Replace vulnerable hardware, says Barracuda after email gateway breach

Cyber ​​attacks, security incidents and data breaches are constantly in the news. But when a cybersecurity vendor itself is compromised, it makes everyone sit up and take notice.

Unfortunately, the magnitude of the Barracuda e-mail gateway security incident is not limited to the name of the victim itself. It extends far beyond that, to the fact that Barracuda is now advising customers to rip vulnerable hardware – a huge ask, and an expensive and novel one too.

In this blog, our experts try to decipher everything that happened in the big cyber news of 2023.

Our attempt is to break it down into simple facts for everyone to digest. As always, this exercise is purely educational and is not intended to emphasize or belittle the victim.

What exactly happened in the Barracuda cyber security incident?

Just over two weeks ago, the security guy, Barracuda Networks, announced that it detected a vulnerability in its Email Security Gateway Appliance (ESG) on May 19, 2023.

The zero-day vulnerability, a critical remote command injection flaw, coded as CVE-2023-2868, apparently affected a module in the Barracuda Email Security Gateway for initial filtering of attachments in incoming email messages. This caused some Mail Gateway devices to The electronic access to unauthorized parties.

Barracuda then deployed a security patch to all vulnerable ESG devices worldwide on May 20 and applied a second patch to May 21. However, this was after an unspecified number of customers had already been compromised by the e-mail gateway breach. The company reiterated that no other Barracuda products, including its SaaS email security services, were affected by this zero-day vulnerability.

Users whose devices were deemed affected would have been notified through their ESG user interface. Actions for customers included a review of their environments to determine if they needed to take further action.

On May 30, 2023Barracuda revealed that the vulnerability was actually exploited for 7 months since October 2022. The attackers apparently had illegal access to a “subset of ESG devices” and deployed backdoors to ensure prolonged access to the affected systems

The latest developments for Email Security Gateway (ESG) appliances.

On June 6However, Barracuda posted “action message‘. It has started urging its clients to rip up the affected ESG instruments because just fixing them with patches won’t work. Experts called this development “stunning”. It is estimated that there are approximately 11,000 Barracuda ESG devices on the Internet.

Many have suggested that Barracuda’s latest guidance suggests that the malware has managed to achieve low enough persistence that even wiping the device won’t exempt it from criminal access.

The three types of malware detected on the compromised Barracuda devices are SaltWater, SeaSpy and SeaSide.

To help its customers better deal with the situation, Barracuda provides its customers with assistance to deal with the current situation through release Indicators of Compromise (IoCs) Both for endpoints and networks. It also shares Yara rules that can be used to hunt down threats.

Barracuda also said that in addition to hardware replacement, affected customers should check their affected devices for signs of compromise since at least October 2022.

On June 8, the Australian Capital Territory (ACT) government said it had become one of the victims of the vulnerability found in Barracuda’s ESG tools. The government spokesman added that there is a chance that personal information was hacked, but they are conducting a full investigation to verify this.

Could this have been avoided/what can Barracuda customers do now?

Our CEO and Global CISO, Amar Singh, shares some expert advice For the organizations affected:

• Read carefully and understand what the supplier advises and contact your reseller or service provider to ensure you are doing exactly what Barracuda recommends.
• Don’t leave the doors open! – As a result, there is no choice but to replace the existing hardware with new Barracuda equipment.
• Don’t rush – please don’t go buy equipment/solutions from other vendors. This ‘attack’ can happen to anyone.
• Such cyber security incidents highlight the need to always be prepared for the worst. Make sure (even if you are not affected by this particular incident) that you always have your cyber incident response plans and incident response libraries in order. Get help if you need to review and update them but always be prepared. As we said before – it can happen to anyone! Your best defense is getting ready!

Last cyber attacks in 2023

At the Cyber ​​Management Alliance, we regularly create material on the latest cyber attacks, ransomware and data breaches. We also collect information about new malware and vulnerabilities, as well as released security patches.

Our goal is to keep our readers informed so they can quickly identify any potential security risks and take the necessary precautions. Additionally, you can read our blog on some of the most talked about cyber attacks of 2023 to get a better understanding of current cyber threats and the strategies of malicious actors.

Bookmark our site for more such updates. We will also update our readers with other important information about the Barracuda cyber incident as news develops in the public domain.