Hackers Infiltrated and Altered Some SonicWall Firewall Backup Configuration Files
SonicWall Addresses Security Incident: Brute Force Attack on Cloud Backup Service
In a recent development, SonicWall, a leading network security solutions provider, has disclosed a security incident involving a brute force attack on their cloud backup service for firewalls. The attack affected fewer than 5% of SonicWall's firewall install base.
Upon discovering the breach, SonicWall immediately disabled access to the backup feature and implemented infrastructure and process changes to secure their systems. They have also launched a comprehensive review of potentially affected environments, enlisting the services of a leading third-party IR and Consulting Firm.
The attackers managed to brute-force their way into SonicWall's cloud backup service, accessing backup firewall preference files. These files contained the complete configuration of the firewalls at the time of export, including system and device settings, network configurations, routing configurations and rules, firewall rules and enabled security services, VPN configuration, user and group accounts, credentials, password policies, and more. Although credentials within the files were encrypted, the accessed files could potentially make it easier for attackers to exploit related firewalls.
Impacted customers and partners have been directly notified with clear instructions to secure their devices. If customers have cloud backups enabled, they should follow the containment and remediation guidelines and the remediation playbook provided by SonicWall. Users with TOTP bindings will have them reset along with their passwords.
In response to the incident, SonicWall has provided new preference files for importing into affected firewalls. However, the process of importing preferences could take a while, and depending on the number of firewalls an organization uses, it could be time-consuming.
It's worth noting that this incident is not a ransomware or similar event for SonicWall, but a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors.
SonicWall has urged customers to check if cloud backups are enabled for the firewalls they are using through the MySonicWall portal. They encourage customers to review the Knowledge Base article for the latest information and guidance, and SonicWall's support team is available to assist with applying the guidance.
The leading third party that SonicWall engaged for investigation and consultation regarding the security incident is not explicitly named in the provided search results.
The attackers are believed to have exploited vulnerabilities in SonicWall's firewalls and Secure Mobile Access appliances throughout the year. SonicWall is working diligently to address these vulnerabilities and strengthen their security measures to prevent future incidents.
As always, cybersecurity is a shared responsibility, and SonicWall encourages all its users to stay vigilant and follow best practices to secure their networks and devices.
Read also:
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
- Strengthening Resistance Against Combined Risks in an Age Characterized by Authoritarian Technology
- Artificial Intelligence with independent agency could potentially intervene in cybercrises.
- Autocrrypt and Cohda Wireless Collaborate for Secure Vehicle-to-Everything Communication
