337/68 Friday, September 12, 2025
Cybersecurity experts at Rapid7 have issued an urgent warning about escalating cyberattacks, as the Akira ransomware group has resumed exploiting vulnerabilities in SonicWall appliances. These include critical flaws that were already abused last year. Contrary to earlier suspicions of a new zero-day exploit, the attacks are leveraging known vulnerabilities such as CVE-2024-40766, an Improper Access Control flaw with a CVSS severity score of 9.8, first disclosed in August 2024. In addition, Akira is exploiting misconfigurations in SonicWall SSLVPN to gain access and deploy ransomware.
Rapid7 reported responding to dozens of incidents where clients had been compromised through these flaws, indicating the potential for widespread impact. Data from Bitsight shows that more than 438,000 SonicWall devices remain exposed to the internet, making them prime targets for attackers. SonicWall acknowledged that the attacks observed in early August were indeed tied to CVE-2024-40766 and noted that many cases involved migrations from Gen 6 to Gen 7 firewalls without resetting legacy user passwords-allowing attackers to leverage previously stolen or leaked credentials for unauthorized access.
To mitigate these threats, organizations using SonicWall devices are urged to take immediate action, including updating firmware to the latest versions-especially SonicOS 7.3.0, which strengthens MFA (multi-factor authentication) security. It is also critical to reset all user account passwords, particularly for accounts migrated during upgrades, and to restrict access to the Virtual Office portal to internal networks only. Failure to apply updates and enforce proper security configurations leaves organizations highly vulnerable to Akira and other ransomware groups actively hunting for such weaknesses.
Source https://www.theregister.com/2025/09/10/akira_ransomware_abusing_sonicwall/
