Even the best business VPNs can't keep you safe if you don't update them regularly Cybersecurity experts warn that vulnerabilities in SonicWall VPNs have been used to breach more than 30 organizations.

Hackers from the Akira and Fog ransomware networks were able to access corporate networks via compromised VPN accounts. These accounts are compromised by a software vulnerability that was initially discovered in August 2024 and patched shortly thereafter, but many accounts (and an estimated 168,000 endpoints) have not installed this critical update, leaving them critically compromised.

The vulnerability has a severity score of 9.3, meaning it is a critical vulnerability and affects not only the firewall's SSLVPN capabilities, but also 5th, 6th, and 7th generation firewalls.

Research by both Rapid7 and Arctic Wolf has shown that this vulnerability has been exploited by the Akira and Fog ransomware gangs to gain access to corporate networks, including servers, cloud services, and workstations. This puts vast amounts of data, including critical and sensitive business information such as customer information, financial data, and trade secrets, into the hands of hackers.

After accessing the corporate network via these public accounts, hackers use VPN services to obfuscate IP addresses to evade detection. From here, they deploy the ransomware across the network, encrypting critical data and blocking access from employees within hours. This results in the loss of both data and finances, as well as potentially prolonged downtime while the company recovers from the attack.

Ransomware groups can only access accounts that have not patched this vulnerability, highlighting how important it is to download and install software updates when they are distributed. It is also important to note that if multi-factor authentication (MFA) is not enabled or the VPN itself is poorly configured, these potential intrusion routes are even more vulnerable.