Akira’s SonicWall SSL VPN attack spree jeopardizes M&A

Major enterprises had their networks infiltrated by the Akira ransomware operation after compromising vulnerable SonicWall SSL VPN appliances owned by small- and medium-sized businesses subjected to mergers and acquisitions, according to The Register.

Attacks by Akira involved not only M&A but also the abuse of zombie privileged credentials, weak hostnames, and inadequate endpoint defenses, a report from ReliaQuest showed.

"In the incidents we analyzed, by exploiting a legacy admin credential, Akira operators gained access to sensitive systems and navigated to a domain controller (DC) in an average of just 9.3 hours," said ReliaQuest threat intel analyst Thomas Higdon, who noted that other firms have been breached within five hours as lateral movement to ransomware delivery occurred in less than an hour on average.

Whether Akira intended to target M&As remains uncertain. However, organizations, particularly those undergoing M&A, have been urged to ensure their IT systems' security defenses.