"In an October 8 update, the company said the threat actors accessed the preference files of all firewalls that were configured to back up the files to the MySonicWall cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns. The company says it is in the process of notifying all affected partners and customers, and has released tools to aid with assessment and remediation efforts."
"SonicWall has published a list of impacted devices to the MySonicWall portal, and customers can access it by navigating to Product Management > Issue List. Each device is identified as either 'Active - High Priority', meaning it is exposed to the internet, 'Active - Lower Priority', if the device is not exposed to the internet, or 'Inactive', if it has not pinged home for 90 days."
SonicWall reported that threat actors accessed cloud backup preference files for firewalls configured to back up to MySonicWall, with the incident occurring in early September. Initial statements estimated less than 5% of customers affected, but an October 8 update clarified that all configured backups were accessed. The files contain encrypted credentials and configuration data; possession of the files could increase the risk of targeted attacks. SonicWall is notifying affected partners and customers, has released assessment and remediation tools, and published an impacted-device list on the MySonicWall portal. Devices are classified by exposure status. Customers are urged to check backups, verify serial numbers, reset passwords, and follow containment and mitigation guidance. SonicWall implemented additional hardening and is working with Mandiant to enhance cloud infrastructure and monitoring.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]