Displaying items by tag: email security gateway
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
The recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was a very sophisticated one. Even in the beginning when news of this first broke it was fairly clear that this was not just another breach. It was targeted and very specific. In looking over the two reports Mandiant has released on the incident we can identify a few things about this attack that could be helpful in identifying and preventing future attacks.
Barracuda Email Security Gateway Appliances that were Exploited due to Zero-Day Must Be Replaced, not Patched
After the disclosure of a serious Zero-Day that allowed an unauthenticated user to basically own the device. Barracuda is now saying that remediation action for any device that was compromised is a full replacement regardless of the firmware version. It seems that once an attacker gets their malware into the device, it is done. There is not a clean way to remove it and simply patching it does not disable the control that the attacker has on the device. It also seems that at factory resent does not clear it out.