Barracuda

Avoid falling victim to tragedy-related scams

May 22, 2018 by Christine Barry

The United States Computer Emergency Readiness Team (US-CERT) has issued an alert advising users to be aware of possible malicious activity that seeks to capitalize on recent tragedies such as the Texas school shooting. Criminals often use events like this to play on public sympathies and solicit donations to fraudulent “charitable” organizations. Regardless of the direct financial outcome, these scams can result in the criminals capturing contact information, login credentials, and a malware infection on the PC or mobile phone.

We have observed dozens of attacks pop-up around tragedies and other sad events. Earthquakes, tsunamis, the Boston Marathon bombing, and even the death of Robin Williams have all been used by cybercriminals. And they don't limit themselves to tragedies: major political news, holidays, and economic concerns are all on the table. It's a sick reality that these criminals will use everything they can and do anything they like to make you a victim.

Christine Barry

Christine Barry is chief blogger and social content manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master in Business Administration. She is a graduate of the University of Michigan.

Connect with Christine on Twitter or LinkedIn.

https://blog.barracuda.com

Costs Resulting from Attacks on DNS Spike Around the Globe

May 18, 2018 by Mike Vizard

The Domain Name System (DNS) that translates all those names of Web sites into a numerical IP address works so well that most people either don’t realize it exists or have simply forgotten about it. But a new 2018 Global DNS Threat Report from EfficientIP, a provider of DNS security services, makes it clear DNS servers are now a primary attack vector of cybercriminals.

The report finds more than three-quarters (77%) of the organizations surveyed were subject to a DNS attack in 2018. The global average cost per DNS attack increased by 57% year-on-year, standing at $715,000. On average, organizations in the U.S. citied costs of $654,000 per attack, an 82 percent rise. Organizations in France experienced that highest costs at $974,000. But as far as Europe is concerned, organizations in the United Kingdom saw the highest year-on-year increase in cost per DNS attack at 105 percent. In Asia-Pacific, Singapore had the highest cost at $710,000 per attack as well as the highest cost increase at 85 percent.

Mike Vizard

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.

Connect with Mike on LinkedIn, Twitter, and Google+.

https://www.linkedin.com/in/michaelvizard

Barracuda Web Application Firewall is now available as-a-Service

May 16, 2018 by Christine Barry

We are excited to announce that Barracuda WAF-as-a-Service has joined our award-winning Barracuda Web Application Firewall (WAF) lineup. Customers can now deploy web application security as a cloud-delivered solution, in addition to our physical, virtual, and CloudGen editions. You can see the press release here, and watch the video here.

According to the 2018 Verizon Data Breach Investigations Report (DBIR), there were over 53,000 incidents and 2216 confirmed data breaches in 2017. Of these, 50% involved organized criminal groups and 12% identified as nation-state or state-affiliated. The complete demographics are on page 5 of the DBIR.

Christine Barry

Connect with Christine on Twitter or LinkedIn.

https://blog.barracuda.com

A world of possibilities as-a-Service

May 14, 2018 by Christine Barry

The concept of consuming software and other resources “as-a-service” has been around for decades. Some folks think of the old mainframe and dumb terminal “time sharing” systems as Software-as-a-Service (SaaS). Others consider SaaS to have been born of Local Area Networks and server-based applications with centralized file storage. Most computer users probably think of SaaS as a subscription to an online service, like Office 365 or Salesforce.

A world of possibilities

Whether these examples fit the definition of SaaS, they certainly fit the promise: higher cost resources made more accessible through affordability and ease-of-use. Thanks to the ‘as-a-service' model, mid-market has been able to leverage cloud computing, SD-WAN, and software packages that would normally be out of reach for anyone without an enterprise budget. According to research from Gartner, Techaisle, and Google and Accel Partners, the global market for mid-market SaaS is expected to outgrow that of enterprise SaaS by the end of 2020.

Christine Barry

Connect with Christine on Twitter or LinkedIn.

https://blog.barracuda.com

Vulnerability Debate Remains Heated

May 11, 2018 by Mike Vizard

Nothing tends to get cybersecurity professionals more animated than the topic of vulnerability disclosures. At one end of the spectrum are cybersecurity professionals who feel these disclosures to more to help the enemy than the good. At the other end of the spectrum, there are plenty of cybersecurity professionals that feel most of these vulnerabilities are already known by someone quietly exploiting them for their own purposes. It’s in the best interest of the IT community for everyone to know what those vulnerabilities are as soon as possible.

At the recent RSA conference Tripwire, a provider of IT security and compliance software, explored this topic. A survey of 147 RSA attendees finds 32 percent of respondents say vendors should be given 60 days to fix a vulnerability before it gets disclosed. Another 15 percent said they should be given 90 days, while six percent said 120 days. But a quarter (25%) said vulnerability disclosures should not have to wait at all, while 20 percent said they should never be disclosed without a fix in place.

Mike Vizard

Connect with Mike on LinkedIn, Twitter, and Google+.

https://www.linkedin.com/in/michaelvizard

Firewalls and the Cloud – Q & A with Tim Jefferson, VP Public Cloud

May 8, 2018 by Jesse Kimbrel

A few weeks back we released the report, Firewalls and the Cloud — a report that details many of the feelings that IT security pros have about deploying security tools in cloud environments. Cloud security is always top of mind at Barracuda, so we thought it would be great to catch up with our VP of Public Cloud, Tim Jefferson for his take on some of the topics covered in the report. Here’s what he had to say:

After taking a deep look at the findings, what stands out to you?

Customers are acknowledging that they’re experiencing friction when they go to deploy their data center network security tools in the cloud. Typically, data center architectures facilitate their policy enforcement capability, but in public cloud a lot of the policy enforcement comes from the native services offered from the provider. For example, segmentation policies are created and managed by the native fabric services via route tables, subnetting and Security Groups, so the security tools being deployed in the cloud have to work in conjunction with these services to ensure compliance.

Jesse Kimbrel

Join us at Microsoft Build 2018

May 5, 2018 by Rich Turner

Barracuda will be presenting at Microsoft Build – their ultimate developer conference focused on cloud, artificial intelligence, mixed reality, and more. This year’s Build is May 7-9 in Seattle, and it an opportunity for the development community to learn about Microsoft’s latest solutions and initiatives as well as hear best practices from their peers.

Itay Bleier from Barracuda’s Sentinel group will be presenting at a partner showcase meant to demonstrate our partnership with Microsoft and how we leveraged the GraphAPI to build Sentinel. Sentinel is Barracuda’s ground-breaking solution to proactively combat spearphishing attacks. If you’re attending build, don’t miss Itay’s session!

Rich Turner

Rich is the Product Marketing Manager, Information Management. He's been with Barracuda since the acquisition of C2C Systems in 2014. Rich specializes in cloud-deployed solutions, information management, and archiving systems. His experience includes extensive work on OEM opportunities and the legal community.

If you'd like to get in touch with Rich, you can connect with him on LinkedIn and follow him on Twitter.

You can email Rich at rturner@barracuda.com.

Gap Between Cybersecurity Breach Detection and Prevention Widens

May 4, 2018 by Mike Vizard

When it comes to ransomware and so-called Vault 7 cyberattacks based on malware misappropriated from the Central Intelligence Agency (CIA) in the U.S. there appears to be a massive gap between being able to detect these types of attacks and being able to do something about them.

A recent survey of 202 senior-level IT and IT security professionals in the U.S and the United Kingdom (UK) conducted by the Ponemon Institute finds that 67 percent of respondents believe they would be able to detect a Petya ransomware attack, while 72 percent stated they would be able to detect a WannaCry attack. The number of respondents that could detect a Vault 7 attack ranged from 38 percent for Weeping Angel to 55 percent for Year Zero attacks.

Mike Vizard

Connect with Mike on LinkedIn, Twitter, and Google+.

https://www.linkedin.com/in/michaelvizard

Time to Lock Down Supply Chain Risk to Drive Growth and Support Compliance

May 3, 2018 by Phil Muncaster

Cyber-threats are a given today across geographical boundaries, industries and for organisations of all sizes. But one sector perhaps more exposed than most is manufacturing. The latest research from industry body EEF this week revealed that a quarter of firms have suffered losses stemming from online attacks. In many ways the problems highlighted by the study extend beyond the sector and across Europe. The truth is that cyber-risk, especially linked to the supply chain, is holding back digital transformation for countless organisations.

With many European and global organisations preparing for a new regulatory landscape, they must improve their vetting of partners and suppliers, ensuring baseline cloud and email security standards pass the new guidelines.

Phil Muncaster

Phil Muncaster is a technology writer and editor with over 12 years’ experience working on some of the biggest technology titles around, including Computing, The Register, V3 and MIT Technology Review. He spent over two years in Hong Kong immersed in the Asian tech scene and is now back in London where information security has become a major focus for his work.

Follow Phil on Twitter and connect with him on LinkedIn.

http://www.barracuda.com

Threat Spotlight: Cybercriminals Working Hard to Take Over Email Accounts

May 3, 2018 by Asaf Cidon

The chances are, you’d be more inclined to open and act on an email from a colleague, friend or someone you know as opposed to someone you don’t. Cybercriminals know this, which is why they are sending attacks to your friends and colleagues—from your email account.

In our latest Threat Spotlight, we’re taking a look at a couple of real account takeover attacks that have been dissected by the Barracuda Sentinel team. Here’s what we found:

Highlighted Threat:
Cybercriminals take over user accounts and send fake emails to the users’ colleagues and contacts. The emails sent contain fake links, including a fake OneDrive share link that is used to steal credentials and take over more accounts.

The Details:
In this first example, criminals took over an account of a finance employee. The employee most likely followed a phishing link from the attackers, which prompted them to enter their credentials into a fake Outlook sign-in page. Once they did that, the criminals had their credentials, and could use them to access the email account. The criminals then sent out emails to over a dozen members of the finance team from the compromised account. The goal of the compromised emails was to steal additional credentials. Here’s the message that was sent:

The message itself seems innocuous—a quick note that notifies the recipients that an invoice has been paid. However, if the other employees click on the link, they’ll be taken to a fake Office 365 sign-in page where they’ll be asked to enter their credentials. If they move forward and submit their credentials, their accounts will be taken over by the criminals as well.

On their own, stolen credentials of a reputable organization are worth a handsome sum in the dark web. They can be sold to launch additional phishing campaigns, which will have a high chance of success since it would be coming from a high-reputation domain.

In addition, these stolen credentials can be used to conduct spear phishing, or CEO fraud attacks. In these attacks, the hackers send an email from the compromised account with the goal of tricking the recipient (who is usually in the finance department) to send a wire transfer to a bank account owned by the attacker.

There are many variants of emails cybercriminals use to steal credentials. For example, we’ve also seen attempts where a phishing email will be sent out to users that includes a OneDrive share link in the body—like in the example below.

Similar to what we saw in the first example, a user’s email account was also taken over; however, this time the criminals took a different approach with the included link. They included a OneDrive share link that when clicked, will lead to a fake sign-in page used to steal credentials.

In this particular attack, the criminals logged in multiple times to the user’s account, gathered targets from the user’s address book, and sent out hundreds of emails to both employees and external contacts.

As you can see, once criminals steal user credentials, these attacks can snowball quickly. And what’s really scary, is that standard email security solutions won’t detect these types of attacks because they originate from internal emails.

To recap, the techniques used in these attacks are:

Impersonation: Criminals impersonate colleagues or contacts to get users to act on their requests.

Phishing: Emails are sent out to users to initiate the attack to steal their credentials.

So, how can users stay out of harm’s way?

Take Action:

Real-Time Spear Phishing and Cyber Fraud Defense — Barracuda Sentinel is the only solution in the market that can automatically prevent email account takeover. It utilizes AI to learn an organization’s communications history and prevent future spear phishing attacks. It combines three powerful layers: an artificial intelligence engine that stops spear phishing attacks in real time, including emails that originate from within the company; domain fraud visibility using DMARC authentication to guard against domain spoofing and brand hijacking; and fraud simulation training for high-risk individuals.

User Training and Awareness — Employees should be regularly trained and tested to increase their security awareness of various targeted attacks. Simulated attack training is by far the most effective form of training. A solution like Barracuda PhishLine provides comprehensive, SCORM-compliant user training and testing as well as phishing simulation for emails, voicemail, and SMS along with other helpful tools to train users to identify cyberattacks.

Asaf Cidon

Asaf Cidon is vice president of content security services at Barracuda Networks. In this role, he is one of the leaders for Barracuda Sentinel, the company's AI solution for real-time spear phishing and cyber fraud defense. Barracuda Sentinel utilizes artificial intelligence to learn the unique communications patterns inside customer organizations to identify anomalies and guard against these personalized attacks. Asaf was previously CEO and co-founder of Sookasa, a cloud storage security startup that was acquired by Barracuda. Prior to that, he completed his PhD at Stanford, where his research focused on cloud storage reliability and performance. He also worked at Google’s web search engineering team. Asaf holds a PhD and MS in Electrical Engineering from Stanford, and BSc in Computer Engineering from the Technion.

Connect with Asaf on LinkedIn.

http://www.barracuda.com

Main navigation

Barracuda