{"id":2210,"date":"2025-08-10T13:57:01","date_gmt":"2025-08-10T13:57:01","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/08\/10\/sonicwall-attacks-linked-to-legacy-bug-and-password-use\/"},"modified":"2025-08-10T13:57:01","modified_gmt":"2025-08-10T13:57:01","slug":"sonicwall-attacks-linked-to-legacy-bug-and-password-use","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/08\/10\/sonicwall-attacks-linked-to-legacy-bug-and-password-use\/","title":{"rendered":"SonicWall: Attacks Linked to Legacy Bug and Password Use"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n

A leading security vendor has dismissed claims of a zero-day vulnerability in its products, stating that a surge in ransomware attacks against customers is due to poor password management.<\/p>\n

As\u00a0reported by Infosecurity<\/em> earlier this week, researchers from multiple threat detection providers observed an increase in Akira ransomware intrusions against SonicWall customers in late July.<\/p>\n

\u201cIn some instances, fully patched SonicWall devices were affected following credential rotation. Despite TOTP [time-based one-time password] MFA being enabled, accounts were still compromised in some instances,\u201d Arctic Wolf claimed.<\/p>\n

However, in an updated statement today, SonicWall posited another cause of the successful attacks on its Gen 7 and newer firewalls with SSLVPN enabled.<\/p>\n

\u201cWe now have high confidence that the recent SSLVPN activity is not connected to a zero-day vulnerability. Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in our public advisory SNWLID-2024-0015,\u201d it explained.<\/p>\n

\u201cWe are currently investigating less than 40 incidents related to this cyber activity. Many of the incidents relate to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over during the migration and not reset. Resetting passwords was a critical step outlined in the original advisory.\u201d<\/p>\n

Read more on threats to SonicWall customers: Critical SonicWall SSLVPN Bug Exploited by Ransomware Actors<\/em><\/p>\n

Updated Advice for Customers<\/h2>\n

The security vendor strongly urged all customers who imported configuration settings from Gen 6 to newer firewalls to update to SonicOS 7.3, which has built-in protection against brute-force password and multi-factor authentication (MFA) attacks.<\/p>\n

\u201cWithout these additional protections, password and MFA brute-force attacks are more feasible,\u201d it warned.<\/p>\n

SonicWall also urged customers to reset all local user account passwords for any accounts with SSLVPN access, especially if they were carried over during migration from Gen 6 to Gen 7.<\/p>\n

It added that previous advice still applies, that is:<\/p>\n