Cybercriminals Exploit Firewalls as Ransomware Entry Points in Alarming New Trend
A recent study by Barracuda Networks reveals that cybercriminals are increasingly targeting firewalls traditionally a core defense mechanism to launch ransomware attacks. Rather than bypassing perimeter security, attackers are compromising it directly by exploiting misconfigurations, outdated firmware, or unpatched vulnerabilities.
The Barracuda Managed XDR Global Threat Report highlights the speed and efficiency of these attacks. In cases involving Akira ransomware, threat actors escalated breaches into full-system encryption in as little as three hours, drastically reducing the window for detection and response. Many exploited vulnerabilities are years old, with some dating back to 2013, demonstrating that unpatched legacy systems remain a critical risk.
Firewall exploitation is often just one phase of a multi-stage attack. Cybercriminals frequently combine software flaws with stolen credentials from phishing campaigns, moving laterally across networks, escalating privileges, and disabling security controls before deploying ransomware.
The findings are based on an extensive dataset, including over two trillion IT events from 2025, 600,000 security alerts, and 300,000 secured endpoints, firewalls, and cloud assets. The research underscores how systematic and widespread these attack patterns have become, proving that even foundational security tools can become liabilities if not properly maintained.
Source: https://www.cybersecurity-insiders.com/now-firewalls-being-exploited-to-launch-ransomware-attacks/
Barracuda cybersecurity rating report: https://www.rankiteo.com/company/barracuda-networks
"id": "BAR1775573212",
"linkid": "barracuda-networks",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'attack_vector': ['Exploiting misconfigurations',
'Outdated firmware',
'Unpatched vulnerabilities',
'Stolen credentials from phishing'],
'data_breach': {'data_encryption': 'Full-system encryption'},
'description': 'A recent study by Barracuda Networks reveals that '
'cybercriminals are increasingly targeting firewalls to launch '
'ransomware attacks by exploiting misconfigurations, outdated '
'firmware, or unpatched vulnerabilities. The Barracuda Managed '
'XDR Global Threat Report highlights the speed of these '
'attacks, with threat actors escalating breaches into '
'full-system encryption in as little as three hours. Many '
'exploited vulnerabilities are years old, and attackers often '
'combine software flaws with stolen credentials from phishing '
'campaigns to move laterally across networks and deploy '
'ransomware.',
'impact': {'operational_impact': 'Full-system encryption'},
'initial_access_broker': {'entry_point': 'Firewall exploitation'},
'lessons_learned': 'Even foundational security tools like firewalls can '
'become liabilities if not properly maintained (e.g., '
'unpatched, misconfigured). Systematic and widespread '
'attack patterns require proactive vulnerability '
'management and multi-layered security.',
'post_incident_analysis': {'root_causes': ['Unpatched vulnerabilities',
'Misconfigurations',
'Outdated firmware',
'Stolen credentials']},
'ransomware': {'data_encryption': 'Full-system encryption',
'ransomware_strain': 'Akira'},
'recommendations': ['Regularly patch and update firewall firmware',
'Monitor for misconfigurations in perimeter security',
'Implement multi-factor authentication to mitigate '
'credential theft',
'Enhance lateral movement detection and privilege '
'escalation controls',
'Maintain a robust incident response plan to reduce '
'detection and response windows'],
'references': [{'source': 'Barracuda Managed XDR Global Threat Report'}],
'title': 'Cybercriminals Exploit Firewalls as Ransomware Entry Points',
'type': 'Ransomware',
'vulnerability_exploited': ['Legacy system vulnerabilities (some dating back '
'to 2013)']}