SonicWall is asking customers to reset their credentials after some firewall backup files linked to MySonicWall accounts were exposed. The company says it has blocked the attackers and is working with cybersecurity experts and law enforcement to investigate the incident.
According to SonicWall, less than 5% of its customers were affected, and no files were leaked online. Despite this, the breach still requires urgent action.
In an official statement, the company said it recently found suspicious activity targeting the cloud backup service for its firewalls. The investigation revealed that attackers had accessed firewall preference files stored in the cloud for a small number of its customers. Even though the credentials in the files were encrypted, the files also contained information that could potentially help attackers exploit the related firewall.
SonicWall stated that this was not a ransomware attack but a series of brute-force attacks aimed at gaining access to the backup files for future use by the attackers. The incident specifically affected SonicWall firewalls that had their preference files backed up in MySonicWall.com.
The company is advising customers to log into their MySonicWall accounts to check if cloud backups are enabled. If they are not, the user is not at risk. If backups are enabled, customers should look for any flagged serial numbers, which indicate an affected firewall that needs immediate attention. For customers who have used backups but see no flagged devices, SonicWall says it will provide more guidance soon.
Affected customers are being told to import new preference files. This process, however, will disrupt some services, including IPSec VPNs, TOTP bindings, and user access. After importing the new file, users will have to reconfigure VPN pre-shared keys and reset TOTP along with user passwords. To minimize any downtime, SonicWall suggests doing this during a maintenance window or off-hours, as the process reboots the firewall immediately.
SonicWall said the new preference file was created from the latest version found in cloud storage, and the changes were made to update any potentially exposed parameters. For customers who cannot import new files, the company has provided separate guidance on how to manually reset credentials in SonicOS.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
