![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneIt was noticed that Barracuda Email Security Gateways (ESGs) were spewing forth a lot of malware. And Barracuda says the devices CANNOT BE PATCHED AND MUST BE DECOMMISIONED AND REMOVED FROM SERVICE.
A little technical lesson. Company/corporate networks have a single point of contact (for the sake of discussion) with the internet. At this point there is a firewall, which is a security device that scans all traffic coming in for attacks and going out for attempts to exfiltrate corporate secrets (well, at big companies they look for exfiltration attempts). There are also ESGs which try to block attempts from bag guys to send malware through corrupted email attachments and again, prevent exfiltration of corporate secrets through sending out cost sheets through email, etc.
Somehow bad guys have compromised Barracuda's ESG to such a level that they have no confidence that this malware can be removed! Now things get interesting. If you read the Krebs article linked below, one security professional believes this is the work of a 'State Actor', meaning a nation. Common computer criminals want fast results, and have the software exploits to get those results. State actors want long-term results without detection. This malware has been in place since OCTOBER OF LAST YEAR.
I've previously posted about the UEFI hack where an exploit goes into the boot system of a computer. Well, an ESG is a computer, though not a general purpose computer like I'm writing on or you're reading this with. But it has a boot system and a CPU and it's programmable, it's just programmed to do a specific task and it's updateable. Thing is, it probably uses bog-standard CPUs since it's easy to find engineers who know how to write code for them, even if the code is quite specialized - these things don't run Windows! But they do have a CPU and they do have to boot up, so there's an opportunity to exploit, and someone found a way.
Now, here's my thought. The Krebs article says that there are 11,000 of Barracuda's ESG devices in use right now. If I am an IT manager, and I have one or more of these devices in use, and I'm suddenly told that I have to replace ALL of them RIGHT NOW, is Barracuda going to be my automatic first choice for another ESG? They just cost me a LOT of money, and caused me a lot of trouble because guaranteed most of the people are going to be caught having to replace this gear outside of their scheduled replacement cycle (when corps can, things like this are budgeted and scheduled on approx a 3-5 year replacement cycle).
This is really going to hurt Barracuda's long-term financials. It wouldn't surprise me if they take a serious dive and are gobbled up by Cisco or someone else within the next 3-5 years.
https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/
A little technical lesson. Company/corporate networks have a single point of contact (for the sake of discussion) with the internet. At this point there is a firewall, which is a security device that scans all traffic coming in for attacks and going out for attempts to exfiltrate corporate secrets (well, at big companies they look for exfiltration attempts). There are also ESGs which try to block attempts from bag guys to send malware through corrupted email attachments and again, prevent exfiltration of corporate secrets through sending out cost sheets through email, etc.
Somehow bad guys have compromised Barracuda's ESG to such a level that they have no confidence that this malware can be removed! Now things get interesting. If you read the Krebs article linked below, one security professional believes this is the work of a 'State Actor', meaning a nation. Common computer criminals want fast results, and have the software exploits to get those results. State actors want long-term results without detection. This malware has been in place since OCTOBER OF LAST YEAR.
I've previously posted about the UEFI hack where an exploit goes into the boot system of a computer. Well, an ESG is a computer, though not a general purpose computer like I'm writing on or you're reading this with. But it has a boot system and a CPU and it's programmable, it's just programmed to do a specific task and it's updateable. Thing is, it probably uses bog-standard CPUs since it's easy to find engineers who know how to write code for them, even if the code is quite specialized - these things don't run Windows! But they do have a CPU and they do have to boot up, so there's an opportunity to exploit, and someone found a way.
Now, here's my thought. The Krebs article says that there are 11,000 of Barracuda's ESG devices in use right now. If I am an IT manager, and I have one or more of these devices in use, and I'm suddenly told that I have to replace ALL of them RIGHT NOW, is Barracuda going to be my automatic first choice for another ESG? They just cost me a LOT of money, and caused me a lot of trouble because guaranteed most of the people are going to be caught having to replace this gear outside of their scheduled replacement cycle (when corps can, things like this are budgeted and scheduled on approx a 3-5 year replacement cycle).
This is really going to hurt Barracuda's long-term financials. It wouldn't surprise me if they take a serious dive and are gobbled up by Cisco or someone else within the next 3-5 years.
https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/
no subject
Date: 2023-06-10 12:05 am (UTC)Hugs, Jon
no subject
Date: 2023-06-12 06:39 am (UTC)