720-891-1663

Return to list of client alerts

When Hacks go From Bad to Worse

Today this affects Barracuda clients but next time it could affect anyone.

Usually when there is a vulnerability discovered you apply a patch and go on with things.

Occasionally, you have to see if you were infected and if you were, you have to disinfect yourself.

And then there are times like these. It happens.

Barracuda Networks is telling customers of it’s Email Security Gateway appliances hacked in attacks using a now patched bug that they must replace the gateways immediately.

Barracuda says that there is a message in the user interface of the gateway if you are an affected (or infected) user. They said that if you have not replaced your device you need to contact support urgently.

While they are saying this is urgent and it probably is, they also admit that the bug was exploited as a zero-day for seven months.

Mandiant is still dissecting the malware for Barracuda.

Barracuda claims that they have reached out to all affected customers – but on the other hand they didn’t even know they had a problem for seven months.

I don’t want to beat up Barracuda too badly. Almost every vendor out there has been hacked at one time or another. What is less clear is why the device cannot be decontaminated. For whatever reason, they are not telling.

They also say that infected customers need to wash down their entire environment with bleach – maybe the hackers were able to breach more than the email gateway, maybe not but they are definitely concerned.

Barracuda has hundreds of thousands of customers including many high profile ones and generally has a good reputation. That doesn’t mean that they don’t have issues from time to time.

**IF** you are one of the affected customers, move quickly.

In any case, a layered defense is really important and this is an example of why.

If you have questions, please reach out to us.

Credit: Barracuda and Bleeping Computer