- Threat actors brute-twice Sonicwalls Cloud Portal that access encrypted firewall configuration backups
- Up to 25,000 organizations can be affected; Sonicwall calls for resetting credentials
- No data leaks have not yet been confirmed; But third -party experts and law enforcement are now involved
Sonicwall encourages its firewall customers to reset their passwords after confirming that it has suffered a security event that may have exposed their data.
In a security message, Sonicwall outlined, where not named threat actors broke-tuned into the company’s Mysonicwall Cloud Service.
This tool provides Sonicwall Firewall users (typically companies and IT teams) to back up their Firewall configuration files, including network rules and access policies, VPN configurations, service registrations (LDAP, Radius, SNMP) or admin user names and passwords (if stored in configuration).
Thousands of potential victims
“While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially utilize the related firewall,” the company explained.
In theory, attacks brute -force or decrypt the secrets, extracting credentials used in services bound to firewall, understanding network topology and rules -bypassing defense easier and launching targeted attacks using insider knowledge of how firewalls are configured.
Sonicwall said “fewer than 5%” of his customer base was influenced by this attack – but the latest figures from the company claim that the services approx. 500,000 customers globally (although it does not mean that all of them use Firewall or Cloud -Backup services) -the worst case would set the number of organizations affected at around 25,000.
So far, no groups assumed responsibility for this attack and the data has not appeared anywhere on the dark web.
“We are not currently aware that these files are leaking online by threat players,” Sonicwall explained. “This was not a ransomware or similar event for Sonicwall, rather, this was a series of brute force attacks aimed at accessing the preference files stored in backup for potential additional use of threat players.”
After the violation, Sonicwall succeeded in removing attackers and has brought third -party security experts to strengthen its defense. Law enforcement has also been notified.
Via Bleeping computer
