On Friday, October 10th, SonicWall announced a significant security breach impacting all users of its MySonicWall cloud backup service. The breach allowed attackers to access firewall configuration backup files, which contain sensitive information such as encrypted login credentials and network configurations. Although the data remains encrypted, possession of these files poses a heightened risk of targeted cyberattacks.
These configuration files can expose crucial information about network setups, VPN access, and security policies, potentially enabling attackers to penetrate networks and compromise systems. SonicWall has advised all customers to act swiftly by resetting credentials and reviewing firewall settings.
Reports have already surfaced of widespread SonicWall SSL VPN breaches, where attackers use valid credentials to access multiple accounts quickly.
In response, AAG IT Services took immediate action following the announcement. Throughout the weekend, their engineering team diligently reconfigured and secured every SonicWall firewall they manage. This process included resetting all administrative passwords and pre-shared keys, updating LDAP bind credentials, enforcing multi-factor authentication, and tightening management access to thwart external threats. Special thanks were extended to Leon Barker, Alex Cromwell, Peter Jennings, and Ryan Douce for their efforts.
The company has adhered to SonicWall’s official remediation guidance and taken additional steps to ensure system protection, reaching out to all customers about their specific situations.
For those managing their own SonicWall devices, immediate configuration checks are essential. SonicWall has released comprehensive guidance and tools to help assess and mitigate risks.
Looking ahead, AAG IT Services’ Service Desk will remain actively involved in follow-up actions throughout the week. Users may experience some disruptions, particularly with VPN access, as security measures are finalized. The company emphasizes that security is their top priority during this critical time.
Customers are encouraged to contact the support team or their account manager if they have any concerns or encounter issues. Updates will continue to be provided as new information emerges.
