SonicWall warns its cloud backup service users to reset credential after security incident
Following a previously acknowledged security breach last month, SonicWall has published an updated bulletin to customers having investigated the incident. The company says that it is now aware that an “unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service”.
SonicWall has also published an extensive document to help customers with “containment, remediation and monitoring”. This includes advising everyone to reset various passwords.
In an update to its announcement, the company says: “SonicWall has completed its investigation, conducted in collaboration with leading IR Firm, Mandiant, into the scope of a recent cloud backup security incident. The investigation confirmed that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service”.
It continues:
The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks. We are working to notify all impacted partners and customers and have released tools to assist with device assessment and remediation.
The instructions provided by SonicWall in a separate support document are detailed and lengthy. There is also a degree of complexity and nuance that the company has provided instructions about how to use the instructions. It says:
This document contains three main sections containment, remediation and monitoring. Containment reduces the risk of an exposed firewall configuration being leveraged to gain access to the network. Remediation is the process of reconfiguring potentially exposed secrets and passwords. Monitoring will identify potential threat activity.
This article outlines the essential steps required to reset the credentials of commonly used features in SonicOS which may be configured to be accessible via the internet. These remediation steps include links to other resources such as KB articles and Admin Guides with step-by-step directions for resetting various passwords, shared secrets, encryption keys, and TOTP bindings across SonicOS.
Begin with the Containment section below. Once containment is complete, you can proceed to the Remediation IF/THEN section to determine the recommended steps based on the features enabled on the target firewall.