Posted on June 11, 2023 at 6:32 AM
Barracuda Networks Suffers Security Breach Affecting Email Gateway Appliances
Barracuda Networks has informed its customers that they need to replace vulnerable email gateway appliances. The statement comes after the company disclosed a critical security flaw on its network.
Barracuda Networks urges customers to replace vulnerable email gateway appliances
Barracuda Networks has become the latest technology company to be targeted by a hacking campaign. The company deals in providing security, networking, and storage products that play a critical role in supporting the growth of different businesses globally.
The company is now turning to its customers to give them access to extensive guidance as it struggles to contain a zero-day vulnerability that has been exploited by hackers since October last year.
The vulnerability that is being exploited by the hackers is being tracked as CVE-2023-2868, and it is being used by threat actors to install two different kinds of malware. The two different kinds of malware are known as Saltwater and SeaSpy, and they are used to create a backdoor on Barracuda Email Security Gateway appliances that are usually vulnerable to attacks.
The objective of the hackers launching this malicious campaign is to exfiltrate sensitive corporate information. ESG products usually operate as firewalls for emails, and they are used to filter the inbound and the outbound emails while scanning for malicious content that would otherwise cause harm.
The researchers at Barracuda said that the flaw in question was first detected by hackers on May 19. The company later deployed a patch to fix the issue the next day and to minimize the chances of an exploit happening. The patch was made available to all ESG appliances globally. The company later released another update on May 21 to also address the issue.
Barracuda urges affected users to replace their appliances
However, this week, Barracuda has included an “action notice” to the advisory sent to users. The company has urged all the customers that have been affected by the security flaw to replace the ESG appliances that have already been affected by this vulnerability despite the version of the firmware or the patch level that they have installed.
The report released by Barracuda has also said that the customers that have been affected by the flaw have already been notified of the issue through the user interface of the breached ESGs. The company has also urged those that were yet to replace their appliance after getting a notice to contact customer support.
“If you have not replaced your appliance after receiving notice… contact support now. Barracuda’s remediation recommendation at this time is a full replacement of the impacted ESG,” the statement from Barracuda read.
A report by TechCrunch noted that the company was yet to respond to an inquiry looking to determine why customers needed to replace the appliances that were already patched. Nevertheless, the breach could have an extensive reach as Barracuda is among the largest institutions globally.
Barracuda claims to have over 200,000 corporate customers globally. The company has yet to confirm the number of organizations that have been affected by this security flaw out of the thousands of users that rely on its technology services globally.
Several cybersecurity researchers are investigating the incident at Barracuda, one of them being Rapid7. Rapid7 is investigating the incident, and it has now revealed that there appear to be around 11,000 vulnerable ESG devices that were still connected to the internet globally.
Caitlin Condon, one of the cybersecurity researchers at Rapid7, said that the shift from issuing a patch to fix the flaw to urging the affected customers to replace their devices was “fairly stunning.” The researcher also added that this change indicates that the malware that was deployed by the hackers was able to achieve persistence. In this case, a patch to the flaw or even erasing all the data on a device would not do much to eradicate the access that the attacker has on the platform.
Besides advocating for a replacement of the affected devices, the Barracuda technology company has also urged all its ESG customers to rotate the credentials that are linked to these appliances. The customers have also been urged to be on the lookout for any signs of compromise on user devices that date back to at least October 2022.
The flaw on Barracuda has attracted the attention of the US government cybersecurity agency (CISA). The agency has added the Barracuda vulnerability to the list of Known Exploited Vulnerabilities. The agency has also urged all the federal agencies that use ESG appliances to monitor their networks for any signs of a breach.
