IT Security Company Barracuda Urges Customers to Replace System After Malware Attack

IT Security Company, Barracuda, is now urging its customers to completely replace their Email Security Gateway (ESG) appliance. 

This latest update follows the company’s recent disclosure that a critical flaw in the devices  (CVE-2023-2868, CVSS score: 9.8) had been exploited as a zero-day since October 2022 to deliver bespoke malware and steal data from their users. The vulnerability existed in the email platform that initially screens attachments of incoming emails. The company confirmed that no other products have been affected.

The flaw was identified by the provider on May 19 of this year on versions through “Malware was identified on a subset of appliances allowing for persistent backdoor access. Evidence of data exfiltration was identified on a subset of impacted appliances,” Barracuda confirmed.

The decision to completely replace the application instead of issuing a patch is likely due to threat actors tampering with the firmware, which a patch will not be able to fix. According to The Hacker News, the three different malware families discovered to date come with capabilities to upload or download arbitrary files, execute commands, setup persistence, and establish reverse shells to an actor-controlled server. In addition to replacing the appliances, Barracuda urges customers to rotate any credentials connected to the appliances and check for signs of compromise dating back to October 2022.

What should you do if you utilize Barracuda’s Email Security Gateway?

The first step is to contact [email protected] to see if your ESG system needs to be replaced. Once the system has been removed or replaced, it’s important to understand what systems have been compromised and if they can be recovered. It can be difficult to recover from a cyber incident such as this one, but you don’t have to go through it alone. Change all passwords and do not use the same credentials for multiple applications. Utilize a password generator tool to create hard to guess passwords and a password management tool to add another layer of protection to your applications.

Consider hiring a third-party incident response provider who can assist your business with recovery and hardening of your systems. A cyberattack doesn’t have to be a full system shut down. Leave it to the experts to handle the clean up so you can get back to what you do best: running your business. 

Get Peace of Mind With Entara’s Incident Response Retainer Service

Over the past three years, Entara has executed over 100,000 hours of professional service hours across more than 200 incident response projects. With a specialization in infrastructure recovery, Entara is the go-to resource for organizations that need experts in the field who can efficiently fast track containment of a breach.

Connect with us if you’re ready to strengthen your cybersecurity stance and want to prepare for the unpredictable with a comprehensive Incident Response Retainer or other proactive services. Learn more about Entara’s IR Retainer service here.  

Scroll to Top