.png)
1 month ago
4
In mid-September, firewall manufacturer Sonicwall reported an intrusion into its cloud in which configuration backups of Sonicwall customers had been copied. However, this only affected five percent of customers, according to an initial assessment by the company at the time. Sonicwall is now revising this: all customers are impacted and should take action.
As Sonicwall already explained in the first warning message, customers who have activated an optional backup of their firewall configuration data in the manufacturer's cloud are affected. Together with the incident response expert Mandiant, a Google subsidiary, Sonicwall investigated the incident in more detail and found that all customers were affected.
Act now and mitigate follow-up attacks
All customers and partners are now urgently called upon to endeavor to mitigate the possible consequences of the leak. To achieve this, they should log in to the Sonicwall portal and scrutinize all devices – sorted according to their importance –. There is a detailed playbook for this, which admins should follow so as not to make it too easy for attackers.
They have already launched their first attacks; it can be assumed that the Akira ransomware group and other cyber criminals have copies of the backup files and are already using them in their ongoing attack campaigns.
(cku)
