FBI Warns That Barracuda’s ESG Appliances Need To Be Ripped Out…. NOW

You might recall that I posted a story about Barracuda ESG appliances that require full unit replacements because of the the fact that they had an extremely serous flaw that is basically unpatchable.

I had forgotten about this story until I saw this from the FBI:

Through an investigation of the Barracuda ESG appliance compromise, the FBI discovered additional indicators of compromise as well as independently verified many of the indicators of compromise in the public domain. Barracuda customers should remove all ESG appliances immediately. The patches released by Barracuda in response to this CVE were ineffective. The FBI continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit. In addition, customers should further investigate for any further compromise by conducting scans for outgoing connections using the list of indicators provided as the malicious cyber actors have demonstrated the ability to compromise email accounts and computer networks, as well as maintain persistence in victim networks for continued future operations and data exfiltration. Customers who used enterprise privileged credentials for management of their Barracuda appliances (such as Active Directory Domain Admin) should immediately take incident investigation steps to verify the use and behavior of any credentials used on their devices. Investigation steps may include:

  • Review email logs to identify the initial point of exposure;
  • Revoke and rotate all domain-based and local credentials that were on the ESG at thetime of compromise;
  • Revoke and reissue all certificates that were on the ESG at the time of compromise
  • Monitor entire network for the use of credentials that were on the ESG at the time ofcompromise;
  • Review network logs for signs of data exfiltration and lateral movement;
  • Capture forensic image of the appliance and conduct a forensic analysis.

This is pretty bad. Both for Barracuda customers and for Barracuda’s reputation. The fact that the FBI is now saying to rip Barracuda appliances out of production isn’t good and illustrates how bad this flaw is. Thus if you have one of these appliances, and you didn’t rip it out in June, you need to do so now.

Leave a Reply

%d bloggers like this: