As you can imagine, ransomware has become a big business for cybercriminals. Here are some quick numbers to give you a picture of just how big it has become: In 2016, the rate of ransomware infections increased 500% in 8 months. On average, a ransomware variant will infect between 30,000 - 35,000 devices in a month, with some variants reaching up to 150,000 infections. There were 50 new variants of ransomware developed each month during the first six months of 2016 During that same time period, one unknown ransomware actor (individual or group) made $94 million in profit Cerber ransomware brought in $195,000 in payments in July 2016 Ransomware profits are expected to reach $1 billion in 2017 … [Read More...]
Latest Posts
Reconnaissance and impersonation pay off for cyber criminals
In this Barracuda Research post, we examine a recent attack against an organization that had no spear phishing protection in place. This incident demonstrates the dangers of using unauthenticated email for financial transactions. The PC used by the controller at the company was infected with malware that echoed a copy of every email he received to an email address at a “free email” domain. The thief at this unauthorized email account watched the controller’s emails for a short period of time before acting on them. Soon, there was an email concerning a transaction that was big enough to tempt the thief to strike. … [Read More...]
The 2017 Barracuda Championship starts next week
The 19th annual Barracuda Championship is just around the corner, and we can't wait to enjoy the event with our partners, customers, and friends. This PGA TOUR event takes place July 31 - August 6, and features a full field of players and uses the Modified Stableford scoring format. The event takes place at the Montreux Golf & Country Club in the Reno / Tahoe area, which is the third longest course on the PGA TOUR. This is northern Nevada's only PGA TOUR event. If you were with us last year, you witnessed Greg Chalmers take home his first PGA TOUR win after the longest unlucky streak of all active players. … [Read More...]
Software vulnerabilities: The gifts that keep on giving
The image below shows the number of servers vulnerable to the Heartbleed vulnerability that was reported and fixed in 2014. The bigger problem? All of these are internet connected servers as of July 2017. In October 2016, Andrey Leonov reported a successful breach of Facebook. Using the ImageTragick vulnerability, he was able to perform command injections and retrieve sufficient information to provide Facebook with proof of exploitation. Facebook patched the issue, and rewarded him. ImageTragick was fixed in May 2016, a full 5 months before the exploit. On the 24th of September 2015, researchers published a report that showed that the scans for the Shellshock vulnerability were going up. 24th of September 2015 was the second anniversary of it’s disclosure – along with the … [Read More...]
With Organizations Falling Behind on GDPR Compliance, Security Must be a Priority
On 25 May the one-year countdown clock started ticking to the biggest shake-up of Europe’s data protection laws in a generation: the General Data Protection Regulation (GDPR). Yet despite the best efforts of UK privacy watchdog the Information Commissioner’s Office (ICO), the European Commission and other key stakeholders, it appears as if many organizations are still dragging their heels over compliance. A new Freedom of Information (FOI) request has revealed that a staggering 82% of local councils in the UK have yet to allocate budget to the task. To avoid punitive fines and negative publicity, organizations need to start planning now, and make cybersecurity central to their strategy. Falling behind The FOI findings back up similar research revealed by the ICO back in … [Read More...]
Turns Out Incident Response Is Way More than Half the IT Security Battle
In many case it’s turning out that the only thing uglier than the malware organizations are being plagued with may very well be the way they respond to those attacks. Two separate studies published this week suggest there’s a lot of room for improvement in terms of how organizations go about investigating and responding to a potential security breach. A survey of 130 enterprise IT organizations conducted by Osterman Research on behalf of Cyphort, a provider of a threat detection platform, finds security analysts and incident responders working in companies with 1,000 employees spend a combined average of 92.9 hours a week analyzing and responding to data generated by a security information event platform (SIEM). The Cyport study also finds that in 65 percent of organizations at … [Read More...]
Meet Tim Jefferson, Barracuda’s New VP of Public Cloud
Whether you’re just starting to explore the cloud, are already moving small projects, or you’ve fully embraced the new wave of IT — the cloud is an important endeavor for your business. The cloud adds speed and agility to your business model along with offering significant cost savings; however, there are still a lot of questions about how to migrate existing security controls. Fortunately, this is familiar territory for Barracuda, and one of the reasons we continue to invest in the public cloud — so our customers can migrate the best way possible for their business. A recent example is Barracuda’s Cloud Ready Program, which is designed to help customers accelerate migrations, and it provides an easy path for customers to meet shared security responsibilities in the … [Read More...]
A close call with ransomware
In this video we take an introductory look at the Barracuda approach to ransomware. While most of you are familiar with ransomware already, many of you work with people who don't fully understand the threat. You may be facing management who won't give you the resources you need to protect the company, or colleagues who are simply careless with their computing habits. You've tried to communicate the threat level to them, but they don't fully grasp the risk. This video was created with them in mind. Our senior management team explains: What ransomware is and why it's a threat Why even the smallest business is a ransomware target The best case scenario as a defense against a ransomware attack And AJ Murray, IT Manager for Hayward Tyler, talks about his … [Read More...]
Data Recovery in the Age of Ransomware
Earlier this year, the world recognized World Backup Day (WBD) as a reminder to everyone that data is important and has to be protected. As part of the WBD recognition, Barracuda ran a series of blog posts on the reasons why companies lose data even when they do almost everything right. As a follow up to our WBD activities, Barracuda conducted a survey of general technologists whose responsibilities include data protection and recovery. To be blunt, some of these results are alarming. In this article, we are going to run through the results, explain what they mean, and take a look at how to resolve these issues of concern. Ransomware As you know, ransomware is a global epidemic and is expected to cost over $5 billion in damages in 2017. Ransomware is a dangerous attack because it … [Read More...]
Automation of Barracuda Web Application Firewall with Puppet
Automating Application Security Contents: Introduction Provisioning Barracuda WAF on Microsoft Azure REST API for the Barracuda WAF Application Security Best Practices Guideline Blue-Green Deployment Puppet Application Security Automation Methodology Automation Workflow Puppet Manifest Example Barracuda WAF Configuration Barracuda Vulnerability Remediation Service What Next? Repositories and Version Control Summary … [Read More...]