Ongoing Akira ransomware attacks on SonicWall SSL VPN devices are exploiting a known access control flaw, CVE-2024-40766, even after patches were released. Threat actors are bypassing MFA, likely using stolen OTP seeds or alternative methods, to infiltrate networks. #CVE202440766 #AkiraRansomware
Keypoints
- Akira ransomware is actively targeting SonicWall SSL VPN devices despite security patches.
- Threat actors are bypassing multi-factor authentication by using stolen OTP seeds or other techniques.
- The exploited vulnerability, CVE-2024-40766, involves improper access control and was disclosed in September 2024.
- Recent attacks involve quick network scanning, credential theft, and lateral movement within targeted networks.
- Organizations are urged to reset VPN credentials and ensure all devices run the latest SonicOS firmware.