In the past 72 hours, SonicWall has reported a surge in cyber incidents targeting Gen 7 firewalls with SSLVPN enabled. These attacks have been flagged by SonicWall’s internal teams and leading cybersecurity firms including Arctic Wolf, Google Mandiant, and Huntress. While the root cause is still under investigation, the threat is real and growing.

 What’s Happening?

Attackers are exploiting vulnerabilities in SonicWall’s SSLVPN service, potentially bypassing authentication and gaining unauthorized access. It’s unclear whether this is tied to a known issue or a new zero-day vulnerability.

What Should You Do?

If your organization uses Gen 7 SonicWall firewalls, take these steps immediately:

• Disable SSLVPN if possible.

• Restrict access to trusted IP addresses only.

• Enable security services like Botnet Protection and Geo-IP Filtering.

• Enforce Multi-Factor Authentication (MFA) for all remote users.

• Audit user accounts and remove any that are unused or unnecessary.

• Strengthen password policies across the board.

These actions won’t just reduce your exposure; they’ll help you stay ahead of evolving threats.

Ongoing Investigation

SonicWall is:

• Working closely with external threat research partners.

• Committed to releasing updated firmware and instructions if a new vulnerability is confirmed.

• Updating customers and partners as the situation evolves. 

You can monitor the official SonicWall support notice for real-time updates.

Need Help Securing Your SonicWall Environment?

Our cybersecurity team is ready to assist. Whether you need help auditing your firewall settings, implementing MFA, or responding to suspicious activity, we’re here to support you. 

Contact us today to schedule a rapid response consultation.