ESG

ESG

Barracuda, a network and email security company, disclosed today that a recently patched zero-day vulnerability has been used for at least seven months to install specialised malware on customers' Email Security Gateway (ESG) equipment and steal data.

According to the business, a continuing investigation revealed that the issue gave attackers access to a portion of ESG equipment and installed backdoors that gave them ongoing access to the affected systems.

Additionally, Barracuda found proof that the threat actors stole data from the backdoored ESG appliances.

The company fixed the problem by installing a security patch on all ESG appliances and, a day later, by deploying a specialised script, blocking the attackers' access to the compromised devices.

Source: https://www.bleepingcomputer.com/news/security/barracuda-zero-day-abused-since-2022-to-drop-new-malware-steal-data/

TPRM report: https://scoringcyber.rankiteo.com/company/energy-services-group-esg-

"id": "esg2304623",
"linkid": "energy-services-group-esg-",
"type": "Vulnerability",
"date": "05/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Network and Email Security',
                        'name': 'Barracuda',
                        'type': 'Company'}],
 'attack_vector': 'Zero-Day Vulnerability',
 'data_breach': {'data_exfiltration': 'Yes'},
 'date_publicly_disclosed': '2023-10-05',
 'description': 'A recently patched zero-day vulnerability was exploited for '
                'at least seven months to install specialized malware on '
                "customers' Email Security Gateway (ESG) equipment and steal "
                'data.',
 'impact': {'data_compromised': 'Yes', 'systems_affected': 'ESG Equipment'},
 'initial_access_broker': {'backdoors_established': 'Yes',
                           'entry_point': 'Zero-Day Vulnerability',
                           'reconnaissance_period': 'At least seven months'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data Theft',
 'post_incident_analysis': {'corrective_actions': ['Installed security patch',
                                                   'Deployed specialized '
                                                   'script'],
                            'root_causes': ['Zero-Day Vulnerability']},
 'references': [{'source': 'Barracuda Disclosure'}],
 'response': {'containment_measures': ['Installed security patch on all ESG '
                                       'appliances',
                                       'Deployed specialized script to block '
                                       "attackers' access"]},
 'title': 'Barracuda Zero-Day Vulnerability Exploited for Data Theft',
 'type': 'Data Theft',
 'vulnerability_exploited': 'Zero-Day Vulnerability in ESG Equipment'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.