This week the news broke that Mandiant (an incident response firm) attributed the recent cyberattack campaign targeting customers utilizing Barracuda’s Email Security Gateway to hackers affiliated with the Chinese government.
Barracuda had hired Mandiant to investigate the source of the attacks which exploited a critical vulnerability in Barracuda’s email filtering appliances.
Barracuda seems to have done all the right things by swiftly patching the vulnerability and even recommending affected customers replace their Email Security Gateway devices.
We think Barracuda sells great equipment, however when it comes down to protecting yourself against data breach no matter how good your perimeter defences, there is always a risk that a dedicated attacker will find a way through.
For us, this attack reinforces our view that an organization that only invests in encryption is better protected (against data breach) than one that invests in everything else (in terms of cyber security).