SonicWall reveals security breach in their cloud backup service
In a recent development, SonicWall has announced that a security incident has affected its cloud backup service for firewalls. The incident, which was first revealed in an advisory, has been found to have impacted approximately 5% of SonicWall's firewall install base.
The investigation has shown that threat actors accessed firewall preference files in the cloud. These files contain sensitive information such as passwords, shared secrets, and encryption keys that may need to be updated elsewhere, including with the ISP, Dynamic DNS provider, email provider, remote IPSec VPN peer, or LDAP/RADIUS server.
SonicWall has provided a structured checklist for remediation, with critical items listed first. All SonicWall firewall customers are advised to log in to MySonicWall.com to verify if cloud backups are enabled for their products. If cloud backups are enabled and their firewall serial numbers are among the compromised information, they need to follow the containment and remediation guidelines provided by SonicWall.
The serial numbers of the firewalls are included in the compromised information. Impacted customers will receive a new preferences file to import onto their firewall, which randomizes passwords for all local users, randomizes iCloud login keys, and resets the binding for time-based one-time password (TOTP) if enabled.
It is important to note that this incident was not a ransomware or similar event for SonicWall, but a series of brute force attacks aimed at gaining access to preference files. SonicWall has not confirmed that the files have been leaked online by threat actors.
Customers using SonicWall's Cloud Backup Service for their firewalls were affected by the cyberattack. These customers should immediately reset all passwords, enable multi-factor authentication, review and update firewall security settings, and monitor for any unauthorized access or suspicious activity.
Moreover, customers are advised to firstly disable or restrict access to services from WAN before moving onto remediation actions. Logs should be reviewed for recent configuration changes in firewalls or unusual activity.
This latest incident follows a number of attacks targeting SonicWall products in recent months. SonicWall recently published an advisory revealing that threat actors were actively exploiting a critical vulnerability in the SonicWall SonicOS management access and SSLVPN.
Customers whose serial numbers are not included have been advised to regularly check the incident page for any additional updates. Impacted customers have been urged to take immediate containment and remediation steps to safeguard their systems.
Read also:
- Global Content Dissemination Through Cross-Linguistic Voiceovers
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- AI-Generated Humor Spreads on Gemini Nano Banana: Light-hearted Modifications Spark Concerns over User Privacy
- New study reveals that Language Models can execute complex assaults independent of human intervention
