Barracuda Email Gateway Breach: 5 Things To Know
The attacks exploited a ‘critical’ vulnerability in the company’s on-premises Email Security Gateway that has now been patched.
Only On-Prem Customers Affected
Barracuda’s Email Security Gateway is a product used by on-premises customers for filtering of all email traffic, both inbound and outbound. The appliance, which is cloud-connected, is often used to protect Microsoft Exchange environments. In addition to email filtering, the Email Security Gateway provides on-prem customers with data loss prevention, antivirus, encryption and DDoS protection, according to a page of Barracuda’s website.
Barracuda noted that its investigation has been “limited to the ESG product, and not the customer’s specific environment.” As a result, “impacted customers should review their environments and determine any additional actions they want to take,” Barracuda said in its post.
Other Barracuda products were not affected by the zero-day vulnerability, including the company’s SaaS email security services, Barracuda said in its post.
As customers have shifted to the cloud over the years, the company has been increasingly focused on moving customers to its Barracuda Email Protection offering, which secures organizations that use the Microsoft 365 cloud email and productivity suite.