SonicWall has prompted some of its customers to reset their passwords after hackers gained access to their backup firewall preference files.
The compromised backup files, stored in a cloud service, contain encrypted credentials, but additional information they store could enable attackers to target the related firewalls, the company says.
According to SonicWall, less than 5% of its customers were affected and the hackers did not leak the files online, but the risks associated with the breach require immediate action.
“This was not a ransomware or similar event for SonicWall, rather this was a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors,” the company says.
To address the risk, SonicWall has notified the potentially affected customers and provided them with fresh preferences files, which should be imported into the firewalls.
“The modified preferences file provided by SonicWall was created from the latest preferences file found in cloud storage,” the company says.
The new preferences files contain randomized passwords for all local users, reset bindings where TOTP is enabled, and randomize IPSec VPN keys.
“These configuration changes have been made to update these possibly exposed parameters and provide a configuration you may find useful for remediation,” SonicWall notes.
The company also cautions that importing the new preferences files will cause certain IPSec VPN disruptions until the new keys are manually configured on peer termination points and the password reset process is completed.
Furthermore, the active firewall will reboot when the preferences are imported, and “there will be a failover to the peer firewall while the preferences are being applied,” SonicWall explains.
Customers who do not want to use the new preferences files can perform the remediation tasks manually, and the company has provided guidance on resetting the credentials of commonly used features in SonicOS.
All SonicWall firewalls that have their preferences files backed up to MySonicWall.com are impacted and the company has provided a step-by-step guide for customers to determine if they have been affected.
Related: SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability
Related: 689,000 Affected by Insider Breach at FinWise Bank
Related: Black Hat USA 2025 – Summary of Vendor Announcements (Part 4)
Related: Cyber Safety for Summer Vacation
Source link
