There’s some good news for SonicWall SSL VPN users: the hack of Gen 7 and newer SonicWall devices by the Akira ransomware group reported by SC Media Aug. 5 was not caused by a zero-day exposure — it was the result of a hack of a 2024 flaw that’s already been patched.In Aug. 6 advisory on the case, SonicWall said it was investigating fewer than 40 incidents related to the reports.Security experts confirmed that the news of a zero-day was not involved can potentially limit the damage.“The fact that a patch is in place alters the threat landscape from an unmitigated systemic risk to a known issue with a documented remediation path,” explained Nic Adams, co-founder and CEO at 0rcus.Adams said it also means that the exposure is theoretically more limited to unpatched systems and those with insecure configurations, rather than a universal vulnerability across the entire install base.“The correlation with password reuse and migration issues further narrows the scope of the attack vector from a novel exploit to a failure of patch management and operational hygiene,” said Adams.Despite this good news, SonicWall still encourages its customers to take the following steps to mitigate against the critical 9.8 flaw, CVE-2024-40766:
- Update firmware to SonicWall version 7.3.0: This includes enhanced protections against brute force attacks and additional MFA controls. See firmware update guide.
- Reset all local user account passwords: Do this for any accounts with SSL VPN access, especiall if they were carried over during migration from Gen 6 to Gen 7.
- Continue these best practices: Enable botnet protection and Geo-IP filtering; remove unused or inactive user accounts; and enforce MFA and strong password policies.
