SonicWall on Sept. 18 advised customers to reset their passwords after its security teams detected suspicious activity targeting the company’s MySonicWall.com cloud backup service for its firewalls.The company found that the threat actors accessed backup firewall preferences stored in the cloud for fewer than 5% of SonicWall’s firewall installed base.While credentials with in the files were encrypted, SonicWall said the files also included information that could make it easier for attackers to potentially exploit the firewalls.However, SonicWall said they are not presently aware of these files being leaked online by threat actors.“This was not a ransomware or similar event for SonicWall,” the company reported. “Rather, this was a series of brute-force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors.” Shane Barney, chief information security officer at Keeper Security, said the files accessed in this incident contained encrypted credentials along with other firewall configuration details. Even without plaintext passwords, Barney said that combination can give adversaries a roadmap to exploit weaknesses.“This is why SonicWall is telling customers to reset everything tied to those devices, such as administrator logins, VPN access and any services or integrations that were live when the backups were taken,” said Barney. “Organizations should rotate credentials immediately, enforce multi-factor authentication so a password alone can’t be used to break in, and review privileged accounts to strip out unnecessary access and reduce the attack surface.”Nivedita Murthy, senior staff consultant at Black Duck, added that as data breaches continue to rise, stolen credentials are increasingly being used to brute-force into applications. Murthy said it’s now common for attackers to reuse credentials across multiple application logins.“To mitigate this risk, users should leverage password managers to generate and store unique, complex passwords for each application,” said Murthy. “Password managers not only securely store these credentials, they also help users rotate passwords regularly and alert them when a password has been compromised elsewhere.”
Identity, Cloud Security, Breach

SonicWall customers told to reset passwords after cloud backup service breach

(SonicWall)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



