Enterprise security company Sonic Wall is urging customers to disable the core functionality of their latest lineup of firewall devices after security researchers reported an increase in ransomware incidents targeting Sonic Wall customers.
In a statement this week, Sonic Wall said there was a “significant increase” of security incidents targeting Generation 7 firewalls where customers have VPN enabled. The company said it will “proactively investigate these cases to determine whether they are related to previously disclosed vulnerabilities, or whether new vulnerabilities could be held liable.”
The company's alert says security researchers have identified hackers targeting SonicWall devices and gained initial access to the victim's network.
Hackers are increasingly targeting enterprise products such as firewalls and VPNs that act as digital gatekeepers, allowing legitimate employees to access the company's network. However, the security flaws in these products allow malicious hackers to enter and allow attackers to steal data or launch destructive attacks.
Security company Arctic Wolf said there was a break-in targeting Sonicwall customers until mid-July. The company says “available evidence indicates the existence of a zero-day vulnerability,” referring to security bugs that were discovered and exploited before the vendor patches the issue.
Researchers said they witnessed a short gap between the exploitation of the Sonic Wall Firewall and subsequent deployment of file encrypted malware or ransomware.
Another cybersecurity company, Huntres Lab, said that zero-day bugs in the Sonic Wall Firewall are likely to be blamed on the attack, warning that hackers exploiting the bugs have access to the company's domain controllers that manage devices and users on its network.
Huntress said in his blog that he believes the Akira ransomware gang is behind some of the attacks targeting Sonic Wall customers. Akira is known to target enterprise products such as the Fortinet Firewall to infiltrate large networks.
“This is an important and ongoing threat,” Huntress wrote.