SonicWall is investigating a surge in attacks targeting its Gen 7 firewalls, with researchers suspecting a zero-day vulnerability enabling multifactor authentication bypass and Akira ransomware deployment. The attacks, observed since mid-July and numbering approximately 20 by Huntress, primarily affect TZ and Nsa firewalls with SSLVPN enabled, specifically versions 7.2.0-7015 and earlier. This situation presents a significant immediate security risk for organizations utilizing these devices, prompting SonicWall to advise customers to disable SSLVPN services where practical, limit access, enforce MFA, and update passwords.
SonicWall is actively investigating a potential zero-day vulnerability in its Gen 7 firewalls following a surge in attacks reported since mid-July. The exploit, which security firm Huntress assesses with 'moderate to high confidence' as a zero-day, enables attackers to bypass multifactor authentication and deploy the Akira ransomware variant. The attacks specifically target SonicWall TZ and Nsa firewalls with SSLVPN enabled, affecting versions 7.2.0-7015 and earlier. The scale of the issue is evidenced by approximately 20 observed attacks by Huntress since July 25 and 10 incidents logged by Sophos since July 23, primarily in the U.S. but with a potentially wider geographic scope. This event, underscored by a strongly negative sentiment score of -0.75, represents a significant operational risk for SonicWall customers and a reputational challenge for the company, which has recently faced other security warnings regarding its end-of-life appliances. SonicWall's immediate guidance for customers to disable or restrict SSLVPN services, enforce MFA, and update credentials highlights the critical nature of the threat while a permanent fix is being developed.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.75
Ticker Sentiment
