""While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall. We are not presently aware of these files being leaked online by threat actors," Crean said, stressing that the incident was "not ransomware or similar event" but the result of "a series of brute-force attacks aimed at gaining access to the preference files stored in backup.""
""SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data. The network security vendor confirmed the breach in an updated knowledge base article and in a statement to The Register, saying that it recently detected suspicious activity targeting its cloud backup service for firewalls, which it "confirmed as a security incident in the past few days.""
Attackers executed brute-force attacks against SonicWall's cloud backup service and accessed firewall preference files. Fewer than 5 percent of the firewall installed base had preference files accessed. Credentials within the files were encrypted, but the files contained information that could ease exploitation of the related firewall. SonicWall characterized the incident as not ransomware but as brute-force intrusions to gain backup preference files. SonicWall immediately disabled the cloud backup feature, rotated internal keys, and implemented infrastructure and process changes. The company engaged a third-party incident response and consulting firm. Customers must verify device serial numbers, regenerate keys, change admin passwords, and re-import secure configurations with support assistance.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]