This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers.

Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of compromise as this remains an ongoing and evolving threat.

Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31.

The research can be found here:

• Huntress Threat Advisory: Active Exploitation of SonicWall VPNs

Learn more about your ad choices. Visit megaphone.fm/adchoices