SonicWall Advises Customers to Reset Credentials After Cyber Incident Exposing Firewall Backups and Warns Businesses to Stay Secure

Cybersecurity risks continue to grow, and even firms that specialize in network security are not immune. SonicWall recently confirmed a security vulnerability that exposed firewall configuration backup files for some of its customers.This tragedy serves as a stark reminder of how cyberattacks may affect organizations and why cybersecurity preparedness is more crucial than ever.

What Happened in the SonicWall Cyber Incident

According to SonicWall, suspicious activity was detected on its cloud backup service for firewalls. Unknown attackers managed to access firewall preference files from less than 5% of MySonicWall accounts. While the credentials stored in those files were encrypted, the files also contained other sensitive details that could help hackers exploit the affected firewalls.

The company clarified that it was a brute-force attack, where hackers repeatedly tried to gain entry into accounts until they succeeded. SonicWall has not found any evidence that the stolen files have been leaked online, but the incident still raises major security concerns.

SonicWall’s Advice to Customers

SonicWall has strongly advised customers to take immediate action by logging in to MySonicWall.com to ensure that cloud backups are enabled, verifying that no devices or serial numbers in their account have been flagged, and resetting all passwords and authentication codes stored on firewalls. The company also recommended turning off unnecessary access points such as HTTP/HTTPS/SSH management and VPN services, as well as importing the new firewall preference files provided by them. These fresh preference files include randomized passwords for local users, reset two-factor authentication settings, and updated VPN keys, making it considerably more difficult for attackers to use previously disclosed information.

Ongoing Cyber Threats

The disclosure comes at a time when ransomware groups, especially the Akira gang, are targeting SonicWall devices that remain unpatched. Researchers have found that Akira attackers exploit a known vulnerability (CVE-2024-40766) to break into systems, bypass multi-factor authentication, and even disable security tools. Once inside, they can hide their tracks and prepare for larger attacks that can cripple a business.

Cybersecurity experts warn that even recovery codes that used for account recovery and login should be treated with the same sensitivity as passwords. If exposed, they can be used to disable defenses and leave organizations completely vulnerable.

Essential Business Security Reminder

This SonicWall cyber attack demonstrates how critical it is for organizations to stay updated, monitor accounts, and deploy fixes fast. Hackers are continually devising new ways to sneak into systems, and even little oversights can result in significant damage. For organizations, the lesson is clear that cybersecurity is not optional. Regular updates, robust password restrictions, and multi-factor authentication are all necessary to protect against attackers. Businesses can lower their vulnerability to the next major attack by being proactive and keeping to best practices.

This article is based on information from The Hackers News