Over 48,000 SonicWall devices remain vulnerable to a critical security flaw, exposing organizations worldwide to ransomware attacks.
The vulnerability, identified as CVE-2024-40766, was first disclosed in September 2024 and continues to be actively exploited by notorious ransomware groups Akira and Fog.
CVE-2024-40766 is a critical improper access control flaw in SonicWall’s SonicOS operating system, which powers its firewalls and VPNs.
With a CVSS score of 9.3, this vulnerability allows attackers to gain unauthorized administrative access to affected devices. Exploited systems are at risk of data breaches, operational disruptions, and ransomware deployment.
Despite the availability of patches since August 2024, many organizations have yet to secure their devices, leaving them exposed to active exploitation.
Akira And Fog: Exploiting The Weakness
The Akira and Fog ransomware groups have been particularly aggressive in exploiting this vulnerability. Investigations reveal that these groups have targeted organizations using unpatched SonicWall devices for initial access.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Between September and December 2024, over 100 companies were confirmed victims of these ransomware groups through this specific exploit.
This accounts for approximately 46% of organizations identified on leak sites as victims of Akira and Fog—a stark contrast to the less than 5% rate of SonicWall usage among victims of other ransomware groups, reads Macnica report.
The attacks have been opportunistic rather than industry-specific, with both small and large organizations across various sectors falling victim.
Akira ransomware was deployed in about 75% of these attacks, while Fog accounted for the remaining 25%.
The time between initial access and encryption objectives has been alarmingly short in some cases—ranging from as little as 1.5 hours to 10 hours.
As of late December 2024, at least 48,933 SonicWall devices remain unpatched and vulnerable. This figure underscores a critical gap in cybersecurity practices despite repeated warnings from SonicWall and security experts.
The slow adoption of patches may be attributed to operational challenges or a lack of awareness among affected organizations.
Organizations using SonicWall devices are urged to:
- Apply Patches Immediately: Update to the latest firmware versions provided by SonicWall.
- Restrict Access: Limit management access to trusted IPs and disable WAN management from public internet sources.
- Monitor Networks: Continuously monitor for suspicious activity indicating potential exploitation attempts.
The continued exploitation of CVE-2024-40766 by Akira and Fog highlights the urgent need for proactive cybersecurity measures.
With over 48,000 devices still at risk, organizations must mitigate this vulnerability before becoming the next victim of these sophisticated ransomware campaigns.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!