Cybercriminals Using 15-year-old Tactics to Target Overlooked Gaps in Security

Cybercriminals Exploit Outdated Security Flaws Warns Barracuda

Experts state that cybercriminals are using 15-year-old tactics to target overlooked gaps in security

Barracuda, a trusted partner and leading provider of cloud-first security solutions, has released a Threat Spotlight revealing that cyber attackers are relying on outdated tactics and overlooked security weaknesses to target organizations. These attackers aim to gain remote control of systems, install malware, steal information, disrupt business operations through denial-of-service attacks, and more.

The findings are based on an analysis of three months’ worth of detection data from the Intrusion Detection Systems (IDS) used by Barracuda’s Security Operations Center (SOC), part of Barracuda XDR. The IDS tools provide not just a powerful early warning system of potential attack – they also reveal the weaknesses that attackers are targeting and the most popular tactics they are using to do so.

Top malicious tactics detected by Barracuda's firewall IDS integration

Top suspicious network detections detected by Barracuda's IDS tool (in millions)

The analysis of the detection data highlights several key points, including:

• Attackers try to gain remote control of vulnerable systems by using a tactic from 2008 that would let them take advantage of a misconfigured web server to get to data such as application code or sensitive operating system files that they should not have access to.
• Another tactic designed to achieve the goal of remote-control dates from 2003 and involves trying to inject specially crafted malicious code into a legitimate process which would allow the attacker to read sensitive data, modify operations, and send instructions to the operating system.
• Other established tactics target bugs in the programming languages that developers use to create applications which are integrated into common web-based systems or into “middleware” that processes data, such as when someone adds an item to their online shopping cart. The potential reach of a successful attack using these tactics is therefore extensive.
• Attackers try to get hold of sensitive information by targeting vulnerable servers to obtain passwords or lists of users, or by misusing a legitimate process to find out how many computers on a network have an active IP connection. This can help with planning and preparing for a bigger attack.
• Attackers are also trying to cause general chaos, disruption, and denial of service by messing with online traffic data packets, making them too small or fragmenting them so that the communications channels and destination servers become overwhelmed and crash.

"Security weaknesses do not have an expiration date, and over time they can become deeply embedded, shadow vulnerabilities within a system or application. The tactics used to exploit them do not necessarily have to be new or sophisticated to succeed," emphasized Merium Khalid, Senior SOC Manager, Offensive Security, Barracuda XDR. "A multi-layered approach to protection with multiple levels of detection and scrutiny is essential. Understanding the vulnerabilities present in your IT environment, who may target them, and how they do so is crucial, as is the ability to respond and mitigate these threats."

To learn more about the prevalent attack tactics and targets check out the blog here.

About Barracuda  

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.  

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S., and other countries.

82% of Indian Organizations Surveyed Experienced a Successful Email-borne Attack in the Last 12 Months

Cost of an email-borne security attack can on average exceed US$1 Million, says Barracuda Networks’ research

• Recovering from an email-borne security attack can cost victims more than US$1 million on average.
• Having a higher proportion of remote workers increases security risk and recovery costs

Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 82% of the Indian organizations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than US$1 million for their most expensive attack. 36% said that the cost of email-based attacks has risen dramatically over the last year.

The survey, conducted by independent research firm Vanson Bourne and commissioned by Barracuda, questioned IT professionals from frontline to the most senior roles in companies with 100 to 2,500 employees, across a range of industries in the U.S. and EMEA and APAC countries including India.

Research finds that organizations based in India are among the most likely to be hit with a successful email attack. Organizations in the country also reported the highest average percentage of remote workers (54%), which could be a contributing factor as to why businesses in India are suffering more from email-based security attacks with remote working is often seen as less secure.

The fallout from an email security attack can be significant. The most widely reported in India were brand and company reputation damage (49%), hurt the reputation of the IT team (48%), and downtime and business disruption (43%). India is also the most likely to report that the costs of email attacks increased dramatically in the past 12 months, with expenses exceeding US$1.3 million on average for the costliest attack.

While the India-based organizations surveyed have invested a lot in improving their email security, with 32% have increased their spending in the past 12 months, Indian organizations also feel underprepared to deal with email account takeover (45%) — a very valid concern given the larger than average remote workforce in India — closely followed by viruses and malware (38%), data loss (35%), and business email compromise (35%).

There were notable differences between industries across the globe. For example, financial services organizations were particularly affected by the loss of valuable data and money to attackers (cited by 59% and 51% of victims, respectively), while in manufacturing the top impact was the disruption of business operations (53%). For healthcare institutions the recovery costs involved in getting systems up and running again quickly were the most significant (44%). Regardless of size or industry, however, organizations with more than half their employees working remotely faced higher levels of risk and recovery costs.

“Email is a trusted and ubiquitous communications channel, and that makes it an attractive target for cybercriminals. We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures,” said Parag Khurana, Country Manager, Barracuda Networks India . “Email-based attacks can be the initial access point for a wide range of cyberthreats, including ransomware, information stealers, spyware, crypto mining, other malware, and more. It is not surprising that IT teams around the world don’t feel fully prepared to defend against many email-based threats. Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organizations and their employees protected in 2023 and beyond.”

Resources:

• Get a copy of the report: https://barracuda.com/email-security-trends-report-2023
• Check out the blog post: http://cuda.co/blg020823
• Get a copy of Barracuda’s guide to the 13 email threat types and how to defend against them

Methodology

Barracuda commissioned independent market researcher Vanson Bourne to conduct a global survey of IT managers, senior IT security managers, and senior IT and IT security decision-makers. There were 1,350 survey participants from a broad range of industries, including agriculture, biotechnology, construction, energy, government, healthcare, manufacturing, retail, telecommunications, wholesale, and others. Survey participants were from the U.S., Australia, India, and Europe. In Europe, respondents were from the United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, the Netherlands, Luxembourg), and the Nordics (Denmark, Finland, Norway, Sweden). The survey was fielded in December 2022.

About Barracuda

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com. 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.

Barracuda XDR Insight Reveals Threat Severity Rises During Vacation Months

1-in-5 cyberthreats detected between June and the end of September 2022 were higher risk, compared to just 1-in-80 in January

The latest threat insight from Barracuda a trusted partner and leading provider of cloud-first security solutions, reveals that between June and September 2022, the top threats were successful Microsoft 365 logins from a suspicious country, accounting for 40% of attacks from suspicious countries. Followed by communication from the network to a known dangerous IP address (15% of attacks), and brute force user authentication attempts (10%).

The research shows the severity of the attacks has witnessed a huge spike as 1 out of 5 (96,428) attacks were highly critical and reported between June to September 2022 as compared to 1 out of 80 (17,500) in January 2022. Experts at Barracuda analysed 4,76,994 threat alarms from June to September out of which 20% amounted to 96,428 were alerted and urged to take remedial actions.

Amongst the top detected threats, successful Microsoft 365 login from a suspicious country is classed as ‘high risk’, which have the potential to cause severe damage and demand immediate action. This attack accounted for 40% of all attacks during the 90-day window. The countries that flag an automatic security alert include Russia, China, Iran, and Nigeria. A successful breach of a Microsoft 365 account offers an intruder potential access to all the connected and integrated assets the target has stored on the platform. Among other things, analysts look for evidence of multiple-country logins to the same account.

Communication to an IP address to Threat Intelligence and brute force authentication user attempt are classed as ‘medium risk’, which requires mitigation but would not typically lead to substantial impact as a standalone event. The attacks accounted for 15% and 10% respectively, where the former includes any attempt at malicious communication from a device within the network to a website or known command-and-control server etc., and the brute force authentication user attempts are automated attacks trying to penetrate an organization’s defences by simply running as many name/password combinations as they can.

“Cyber attackers target companies and IT security teams during off hours like weekends, overnight, or during a holiday season, such as the summers and festivals”, said Parag Khurana, Country Manager, Barracuda Networks India.

“Businesses should reinforce essential security measures such as enabling multifactor authentication (MFA) across all applications and systems, ensuring all critical systems are backed up, implementing a robust security solution that includes email protection, web application firewall (WAF) and Endpoint Detection and Response (EDR) in order to monitor, detect, and respond to cyberthreats,” he added.

About Barracuda Networks

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level.

For more information, visit barracuda.com. 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.

Spike in Ransomware Threat to More Than 1.2 Mn Per Month, Says Latest Barracuda Threat Report

New fourth-annual research report analyses ransomware attack patterns that occurred between August 2021 and July 2022

• In the past 12 months, Barracuda researchers identified and analyzed 106 highly publicized ransomware attacks and found the dominant targets are still five key industries: education, municipalities, healthcare, infrastructure, and financial.
• Researchers also saw a spike in the number of service providers that have been hit with a ransomware attack.
• The volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.

Barracuda, a trusted partner and leading provider of cloud-first security solutions, today released its fourth-annual threat research report on ransomware. The new report looks at ransomware attack patterns that occurred between August 2021 and July 2022.

A closer look at ransomware trends

For the 106 highly publicised attacks analysed by the researchers, the dominant targets are still five key industries: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%):

• The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year’s report.
• While attacks on municipalities increased only slightly, Barracuda analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled.
• This year, Barracuda researchers dug in deeper on the highly publicized attacks to see which other industries are starting to be targeted. Service providers were hit the most, and ransomware attacks on automobile, hospitality, media, retail, software, and technology organizations all increased as well.

Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses. To get a closer look at how ransomware is affecting small businesses, the report details three examples that researchers have seen through Barracuda SOC-as-a-Service, the anatomy of each attack, and the solutions that can help stop these attacks.

Parag Khurana, Country Manager, Barracuda Networks India, said, “Ransomware attackers remain defiant and continue to operate their business with extended extortion attempts. As ransomware and other cyberthreats continue to evolve, the need for adequate security solutions has never been greater. Many cybercriminals target small businesses to gain access to larger organisations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company's size. Additionally, sophisticated security technologies should be available as services, so businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyberattacks.”

To safeguard their network against this type of attack, businesses should implement execution prevention by disabling macro scripts from Microsoft Office files transmitted via email. They should also carry out a robust network segmentation to help reduce the spread of ransomware if it does get into the system. Additionally, they should identify and remove any unused or unauthorised software, particularly on remote desktops or remote monitoring, as they could be signs of compromise. Organisations should also secure their web applications from malicious hackers and bad bots by enabling web application and API protection services, including distributed denial of service (DDoS) protection.

Resources:
Read the full Threat Spotlight blog post: https://blog.barracuda.com/2022/08/24/threat-spotlight-the-untold-stories-of-ransomware/

Ransomware protection page: https://www.barracuda.com/ransomware

2021 Ransomware Threat Spotlight research: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/

Subscribe to our Barracuda blog to receive recaps by email and get the latest news, research, and more: blog.barracuda.com/subscription/

IT Staffers Receive An Average of 40 Targeted Phishing Attacks in A Year; Reports Barracuda Researchers

New report shows that all employees, not just top executives, need to be prepared for spear-phishing attacks

• An average organization is targeted by over 700 social engineering attacks each year.
• 77% of BEC attacks target employees outside of financial and executive roles.
• 43% of phishing attacks impersonate Microsoft.

India, 29th July 2021: Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released key findings about the way spear phishing attacks are evolving and who cybercriminals are targeting with these attacks. The report, titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.

The report examines current trends in spear phishing, which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defenses. It also tackles the best practices and technology that organizations should be using to defend against these types of attacks.

A closer look at attack trends

Between May 2020 and June 2021, Barracuda researchers analyzed more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organizations. Here are some of the key takeaways from their analysis:

• 1 in 10 social engineering attacks are business email compromises.
• 43% of phishing attacks impersonate Microsoft.
• An average organization is targeted by over 700 social engineering attacks each year.
• 77% of BEC attacks target employees outside of financial and executive roles.
• An average CEO will receive 57 targeted phishing attacks in a year.
• 1 in 5 BEC attacks target employees in sales roles.
• IT staffers receive an average of 40 targeted phishing attacks in a year.

“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Targeting lower level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.”

Read the full report: https://www.barracuda.com/spearphishing-vol6

About Barracuda

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com. 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.

Cryptocurrency-related Email Compromise Attacks Increased by 192% Between October'20 and May'21 - Barracuda Researchers

As the price of bitcoin increase by almost 400%, the impersonation attacks phishing impersonations and business email compromise attacks spike by 192%

Ransomware attacks increase with demands growing over US$20 million

Cryptocurrency emerges as hackers' preferred currency

India, June 30, 2021: As the price of bitcoin rises amid the growing public interest in cryptocurrency, cybercriminals are taking advantage of the opportunities this creates for them to trick potential victims and increase the profits they can make from their attacks. Researchers of Barracuda, a trusted partner and leading provider of cloud-enabled security solutions recently analyzed phishing impersonations and business email compromise attacks sent between October 2020 and May 2021 and identified that the growing price of bitcoin has led to an increase in the volume of cryptocurrency-related attacks.

Until very recently, cryptocurrency was not used to pay for day-to-day goods in the real world. However, as some companies started to announce that they will accept payments in bitcoin, it generated more interest in cryptocurrency and started to drive its value up. Fueled by the chaos around bitcoin, its price increased by almost 400% between October 2020 and April 2021. Cyberattacks quickly followed with impersonation attacks, which led to its growth by 192%.

Speaking on the new threat vector, Murali Urs, Country Manager, Barracuda Networks-India said -

The digital format of Cryptocurrencies make them decentralized in nature and without any regulations, they have become the currency of choice for cybercriminals. It fueled and enabled a multibillion economy of ransomware, cyber-extortion, and impersonation. These attacks are targeting not just private businesses, but also critical infrastructure, so they increasingly pose a national security risk. The recent high-profile attacks on organisations like Colonial Pipeline and JBS in the US are likely to bring greater interest in Government’s intervention and regulation of bitcoin.

Hackers use bitcoin to get paid in extortion attacks where they claim to have a compromising video or information that will be released to the public if the victim does not pay to keep it quiet. While this scheme has been around for some time, as the price of bitcoin climbed, cybercriminals started including it as part of their business email compromise attacks impersonating employees within an organization. They target and personalize these emails to get their victims to purchase bitcoin, donate them to fake charities, or even pay a fake vendor invoice using cryptocurrency. 

Barracuda has been leveraging its AI natural language processing capabilities to analyze the language used in cryptocurrency-related BEC attacks and determine key phrases and calls to action that hackers used to incite their victims. Attackers are creating a sense of urgency by using phrases like “urgent today” or before the “day runs” out. Their call to action is typically for their victim to go to the “nearest bitcoin machine.” They also play on their victims’ sentiments to request that a payment be made as a “charity donation,” making their victims believe they are doing a good thing.

Due to the rapid growth in the perceived value of bitcoin, ransomware attacks have also become more damaging than ever. In 2019 ransom demands ranged from a few thousand dollars to US$2 million at the top end. By mid-2021 most demands were in the millions, with a significant number over US$20 million. The possible reasons contributing towards the skyrocketing demands are: Fewer organizations choosing to take the hit by actually paying the ransom; Ransomware payments are getting traced by law enforcement agencies and strict actions are being taken; and, with the price of cryptocurrency going up, it is costing more for organizations to pay out to the cybercriminals.

Hackers have been conducting phishing attacks time and time again asking victims for wire transfers and gift cards. They are now they are looking for their victims to buy and send them bitcoin. Organisations need to protect their users from such attacks by training them on the latest email threats so that they are able to recognize the latest tactics used by hackers. They should make phishing simulation a part of their security awareness training.

Meanwhile, organizations should secure their web applications through WAF-as-a-Service or WAAP solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection — and make sure it is properly configured.

During a ransomware attack, a cloud backup solution can minimize downtime, prevent data loss, and get the systems restored quickly, whether the files are located on physical devices, in virtual environments, or the public cloud.

Finally, organisations must ensure that even if they face a ransomware attack, they must not pay the ransom as this only encourages them to attack more and ask for even bigger ransoms. They need to work with law enforcement agencies to get a resolution.