Displaying items by tag: email security gateway

The recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was a very sophisticated one. Even in the beginning when news of this first broke it was fairly clear that this was not just another breach. It was targeted and very specific. In looking over the two reports Mandiant has released on the incident we can identify a few things about this attack that could be helpful in identifying and preventing future attacks.

After the disclosure of a serious Zero-Day that allowed an unauthenticated user to basically own the device. Barracuda is now saying that remediation action for any device that was compromised is a full replacement regardless of the firmware version. It seems that once an attacker gets their malware into the device, it is done. There is not a clean way to remove it and simply patching it does not disable the control that the attacker has on the device. It also seems that at factory resent does not clear it out.