Cybercriminal groups operating on a global scale continue to exploit weak points in remote working infrastructures to infiltrate corporate networks. Cybersecurity analysts have reported that the Akira ransomware group has launched a large-scale campaign targeting vulnerable SSL VPN accounts on firewalls.

Financially motivated ransomware groups are silently infiltrating corporate networks by exploiting firmware vulnerabilities and misconfigurations in SSL VPN (Secure Sockets Layer Virtual Private Network) accounts. After gaining initial access, attackers manipulate MFA (Multi-Factor Authentication) policies to bypass authentication mechanisms. By moving laterally within the network, they encrypt and exfiltrate critical data from servers, ultimately forcing organizations to pay a ransom.

This operation clearly demonstrates that even a single unpatched vulnerability in perimeter security can escalate into a catastrophic failure affecting the entire IT infrastructure.

For detailed information, you can reach out to our experts at info@zerosecond.com.ae