Warning Issued: Akira Ransomware Targeting Australian Organizations
The Australian Cyber Security Centre (ACSC), part of the Australian Signals Directorate, has recently raised a significant alarm concerning an uptick in cyberattacks targeting the nation’s organizations. This alert primarily highlights a new threat known as Akira ransomware, which exploits a year-old vulnerability within certain SonicWall devices.
Cybersecurity Alert from ACSC
On September 10, the ACSC officially informed the public about the ongoing hacker activity focused on Australian organizations. The cybersecurity agency noted that the Akira ransomware is specifically designed to take advantage of vulnerabilities present in SonicWall SSL VPNs, which have become a focal point of these attacks.
Understanding the Vulnerability
The vulnerability in question impacts multiple generations of SonicWall devices, specifically the Gen 5, Gen 6, and Gen 7 models. This flaw allows attackers to gain unauthorized access to systems and can even cause the firewall to crash under certain conditions. The ACSC recommends that organizations employing these devices review their systems critically, particularly those still utilizing SonicOS versions 7.0.1-5035 and older.
SonicWall has been proactive in addressing these concerns. The organization has already issued guidance urging customers to alter their passwords and ensure their devices are updated to the latest firmware versions. However, the ACSC warns that organizations may still remain vulnerable if they haven’t fully implemented the recommended security measures, such as resetting credentials after firmware updates.
SonicWall’s Response to the Threat
SonicWall first began investigating reports of exploitation related to its firewall technologies in early August 2023, following alerts from several security analysts about suspicious activities. By August 22, the company confirmed that the ongoing exploitation was linked to a known vulnerability, specifically CVE-2024-40766, which pertains to improper access control issues.
Confirmation of Security Incidents
In its most recent advisory update, SonicWall clarified that the majority of the incidents they are addressing are not related to any new zero-day vulnerability. Instead, these incidents correlate with the documented threat associated with CVE-2024-40766. The company is currently investigating fewer than 40 incidents stemming from this malicious activity, many of which involve the migration of settings from Gen 6 to Gen 7 firewalls.
It’s noteworthy that during these migrations, local user passwords were often carried over without being reset. Resetting passwords had been emphasized in SonicWall’s original advisory, marking it as a critical step for enhancing security during transitions.
Implications for Australian Organizations
The implications of this increased ransomware activity are significant for Australian businesses. Organizations relying on vulnerable SonicWall devices must act decisively to protect their networks. This involves staying informed about cybersecurity vulnerabilities, implementing best practices for password management, and ensuring that all security patches are applied promptly.
With cyber threats continuously evolving, the need for heightened vigilance has never been more crucial. Australian organizations are encouraged to prioritize cybersecurity measures and remain proactive against potential attacks, particularly those utilizing outdated technology that may harbor vulnerabilities.
As the situation unfolds, both the ACSC and SonicWall will provide ongoing updates to help organizations navigate this challenging landscape and secure their networks against Akira ransomware and other emerging threats.
