SonicWall Company Cyber Security Posture
sonicwall.comSonicWall has been fighting the cyber-criminal industry for over 30 years defending small, medium-size businesses and enterprises worldwide. Backed by research from the Global Response Intelligent Defense (GRID) Threat Network, our award-winning real-time breach detection and prevention solutions, coupled with the formidable resources of over 10,000 loyal channel partners around the globe, are the backbone securing more than a million business and mobile networks and their emails, applications and data. This combination of products and partners has enabled a real-time cyber defense solution tuned to the specific needs of the more than 500,000 global businesses in more than 215 countries and territories. *U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361; 7,991,723
SonicWall Company Details
sonicwall
2036 employees
108509.0
none
Computer and Network Security
sonicwall.com
Scan still pending
SON_3085161
In-progress
SonicWall Risk Score (AI oriented)Between 200 and 800
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
SonicWall Global Score.png)
SonicWall Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 200 and 800 |
SonicWall Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| SonicWall | Cyber Attack | 100 | 5 | 04/2024 | SON407050824 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: The SonicWall Cyber Threat Report highlights the escalating costs and frequencies of cyberattacks on organizations, underlining a worrying trend that affects businesses globally. In the last year, organizations with a relatively modest size of 100-5,000 users have not been spared, with more than half experiencing one or several cyber incidents. These unwelcome events have been financially damaging, with the average cost soaring to $5.34 million. Such a figure represents not just a direct financial burden but also unleashes a series of indirect consequences, including but not limited to, tarnished reputations, operational disruptions, and potential regulatory penalties. These findings, drawn from an exhaustive collection of real-world data and threat intelligence, underscore the critical need for heightened cybersecurity vigilance. A proactive and comprehensive approach to cybersecurity, backed by real-time threat intelligence and robust defense mechanisms, is imperative for organizations seeking to navigate the digital landscape securely and mitigate the risks posed by an ever-evolving threat landscape. | |||||||
| SonicWall | Ransomware | 100 | 5 | 04/2023 | SON705050724 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Over the past year, organizations ranging from 100 to 5,000 users have faced an increasing wave of cyberattacks. The 2024 SonicWall Cyber Threat Report highlights a concerning trend where 57% of these organizations endured at least one cyberattack, with an average financial toll of $5.34 million. This significant economic impact underscores the evolving and sophisticated nature of cyber threats. The report draws its conclusions from a robust dataset, courtesy of the SonicWall Capture Labs. This network, comprising over 1.1 million security sensors spread across 215 countries and territories, offers a unique vantage point into the tactics and vectors preferred by cyber adversaries. By analyzing cross-vector threat information and leveraging global malware and IP reputation data, SonicWall provides invaluable insights into cyber incidents. This comprehensive intelligence is not only a testament to the severity of the cybersecurity landscape but also serves as a critical resource for organizations aiming to navigate and mitigate the risks of cyberattacks. | |||||||
| SonicWall | Ransomware | Not Applicable | 03/2024 | SON105050824 | Link | ||
Rankiteo Explanation : The description provided does not specify a single event's impact, making it impossible to assign a severity score or categorize the impact based on the given criteria.Description: Over the past year, organizations ranging from small to medium businesses with 100-5,000 users have faced a significant cyber threat landscape, with 57% experiencing at least one cyberattack. These incidents have resulted in substantial financial losses, averaging $5.34 million per attack. This figure underscores the grave financial implications cyber threats pose, compelling businesses to reassess their cybersecurity measures. SonicWall, renowned for its real-time cyber threat intelligence, has been at the forefront of these observations. Their 2024 Cyber Threat Report compiles extensive data from 1.1 million security sensors across 215 countries, offering invaluable insights into the nature and frequency of these threats. By analyzing cross-vector threat-related information and leveraging shared intelligence within the cybersecurity community, SonicWall plays a pivotal role in enabling organizations worldwide to bolster their defenses against an evolving cyber threat landscape. | |||||||
| SonicWall | Ransomware | 100 | 5 | 7/2025 | SON417071725 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: A previously unseen malware called OVERSTEP has been deployed by a threat actor targeting SonicWall Secure Mobile Access (SMA) appliances. The malware, identified as a user-mode rootkit, allows hackers to maintain persistent access, steal sensitive credentials, and hide malicious components. The threat actor, tracked as UNC6148, has been operating since at least October 2023 and has targeted organizations as recently as May. The attacks may have utilized a zero-day remote code execution vulnerability and have resulted in data theft and extortion, with potential deployment of Abyss ransomware. | |||||||
| SonicWall | Vulnerability | 85 | 4 | 4/2025 | SON502042125 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: SonicWall has experienced a cyber attack due to a remote code execution vulnerability affecting its Secure Mobile Access (SMA) appliances. These flaws impacted various SMA models and were exploited despite being patched four years ago. The flaw allowed remote threat actors to inject arbitrary commands and execute arbitrary code. This has been under active exploitation since at least January 2025 as confirmed by cybersecurity company Arctic Wolf and federal agencies. As a response to the attack, SonicWall has updated the security advisory and revised the CVSS score based on the newfound impacts. | |||||||
SonicWall Company Subsidiaries
SonicWall has been fighting the cyber-criminal industry for over 30 years defending small, medium-size businesses and enterprises worldwide. Backed by research from the Global Response Intelligent Defense (GRID) Threat Network, our award-winning real-time breach detection and prevention solutions, coupled with the formidable resources of over 10,000 loyal channel partners around the globe, are the backbone securing more than a million business and mobile networks and their emails, applications and data. This combination of products and partners has enabled a real-time cyber defense solution tuned to the specific needs of the more than 500,000 global businesses in more than 215 countries and territories. *U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361; 7,991,723
Access Data Using Our API
Get company history
Rapid.png)
SonicWall Cyber Security News
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
SonicWall and ConnectWise security breaches enable Trojan and remote access malware targeting VPN users and AI tool seekers.
SonicWall Redefines Cybersecurity, Sets New Standard with Next Generation Network Security Solutions Built for MSPs
SonicWall is bringing together the tools MSPs need to deliver layered, AI-driven security, from next-generation firewalls and endpointย ...
Dell Buys SonicWall for Aggressive Managed Security Push
Dell has acquired SonicWall in a bid to push deeper into the managed security and firewall markets.
More than 400 SonicWall firewall instances remain vulnerable to attack
The vulnerability affects SonicWall TZ, NSa, NSsp series firewalls and NSv series virtual firewalls, according to Censys.
SonicWall debuts new firewalls and managed cybersecurity service
It sells cybersecurity products that help companies filter malicious network traffic, protect employee inboxes from hackers and perform relatedย ...
SonicWall Execs: Weโre Redefining Cybersecurity Landscape With Launch Of Next-Gen MSP Platform: Exclusive
SonicWall has unveiled a suite of next-generation security offerings, marking what executives call a โpivotal momentโ in the company's 30-year evolution.
Stronghold Data Leverages SonicWall CSE to Power Simpler, Faster Cybersecurity for Clients
None
SonicWall Unveils New Firewalls and Comprehensive Managed Cybersecurity Service
SonicWall has unveiled a new line of advanced firewalls and a comprehensive managed cybersecurity service designed to combat.
Beware of fake SonicWall VPN app that steals users' credentials
Unknown miscreants are distributing a fake SonicWall app to steal users' VPN credentials. In a Monday threat intel alert, the firewall andย ...
SonicWall Similar Companies
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the worldโs most advanced cloud-native platform for protecting critical areas of enterprise risk โ endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
Google Cloud Security
With comprehensive cybersecurity solutions, organizations can address their tough security challenges with many of the same capabilities Google uses to keep more people and organizations safe online than anyone else in the world. Experience Mandiant frontline intelligence and expertise, a modern, in
Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
Thales Cyber Solutions
Drawing on a team of 6,000 experts and developers, Thales is a global leader in cybersecurity โรรฌ no.1 in data security - with solutions deployed in 148 countries, generating annual revenues in excess of โรยจ2 billion in the domain. Thales supports its enterprise and government customers in the cybe
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SonicWall CyberSecurity History Information
How many cyber incidents has SonicWall faced?
Total Incidents: According to Rankiteo, SonicWall has faced 5 incidents in the past.
What types of cybersecurity incidents have occurred at SonicWall?
Incident Types: The types of cybersecurity incidents that have occurred incidents Vulnerability, Cyber Attack and Ransomware.
What was the total financial impact of these incidents on SonicWall?
Total Financial Loss: The total financial loss from these incidents is estimated to be $10.68 million.
How does SonicWall detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through third party assistance with Google Threat Intelligence Group (GTIG), Mandiant, SonicWallโs Product Security Incident Response Team (PSIRT) and communication strategy with Updated security advisory and revised CVSS score.
Incident Details
Can you provide details on each incident?
Incident : Malware (Rootkit)
Title: OVERSTEP Malware Targeting SonicWall SMA Appliances
Description: A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances. The backdoor is a user-mode rootkit that allows hackers to hide malicious components, maintain persistent access on the device, and steal sensitive credentials.
Type: Malware (Rootkit)
Attack Vector: Unknown, zero-day remote code execution vulnerability
Vulnerability Exploited: CVE-2021-20038, CVE-2024-38475, CVE-2021-20035, CVE-2021-20039, CVE-2025-32819
Threat Actor: UNC6148
Motivation: Data theft and extortion
Incident : Remote Code Execution
Title: SonicWall Cyber Attack
Description: SonicWall has experienced a cyber attack due to a remote code execution vulnerability affecting its Secure Mobile Access (SMA) appliances. These flaws impacted various SMA models and were exploited despite being patched four years ago. The flaw allowed remote threat actors to inject arbitrary commands and execute arbitrary code. This has been under active exploitation since at least January 2025 as confirmed by cybersecurity company Arctic Wolf and federal agencies. As a response to the attack, SonicWall has updated the security advisory and revised the CVSS score based on the newfound impacts.
Type: Remote Code Execution
Attack Vector: Exploitation of a remote code execution vulnerability
Vulnerability Exploited: Remote code execution vulnerability in Secure Mobile Access (SMA) appliances
Incident : Cyberattack
Title: SonicWall Cyber Threat Report: Escalating Cyberattacks
Description: The SonicWall Cyber Threat Report highlights the escalating costs and frequencies of cyberattacks on organizations, underlining a worrying trend that affects businesses globally. In the last year, organizations with a relatively modest size of 100-5,000 users have not been spared, with more than half experiencing one or several cyber incidents. These unwelcome events have been financially damaging, with the average cost soaring to $5.34 million. Such a figure represents not just a direct financial burden but also unleashes a series of indirect consequences, including but not limited to, tarnished reputations, operational disruptions, and potential regulatory penalties. These findings, drawn from an exhaustive collection of real-world data and threat intelligence, underscore the critical need for heightened cybersecurity vigilance. A proactive and comprehensive approach to cybersecurity, backed by real-time threat intelligence and robust defense mechanisms, is imperative for organizations seeking to navigate the digital landscape securely and mitigate the risks posed by an ever-evolving threat landscape.
Type: Cyberattack
Incident : Cyberattack
Title: Widespread Cyber Threats Across SMBs
Description: Over the past year, organizations ranging from small to medium businesses with 100-5,000 users have faced a significant cyber threat landscape, with 57% experiencing at least one cyberattack. These incidents have resulted in substantial financial losses, averaging $5.34 million per attack. This figure underscores the grave financial implications cyber threats pose, compelling businesses to reassess their cybersecurity measures.
Type: Cyberattack
Incident : Multiple
Title: 2024 Cyber Attack Trends Reported by SonicWall
Description: A report by SonicWall highlights a significant increase in cyberattacks on organizations ranging from 100 to 5,000 users, with 57% experiencing at least one attack and an average financial cost of $5.34 million.
Type: Multiple
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unknown.
Impact of the Incidents
What was the impact of each incident?
Incident : Malware (Rootkit) SON417071725
Data Compromised: Sensitive credentials, persist.db database, certificate files
Systems Affected: SonicWall SMA 100 Series devices
Incident : Remote Code Execution SON502042125
Systems Affected: Various SMA models
Incident : Cyberattack SON407050824
Financial Loss: ['$5.34 million']
Operational Impact: Operational disruptions
Brand Reputation Impact: Tarnished reputations
Legal Liabilities: ['Potential regulatory penalties']
Incident : Cyberattack SON105050824
Financial Loss: $5.34 million per attack
Incident : Multiple SON705050724
Financial Loss: $5.34 million
What is the average financial loss per incident?
Average Financial Loss: The average financial loss per incident is $2.14 million.
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Sensitive credentials, persist.db database and certificate files.
Which entities were affected by each incident?
Incident : Malware (Rootkit) SON417071725
Entity Type: Organization
Response to the Incidents
What measures were taken in response to each incident?
Incident : Malware (Rootkit) SON417071725
Third Party Assistance: Google Threat Intelligence Group (GTIG), Mandiant, SonicWallโs Product Security Incident Response Team (PSIRT)
Incident : Remote Code Execution SON502042125
Communication Strategy: Updated security advisory and revised CVSS score
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Google Threat Intelligence Group (GTIG), Mandiant, SonicWallโs Product Security Incident Response Team (PSIRT).
Data Breach Information
What type of data was compromised in each breach?
Incident : Malware (Rootkit) SON417071725
Type of Data Compromised: Sensitive credentials, persist.db database, certificate files
Sensitivity of Data: High
Data Exfiltration: True
File Types Exposed: persist.db database, certificate files
Ransomware Information
Was ransomware involved in any of the incidents?
Incident : Malware (Rootkit) SON417071725
Ransomware Strain: Abyss (VSOCIETY)
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents?
Incident : Malware (Rootkit) SON417071725
Recommendations: Organizations with SMA appliances are recommended to check the devices for potential compromise by acquiring disk images, which should prevent interference from the rootkit. GTIG provides a set of indicators of compromise along with the signs analysts should look for to determine if the device was hacked.
Incident : Cyberattack SON407050824
Recommendations: Heightened cybersecurity vigilance, Proactive and comprehensive approach to cybersecurity, Real-time threat intelligence, Robust defense mechanisms
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Organizations with SMA appliances are recommended to check the devices for potential compromise by acquiring disk images, which should prevent interference from the rootkit. GTIG provides a set of indicators of compromise along with the signs analysts should look for to determine if the device was hacked.Heightened cybersecurity vigilance, Proactive and comprehensive approach to cybersecurity, Real-time threat intelligence, Robust defense mechanisms.
References
Where can I find more information about each incident?
Incident : Malware (Rootkit) SON417071725
Source: Google Threat Intelligence Group (GTIG)
Incident : Remote Code Execution SON502042125
Source: Arctic Wolf
Incident : Remote Code Execution SON502042125
Source: Federal agencies
Incident : Cyberattack SON407050824
Source: SonicWall Cyber Threat Report
Incident : Cyberattack SON105050824
Source: SonicWall 2024 Cyber Threat Report
Incident : Multiple SON705050724
Source: SonicWall Capture Labs
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Google Threat Intelligence Group (GTIG), and Source: Arctic Wolf, and Source: Federal agencies, and Source: SonicWall Cyber Threat Report, and Source: SonicWall 2024 Cyber Threat Report, and Source: SonicWall Capture Labs.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through was Updated security advisory and revised CVSS score.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Malware (Rootkit) SON417071725
Root Causes: Exploitation of known vulnerabilities to steal administrator credentials
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Google Threat Intelligence Group (GTIG), Mandiant, SonicWallโs Product Security Incident Response Team (PSIRT).
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an UNC6148.
Impact of the Incidents
What was the highest financial loss from an incident?
Highest Financial Loss: The highest financial loss from an incident was $5.34 million.
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive credentials, persist.db database and certificate files.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was SonicWall SMA 100 Series devices and Various SMA models.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Google Threat Intelligence Group (GTIG), Mandiant, SonicWallโs Product Security Incident Response Team (PSIRT).
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Sensitive credentials, persist.db database and certificate files.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Organizations with SMA appliances are recommended to check the devices for potential compromise by acquiring disk images, which should prevent interference from the rootkit. GTIG provides a set of indicators of compromise along with the signs analysts should look for to determine if the device was hacked., Heightened cybersecurity vigilance, Proactive and comprehensive approach to cybersecurity, Real-time threat intelligence, Robust defense mechanisms.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are Google Threat Intelligence Group (GTIG), Arctic Wolf, Federal agencies, SonicWall Cyber Threat Report, SonicWall 2024 Cyber Threat Report and SonicWall Capture Labs.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unknown.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
