Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

All SonicWall Cloud Backup Users Had Firewall Configurations Stolen

In early September, hackers stole the firewall configuration backup files stored using the MySonicWall service.

SonicWall vulnerability

SonicWall on Wednesday announced that all customers who used its cloud backup service to store firewall configuration files were impacted by a recent data breach.

The incident occurred in early September and was disclosed a couple of weeks later, when SonicWall said hackers had accessed the backup firewall preference files of less than 5% of its customers.

In an October 8 update, the company said the threat actors accessed the preference files of all firewalls that were configured to back up the files to the MySonicWall cloud backup service.

“The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks,” SonicWall warns.

The company says it is in the process of notifying all affected partners and customers, and has released tools to aid with assessment and remediation efforts.

SonicWall has published a list of impacted devices to the MySonicWall portal, and customers can access it by navigating to Product Management > Issue List.

Advertisement. Scroll to continue reading.

Each device is identified as either ‘Active – High Priority’, meaning it is exposed to the internet, ‘Active – Lower Priority’, if the device is not exposed to the internet, or ‘Inactive’, if it has not pinged home for 90 days.

“We urge all partners and customers to log in and check for their devices. SonicWall has implemented additional security hardening measures and is working closely with Mandiant to further enhance its cloud infrastructure and monitoring systems,” the company notes.

All customers should log in to their MySonicWall.com accounts and check if there are cloud backups for their registered firewalls. If such backups exist, customers should check the device serial numbers to determine if the firewalls are at risk.

The company urges customers to reset all their passwords and to follow the steps described in its containment and mitigation documentation to resolve the issue.

Related: Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues

Related: SonicWall Updates SMA 100 Appliances to Remove Overstep Malware

Related: DraftKings Warns Users of Credential Stuffing Attacks

Related: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.