This alert is relevant to all Australian businesses and organisations.
This alert contains a combination of simple and moderately complex technical advice, intended for business owners and technical IT support services.
Background
ASD’s ACSC is aware of a recent increase in active exploitation in Australia of a 2024 critical vulnerability in SonicWall SSL VPNs (CVE-2024-40766).
We are aware of the Akira ransomware targeting vulnerable Australian organisations through SonicWall SSL VPNs.
The vulnerability enables an attacker to achieve unauthorised access and in specific conditions causes the firewall to crash. The vulnerability affects the following SonicWall devices:
- Gen 5 devices
- Gen 6 devices
- Gen 7 devices running SonicOS 7.0.1-5035 and older versions
Mitigation advice
Australian organisations should review their use of vulnerable SonicWall devices, and consult the below for investigation and remediation advice:
- Gen 7 and newer SonicWall Firewalls – SSLVPN Recent Threat Activity
- CVE-2024-40766 Security Advisory
The vendor has also urged organisations to change passwords after updating to the latest version.
Organisations remain vulnerable if they have not fully implemented the mitigation advice by updating credentials after updating the firmware.
Where to get help
Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).
