🚨 Another day, another SonicWall headline

I swear I don’t try to pick on SonicWall… but they make it so easy when they keep showing up in the news. The latest headline? Akira ransomware operators are breaking into SonicWall VPNs—even when one-time password (OTP) multi-factor authentication (MFA) is enabled. That’s right: even if you patched, even if you enabled MFA, attackers may still be waltzing right in.

What’s Happening with SonicWall and Akira?

Attackers are exploiting CVE-2024-40766, a SonicWall VPN vulnerability disclosed last year. Even though SonicWall released patches, attackers had already stolen credentials and may have found ways to generate or reuse OTP codes. The theory is that previously compromised secrets are being leveraged to bypass MFA entirely. In other words: patching was necessary, but not sufficient.

How the Attacks Play Out

Akira’s approach is often described as “smash-and-grab.” Once they’re in, they move fast: Initial Access: Attackers log in with stolen credentials, bypassing MFA. Reconnaissance: Within minutes, they scan the network for Active Directory, file shares, and backups. Privilege Escalation: They deploy tools like Mimikatz to harvest more credentials. Defense Evasion: They disable endpoint protection, sometimes using “bring-your-own-vulnerable-driver” exploits. Impact: In less than an hour, ransomware is deployed, backups are encrypted, and operations grind to a halt. This isn’t a slow, stealthy campaign. It’s smash, grab, and ransom.

Why MFA Isn’t Bulletproof

This incident is a painful reminder: MFA is not a silver bullet. If attackers steal or replicate your OTP seed, they can generate valid codes. If they compromise your endpoint, they can intercept push notifications or tokens. If your MFA relies on SMS, attackers can SIM-swap their way in. MFA dramatically reduces risk, but it’s not invincible. Attackers are adapting, and SonicWall’s situation proves it.

The Small Business Reality

Here’s the part that hits home for small businesses: Many SMBs still rely on older SonicWall appliances because “they’ve always worked.” Those devices often sit in the corner, blinking away, rarely updated, rarely monitored. Meanwhile, attackers are actively targeting them because they know small businesses are less likely to notice until it’s too late. So ask yourself: Is your firewall protecting you—or just waiting to make you the next headline?

What You Should Do Now

If you’re running SonicWall, here are the immediate steps: Reset Credentials: If your device ever ran vulnerable firmware, assume credentials may have been stolen. Reset all VPN, admin, and Active Directory passwords tied to it. Audit VPN Access: Review logs for unusual logins—especially from hosting providers, foreign IPs, or odd hours. If you see anything suspicious, investigate immediately. Segment and Monitor: Don’t let your firewall be the single point of failure. Segment critical systems and monitor for lateral movement. Consider Replacement: If your SonicWall is still blinking in the corner, it’s time to ask: is it worth the risk? Modern firewalls from vendors like Palo Alto or even cloud-native solutions offer stronger protections, better monitoring, and fewer headlines.

Choosing a Better Firewall

When evaluating a replacement, look for: Zero Trust Network Access (ZTNA): Move beyond VPNs to identity-based access. Built-in Threat Intelligence: Firewalls that update automatically with the latest indicators of compromise. Granular Logging & Alerts: So you know when something’s wrong before it’s too late. Vendor Track Record: Pick a vendor that isn’t in the news every other month for the wrong reasons.

The Bigger Lesson

This isn’t just about SonicWall. It’s about the mindset of “set it and forget it.” Security doesn’t work that way. Attackers evolve, tools age, and yesterday’s best practice can become today’s liability. MFA is good. Patching is good. But neither is enough if the foundation—the firewall itself—is compromised.

Final Word

At this point, if your SonicWall is still blinking away in the corner, it’s worth asking: Is it protecting me, or just waiting to make me the next headline? Time to replace it with something more secure. Not sure what firewall to pick? Reach out to Actionable Security—we’ll give you free advice and guidance to get you on the right track. Because the only thing worse than being in the news for a breach… is realizing you could’ve avoided it.

#AnotherDayAnotherSonicWall #ReplaceBeforeDisgrace #FirewallOfShame