SonicWall has confirmed that a security breach last month impacted all customers using their cloud backup service to store firewall configuration backup files.
On September 18, SonicWall disclosed a security incident affecting the MySonicWall cloud backup service, after detecting suspicious activity targeting firewall backup files.
At the time, SonicWall said less than 5% of its firewall install base had preference files accessed by threat actors.
Now, the breach has been confirmed to impact any SonicWall Firewalls with preference files backed up in MySonicWall.com.
In an update published on October 10, SonicWall confirmed the breach impacted firewall configuration backup files for all SonicWall’s cloud backup customers.
“SonicWall has completed its investigation, conducted in collaboration with leading IR Firm, Mandiant, into the scope of a recent cloud backup security incident,” the company wrote.
“The investigation confirmed that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service.”
The firewall configuration backup files contain encrypted credentials and configuration data. While this data is still encrypted, SonicWall has warned that attackers having access to these files could increase the risk of targeted attacks.
“We urge all partners and customers to log in and check for their devices,” SonicWall said.
MySonicWall users should log into their account and check if cloud backups exist for registered firewalls. SonicWall have published a remediation guide, available here.
SonicWall is currently working to notify all impacted partners and customers, and have released tools to assist with device assessment and remediation.
The company has also published updated and comprehensive final lists of impacted devices, available in the MySonicWall portal.
SonicWall’s original statement is available here. Technical containment and mitigation documentation is available here.
