""This was not a ransomware or similar event for SonicWall, rather this was a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors," the company says."
""The modified preferences file provided by SonicWall was created from the latest preferences file found in cloud storage," the company says."
""The new preferences files contain randomized passwords for all local users, reset bindings where TOTP is enabled, and randomize IPSec VPN keys.""
""These configuration changes have been made to update these possibly exposed parameters and provide a configuration you may find useful for remediation," SonicWall notes."
Hackers accessed backup firewall preference files stored in a cloud service, prompting affected customers to reset passwords. The compromised files contain encrypted credentials and configuration details that could enable attackers to target related firewalls. Fewer than 5% of customers were affected and the files were not leaked online. SonicWall notified potentially affected customers and provided fresh preference files to import into firewalls. The new files include randomized local user passwords, reset TOTP bindings, and randomized IPSec VPN keys. Importing the new preferences will reboot active firewalls, trigger failover to peers, and cause temporary IPSec VPN disruptions until peers are reconfigured. Customers can choose manual remediation instead.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]