leaving them critically exposed.

The vulnerability has a severity score of 9.3, meaning it is a critical vulnerability and impacts the firewalls’ SSLVPN feature as well as its Gen 5, Gen 6, and Gen 7 firewalls.This means that it can cause the VPN to crash, or even allow unauthorized access to the VPN.

Hand paying to unlock a system locked by ransomware

(Image credit: Shutterstock)

Research by both Rapid7 and Arctic Wolf has found that this vulnerability is being exploited by the Akira and Fog ransomware gangs to gain access to business' networks, including servers, cloud services and workstations. This puts a huge amount of data at the hacker's fingertips, including important and sensitive business information including customer information, financial data and trade secrets.

After gaining access to corporate networks via these exposed accounts, hackers avoid detection by using VPN services to obfuscate their IP addresses. From here, they deploy ransomware across the network, encrypting important data and locking out employees from accessing it within a matter of hours. This can result in a loss of both data and finances, as well as prolonged downtimes while recovering from the attack.

This highlights how important it is to download and install software updates when they are deployed, as the ransomware gangs are only able to access the accounts that have not patched this vulnerability. It's also important to note that these potential areas of infiltration are made even more vulnerable if multi-factor authentication (MFA) is not enabled and if the VPNs themselves are configured poorly.

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.

Read Entire Article