SonicWall is facing targeted ransomware campaigns against Gen 7 firewalls, particularly those with SSL VPN services. Reports indicate an increase in pre-ransomware intrusions since late July, where attackers gain network access without immediate ransomware deployment, likely due to a zero-day vulnerability. Despite devices being updated and using multi-factor authentication, compromises have occurred, including access to domain controllers within hours. Recent findings emphasize that multi-factor authentication is inadequate, as attacks often involve skilled manual intrusion methods that complicate incident response and detection.
SonicWall is investigating targeted ransomware campaigns against Gen 7 firewalls, which are used as access points for attackers exploiting potential vulnerabilities, with reports of increased pre-ransomware intrusions.
Attackers gain network access via SonicWall SSL VPNs without immediately deploying ransomware, suggesting a zero-day vulnerability, despite devices being fully patched and using multi-factor authentication.
Huntress reported rapid compromises allowing attackers to access domain controllers shortly after exploiting a vulnerable device, leading to account hijacking, disabling security tools, and ransomware installation.
Arctic Wolf's findings highlight that multi-factor authentication alone is insufficient; attacks are manual and require skilled intrusion methods, aiding in incident complexity.
Collection
[
|
...
]