SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service.
“The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks,” the company said.
It also noted that it’s working to notify all partners and customers, adding it has released tools to assist with device assessment and remediation. The company is also urging users to log in and check for their devices.
The development comes a couple of weeks after SonicWall urged customers to perform a credential reset after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts.
The list of impacted devices available on the MySonicWall portal has been assigned a priority level to help customers prioritize remediation efforts. The labels are as follows –
- Active – High Priority: Devices with internet-facing services enabled
- Active – Lower Priority: Devices without internet-facing services
- Inactive: Devices that have not pinged home for 90 days
It previously stated that the threat actors accessed backup firewall preference files stored in the cloud for less than 5% of its customers, while emphasizing that the credentials within those files were encrypted but that they also included “information that could make it easier for attackers to potentially exploit the related firewall.”
Users are advised to follow the steps below with immediate effect –
- Log in to MySonicWall.com account and verify if cloud backups exist for registered firewalls
- If fields are blank, there is no impact
- If fields contain backup details, verify whether impacted serial numbers are listed in the account
- If Serial Numbers are shown, users should follow the containment and remediation guidelines for the listed firewalls
SonicWall said in cases where customers have used the Cloud Backup feature but no Serial Numbers are shown or only some of the registered Serial Numbers are displayed, it will provide additional guidance in coming days.
