SonicWall Advises Administrators to Disable SSL VPN Due to Increasing Cyberattack Threats

SonicWall has issued a warning to its customers, advising them to disable SSL VPN services due to the potential exploitation of an unknown security vulnerability in SonicWall Gen 7 firewalls by ransomware gangs. This alert follows a report from Arctic Wolf Labs, which noted an increase in Akira ransomware attacks since July 15th, likely leveraging a SonicWall zero-day vulnerability. Arctic Wolf researchers indicated that while the existence of such a vulnerability is plausible, other initial access methods, including brute force and credential stuffing, have not been entirely ruled out. Consequently, Arctic Wolf recommended that SonicWall administrators temporarily disable SSL VPN services to mitigate the risk of exploitation.

Cybersecurity firm Huntress corroborated Arctic Wolf’s findings and highlighted that a likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass Multi-Factor Authentication (MFA) and deploy ransomware. Huntress urged immediate action, recommending the disabling of VPN services or restricting access through IP allow-listing, as threat actors have been observed pivoting to domain controllers shortly after initial breaches. In response, SonicWall confirmed its awareness of the situation and issued an advisory urging customers to implement several security measures, including disabling SSL VPN services, limiting connectivity to trusted IP addresses, enabling security services, enforcing MFA, and removing unused accounts. SonicWall also noted a significant rise in reported cyber incidents involving Gen 7 firewalls with SSL VPN enabled and is actively investigating the matter to determine the cause.