Surge in Cyber Attacks Targeting SonicWall Firewalls: What You Need to Know
SonicWall has recently disclosed an increase in cyber threats aimed at its Gen 7 and later firewall models equipped with SSL VPN capabilities. This surge is linked to an older vulnerability that has since been patched, as well as issues surrounding password management.
Understanding the Current Vulnerability
In their latest update, SonicWall emphasized that the recent SSL VPN monitoring spike does not stem from a zero-day vulnerability. Instead, the activity closely correlates with the identified threat related to CVE-2024-40766, which poses a serious risk with a CVSS score of 9.3. First highlighted by SonicWall in August 2024, this vulnerability pertains to improper access control and can enable unauthorized users to gain access to secured resources.
An advisory issued by SonicWall indicated that the implications of this vulnerability could lead not only to unauthorized access but also potentially result in firewall crashes under certain conditions. This revelation stresses the need for users to address security measures promptly.
Investigating Recent Incidents
According to the company’s findings, they are currently looking into fewer than 40 incidents involving these vulnerabilities. Many of the detected cases stem from users transitioning from Gen 6 to Gen 7 firewalls without resetting their local user passwords—an essential step recommended alongside the disclosure of CVE-2024-40766.
This oversight represents a critical opportunity for malicious actors. As users migrate their systems, neglecting to reset passwords could expose them to unnecessary risks.
Enhanced Security Features in SonicOS 7.3
In light of these challenges, SonicWall has introduced robust enhancements in its latest firmware, SonicOS 7.3. This version includes strengthened defenses against brute-force password attacks and reinforces multi-factor authentication (MFA) protocols. SonicWall encourages all users to apply the following security measures:
- Firmware Update: Upgrade to SonicOS version 7.3.0.
- Password Resets: Implement password resets for all local accounts with SSL VPN access, especially for those transferred from Gen 6 firewalls.
- Botnet Protection: Activate Botnet Protection and Geo-IP Filtering.
- MFA and Strong Passwords: Enforce strong password policies along with multi-factor authentication.
- Account Management: Eliminate unused or inactive user accounts to streamline security.
Rising Threats and Notable Trends
This warning from SonicWall arrives amidst alarming reports from various cybersecurity vendors regarding an uptick in attacks exploiting SSL VPN appliances. Recently, Arctic Wolf highlighted that cybercriminals associated with the Akira and Fog ransomware groups have specifically targeted unpatched SonicWall SSL VPNs, significantly affecting network integrity from August to mid-October 2024.
Additionally, cybersecurity firm Huntress reported ongoing impacts from these activities, noting that at least 28 incidents linked to the exploit have been recorded up to August 6, 2025.
Conclusion
The rise in targeting SonicWall’s latest firewall technology indicates the critical nature of vigilance in cybersecurity. Users are urged to take immediate action to secure their devices, ensuring that their systems are updated, passwords are managed effectively, and best practices in security protocols are adopted. The proactive measures could be pivotal in mitigating risks and protecting against evolving cyber threats.
