Even using the best business VPNs can't keep you safe if you're not making sure they're updated regularly. A vulnerability in SonicWall VPNs has been used to breach over 30 different organizations, cybersecurity experts have warned.
Hackers from the Akira and Fog ransomware networks have been able to access corporate networks via compromised VPN accounts. These accounts are compromised due to a software vulnerability that was initially discovered in August 2024 and patched soon after, but many accounts – and an estimated 168,000 endpoints – have not installed this crucial update, leaving them critically exposed.
The vulnerability has a severity score of 9.3, meaning it is a critical vulnerability and impacts the firewalls’ SSLVPN feature as well as its Gen 5, Gen 6, and Gen 7 firewalls.This means that it can cause the VPN to crash, or even allow unauthorized access to the VPN.
Research by both Rapid7 and Arctic Wolf has found that this vulnerability is being exploited by the Akira and Fog ransomware gangs to gain access to business' networks, including servers, cloud services and workstations. This puts a huge amount of data at the hacker's fingertips, including important and sensitive business information including customer information, financial data and trade secrets.
After gaining access to corporate networks via these exposed accounts, hackers avoid detection by using VPN services to obfuscate their IP addresses. From here, they deploy ransomware across the network, encrypting important data and locking out employees from accessing it within a matter of hours. This can result in a loss of both data and finances, as well as prolonged downtimes while recovering from the attack.
This highlights how important it is to download and install software updates when they are deployed, as the ransomware gangs are only able to access the accounts that have not patched this vulnerability. It's also important to note that these potential areas of infiltration are made even more vulnerable if multi-factor authentication (MFA) is not enabled and if the VPNs themselves are configured poorly.
