During recent SonicWall attacks, Akira ransomware affiliates bypassed multi-factor authentication by exploiting an engineer's plaintext storage of recovery codes, gaining access to the victim's security console to disable endpoint protection, steal credentials, and deploy ransomware. This incident, detailed by Huntress, highlights severe operational risks from inadequate credential management and sophisticated threat actor tactics, emphasizing the critical need for robust security protocols and encrypted storage for sensitive access information to prevent significant financial and reputational damage.
A recent security incident detailed by managed security provider Huntress reveals a critical operational vulnerability that allowed Akira ransomware affiliates to bypass multi-factor authentication (MFA). The breach occurred after attackers, exploiting a SonicWall VPN, discovered MFA recovery codes stored in a plaintext file on an internal security engineer's desktop. This fundamental security lapse granted the threat actors full administrative access to the victim organization's Huntress security console. With this access, the attackers were able to disable endpoint protection, resolve active incident reports to evade detection, and ultimately steal credentials and deploy ransomware. The event underscores that sophisticated threat actors are now targeting and manipulating security infrastructure itself to prolong their dwell time and maximize impact. This incident serves as a potent illustration that even robust technological defenses are easily undermined by human error and poor credential hygiene, highlighting a persistent and severe risk vector for enterprises irrespective of the security products they employ.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.75
