SonicWall: Attackers stole firewall backups from the cloud
The stolen configuration files may contain sensitive information and facilitate attacks. Apparently, only a few customers are affected.
(Image: Daniel Jedzura/Shutterstock.com)
Firewall manufacturer Sonicwall reports a breach of its customers' cloud accounts. Unknown individuals have illegally copied and exfiltrated backup copies of firewall configuration files. However, this is not a cyberattack on Sonicwall, but apparently a mass trial of access data.
Sonicwall has determined that the attackers stole cloud configuration files from less than five percent of its customers. Although all passwords are "encrypted" in these files, according to the manufacturer (meaning that they are stored in hashed form), other information could facilitate future attacks on the firewalls.
Videos by heise
Not all Sonicwall customers affected
Sonicwall reassures its customers that the unknown data thieves have not made any ransom demands nor offered their loot on the usual leak forums. Nevertheless, customers should check whether they may be affected as a precaution. A detailed guide helps to identify and eliminate potential risks.
The manufacturer is keeping quiet about the exact course of the attacks. Nor is there any explanation in the security notices as to whose access data has been tried out en masse – and apparently sometimes successfully –. Not only customer accounts are possible targets, but also the access data of Sonicwall employees or partners.
Just a few weeks ago, large-scale attacks on Sonicwall firewalls were reported, exploiting a security vulnerability that had long since been fixed. Apparently, many firewall administrators had not installed the updates, making them vulnerable to attacks by the Akira ransomware group, among others.
(cku)
