Barracuda

Security, Access and Reliability for Cloud-Connected Networks and Applications

Barracuda Email Protection

Comprehensive, elegantly simple protection against email-borne threats to your users, brand, and business.


Between 75% and 90% of targeted cyber-attacks start with an email. Email-borne attacks interrupt business operations, cause financial damage, and compromise business integrity. Barracuda protects you by extending traditional email security with a multi-faceted approach that protects all aspects of your email infrastructure.

Learn more and request a free trial.

The alphabet soup of cloud protection

by

Note:  This is the first in a six-part series on public cloud security.   You can follow the entire series here.

When cloud was in its infancy and customers were beginning to understand the ramifications of the Shared Security Responsibility Model,  firewall security seemed to be the perfect security solution.  Next-generation firewalls and web application firewalls (WAFs) became the primary security mechanisms to protect web-facing applications and infrastructure run in the public cloud.

 

[Read more…] about The alphabet soup of cloud protection

Three reasons why spear phishing is so effective

by

It seems you can hardly go a day without hearing about another data breach, money transfer scam, or some other crime that started out as a spear phishing attack.  Email-borne threats have always been a top priority for IT security, but spear phishing is one of the fastest growing attacks.  This threat evolves and changes, and when done correctly, will blend in with a victim's legitimate communications.  This is because spear phishing has a human touch.  Attackers spend time crafting strategies, researching targets, and refining their methods until they are successful or have made a decision to move on. 

When you really dig into spear phishing attacks, you find there are a few specific reasons why they work so well.  In this blog post, we will take a look at the top three reasons why criminals are so successful with these attacks.

[Read more…] about Three reasons why spear phishing is so effective

A brief introduction to spear phishing

by

Spear phishing is such a common attack that many in IT security think of it as something that is familiar to everyone.  While we may expect all business email users to be aware of what spear phishing is, the reality is that many users have not been trained on it, and some may not even be aware of this threat and how it works.  If you're about to deploy some email security training in the workplace, it may help you to provide some basic instruction on email security threats.  In this post, we will do that with spear phishing.

Spear Phishing: Top Threats and Trends

Download the free report to learn more about different types of phishing attacks

What is spear phishing?

The Barracuda glossary reference defines spear phishing as “a personalized phishing attack that targets a specific organization or individual.” There are multiple types of spear phishing attacks, but there are certain characteristics that define them as spear phishing:

[Read more…] about A brief introduction to spear phishing

Cybersecurity emerges as weakest link in digital supply chain

by

As supply chains increasingly become digitized nation states are targeting the weakest cybersecurity links in these supply chains to steal massive amounts of invaluable intellectual property.

With that issue in mind, The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) have designated April of 2019 to be Supply Chain Integrity Month. The three agencies are partnering to promote awareness of supply chain security by, among other things, making available videos and other materials outlining best practices organizations that do business with the Federal government should be implementing to protect intellectual property.

[Read more…] about Cybersecurity emerges as weakest link in digital supply chain

Small businesses remain a rich target for ransomware criminals

by

Cybercrime continues to evolve and new threats appear on a regular basis, but the most effective attacks never go away.  While spear phishing and data breaches have been getting all the attention lately, the criminals are still using ransomware to make a few bucks.

The story on ransomware


“If you have a Barracuda Backup
in place, ransomware is absolutely
no threat to your environment, ever.”
~Steve Banas, The Port of Los Angeles

Ransomware is a type of malware that infects your system and encrypts your most important data, allowing attackers to ask for a ransom in exchange for a decryption key.  The ransomware is not designed to steal the data, just to block your access so that you have to meet the criminal's demands in order for you to use your data again.  These demands are usually a monetary “ransom” paid to an anonymous recipient via cryptocurrency.  Once this ransom is paid, the decryption key should unlock all of the data that was encrypted by the ransomware. 

Ransomware attacks can be devastating.  This Internet Crime Report reveals that the Internet Crime Complaint Center (IC3) received 1783 ransomware complaints in 2017, with losses of over $2.3 million.  These numbers may be understated since the IC3 complaints have to be identified as ransomware to be included in this statistic.  Furthermore, many businesses do not report ransomware attacks despite the pleas for transparency by law enforcement and security experts.  In fact, 2017 was the year that 70% of ransomware victims just decided it was easier to pay the ransom than restore the files without the decryption keys.  An earlier IBM study found that over half of the businesses they surveyed reported paying over $10,000 and about 20% paid over $40,000

Top Aerospace Firm Sends Ransomware Crooks Packing

Get the details on how HarcoSemco foiled a CryptoLocker attack with the push-button ease of Barracuda Backup

[Read more…] about Small businesses remain a rich target for ransomware criminals

MSP Day 2019 – The Sequel

by

As we approach Easter, it’s easy to see how the IT channel might be looking beyond this landmark in the calendar to the next big date for the diary: May 23rd, and the second annual MSP Day.

At the latest estimate, the global managed services market is expected to grow from $152.45B in 2017 to $257.84B by 2022. This phenomenal growth is driven by a number of factors, including budget constraints for installation and implementation of hardware and software, limited IT resource to manage and support managed services, and business need for greater scalability.

That’s a huge opportunity which has been made possible through increasing collaboration between the creators, distributors and providers of technology to businesses of all sizes in a wide range of industries.

Are you a provider of managed IT services within UK businesses?

Get involved with MSP Day

[Read more…] about MSP Day 2019 – The Sequel

Increased reliance on automation is the only viable path to achieving cybersecurity resiliency

by

Every cybersecurity professional knows there’s no such thing as perfect security. The best that can be achieved is to make the organization resilient enough to not only prevent the most commonly employed cybersecurity attacks, but also contain the damage inflicted by any attack that inevitably gets past whatever cybersecurity defenses in place. Unfortunately, a global survey of 3,600 security and IT professionals conducted by The Ponemon Institute on behalf of IBM finds suggests that when it comes to cybersecurity most organizations are not especially resilient.

New survey: 77 percent of cybersecurity and IT pros say they do not have an incident response plan consistently applied across the enterprise. Only 30 percent have enough staff to achieve best possible security. Click To Tweet

Published this week, the survey finds 77 percent of respondents indicating they do not have a cybersecurity incident response plan consistently applied across the enterprise and that only 30 percent said they have sufficient levels of staffing to achieve a high level of cyber resilience. In fact, the survey notes organizations have on average anywhere between ten to 20 open cybersecurity positions and 75 percent of respondents rate their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high.

[Read more…] about Increased reliance on automation is the only viable path to achieving cybersecurity resiliency

Employee negligence could be your biggest security risk

by

The risk of cyber criminals is no match for the danger of human error.

According to a 2018 State of the Industry Report conducted by document security company ShredIt, employee error accounted for a whopping 71 percent of data breaches reported by the small and medium-sized businesses (SMBs) surveyed.

Unfortunately, employees tend to take cybersecurity requirements too lightly, and their organizations don’t spend enough time educating them on its importance. Untrained employees ultimately become one of the biggest security vulnerabilities to every organization's cyber safety. [Read more…] about Employee negligence could be your biggest security risk

Threat Spotlight: Document-Based Malware

by

Safeguard your business from evolving malware attacks.

Barracuda researchers have uncovered an alarming new rise in the use of document-based malware. A recent email analysis revealed that 48% of all malicious files detected in the last 12 months were some kind of document. More than 300,000 unique malicious documents were identified!

Since the beginning of 2019, however, these types of document-based attacks have been increasing in frequency – dramatically. In the first quarter of the year, 59% of all malicious files detected were documents, compared to 41% the prior year.

Here’s a closer look at document-based malware attacks and solutions to help detect and block them.

A recent email analysis revealed that 48% of all malicious files detected in the last 12 months were some kind of document. Click To Tweet

[Read more…] about Threat Spotlight: Document-Based Malware

Is 2019 the year credential stuffing dominates the threat landscape?

by

Headline writers love data breaches. As explained last month, they pit hackers versus security professionals in a good versus evil stand-off that makes for a great story. But there’s way more to the threat landscape than breaches. Increasingly we’re seeing a whole new category of follow-on attacks using the breached log-in records currently flooding the dark web in their millions.

Credential stuffing leads the pack, and IT leaders should be concerned. It’s estimated to cost US firms alone over $5bn annually and has already affected some big-name brands this year including Nest, Dunkin’ Donuts, Dailymotion and OkCupid.

Credential stuffing attacks rely on password-only authentication and the fact that people share logins across multiple sites and accounts. Click To Tweet

Brutal account takeovers

Credential stuffing is a kind of brute-force attack which uses automated tools to try large volumes of stolen log-in data simultaneously across multiple sites until one works. It relies upon the fact that many organisations still allow customers and employees to use password-only log-ins, and the fact that these users have so many to manage that they resort to sharing credentials across multiple sites and accounts. One company estimates that the average employee today has to manage over 190 passwords.

[Read more…] about Is 2019 the year credential stuffing dominates the threat landscape?