SonicWall confirmed that a brute-force attack on a customer-facing system led to unauthorized access to firewall configuration backup files stored in its cloud service. This compromise affects every customer who used the cloud backup, although SonicWall has not clearly updated the exact proportion of its install base impacted. An investigation with Mandiant validated the breach and raised concerns about the vendor’s security controls, such as lack of rate limiting and weak protections around public APIs.
The exposed data includes firewall rules, encrypted credentials, and routing details, presenting a significant security risk. Though passwords were encrypted, attackers may crack them offline, especially if weak passwords were used initially. The leaked information raises potential for more complex and targeted attacks on affected organizations. SonicWall devices have faced multiple exploited vulnerabilities in recent years, with several tied to ransomware campaigns cataloged by CISA.
In response, SonicWall notified all impacted customers, released tools for threat detection and remediation, and urged users to check their accounts for exposure. The company has begun additional security hardening measures and continues to collaborate with Mandiant to bolster cloud infrastructure security and monitoring. This incident underscores risks of inadequate internal security practices for cloud service providers and the broad implications such breaches have for customers relying on them.
👉 Pročitaj original: CyberScoop
