- Actors in the Cloud Forced Portal Menace, accessing encrypted firewall configuration backups
- Up to 25,000 organizations can be affected; Sonicwall requires resets of immediate references
- No data leak still confirmed; But third -party experts and the police are now involved
Sonicwall urges its firewall customers to reset their passwords after confirming that it suffered from a security incident that could have exposed their data.
In a security announcement, Sonicwall described how actors of the anonymous threat were trained in the company Cloud Mysonicwall service.
This tool allows Sonicwall firewall users (generally companies and IT teams) to save their firewall configuration files, including network rules and access policies, VPN configurations, service identification information (LDAP, RADIUS, SNMP), or user names and administration passwords (if stored in configuration).
Thousands of potential victims
“Although identification information in the files have been encrypted, the files also included information that might facilitate that the attackers potentially use the related firewall,” said the company.
In theory, attackers could force brute or decipher secrets, extract identification information used in the services related to firewall, understand the topology and rules of the network-bypassing the defenses more easily and launching targeted attacks using initiate knowledge about how firewalls are configured.
Sonicwall said that “less than 5%” of its customers have been affected by this attack – but the company’s latest figures say that IT services serve around 500,000 customers worldwide (although this does not mean that everyone uses firewall or cloud safeguard) – so the worst case would put the number of organizations affected at around 25,000.
So far, no group has claimed the responsibility of this attack, and the data has not surfaced anywhere on the Dark Web.
“We are not currently aware that these files be disclosed online by threat actors,” said Sonicwall. “It was not a ransomware or a similar event for Sonicwall, but it was a series of brute force attacks aimed at accessing files preferably stored in the backup for potential subsequent use by threat actors.”
After the violation, Sonicwall managed to oust the attackers and brought third -party experts in security to strengthen his defenses. The police were also informed.
Via Bleeping Compompute
