The Latest Barracuda News
Product and Solution Information, Press Releases, Announcements

The DBIR also reports that security misconfiguration errors have been increasing steadily since 2017 and are up 5 percent over last year. For an example of a security misconfiguration error leading to a massive data breach, check out our blog on the Equifax breach. A web application firewall is engineered to protect applications from external and internal threats. The Open Web Application Security Project (OWASP) maintains the OWASP Top 10, which identifies the ten most critical web application threats. The list is created from input by security researches and is updated every few years.

Request smuggling attacks exploit the server’s inability to safely handle anomalies in various aspects of an HTTP request. Examples of an HTTP request smuggle range from deviating from the standard usage of CR (Carriage Return) and LF (Line Feed) characters in a request or using standard headers like Content-Length and Transfer-Encoding headers maliciously. This underlying vulnerability can also be exploited for XSS (cross-site scripting) attacks, unauthenticated access to privileged information, and cache poisoning.

The normal amount of fatigue understaffed cybersecurity teams experience is increasing significantly as the number of alerts cascading through multiple security platforms continues to increase in the wake of the COVID-19 pandemic.

Username and password combinations remain the primary means of authentication for home and business accounts. Far too many people use the same password for multiple accounts and/or use personal accounts for business email. There are also those users out there who choose simple and common passwords, such as ‘qwerty123’ or ‘passw0rd.’ This means there are a lot of accounts that could be compromised easily by brute force or dictionary attacks.

In its independent analysis of web application firewall vendors – a detailed look at products and services – Gartner said, “The web application firewall market’s growth continues to be driven by cloud-delivered web application and API protection services. Security and risk management leaders must assess how WAFs can provide improved, easy-to-consume and easy-to-manage security that respects data privacy demands.”

Disrupted operations: It’s been three years since WannaCry spread across the globe in a massive attack that took down roughly 200,000 devices in a couple of days. Roughly one-third of the NHS Trusts in the United Kingdom were affected, delaying healthcare to 19,000 patients. Microsoft released the MS17-010 patch to mitigate this ransomware, but as of 2019, WannaCry was still attacking about 3,500 systems per hour.

Unfortunately, it looks like cybercrime will be another area of increased risk and stress. U.S. schools were an attractive target for ransomware in 2019, and they’ve become more popular this year as the pandemic caused a massive disruption in how education is delivered to students. Barracuda research shows that attacks on schools and universities made up 15% of attacks in 2020, compared to 6% in 2019.

A survey of 1,200 business leaders conducted by The Travelers Companies finds that nearly a quarter (22%) report their organizations were victimized by some type of cyber event, the highest percentage since the insurance industry conglomerate began fielding this survey in 2014. However, the percentage of executive taking steps to mitigate those risks has actually declined.

Separate surveys of 141 individuals who manage, contribute to, or influence security awareness training programs, and of more than 1,000 employees in the U.S., both conducted by Osterman Research, illustrate the depth of the challenge organizations face.

Kaleb Mercer is Director of IT at Rödl & Partner USA, an integrated professional services firm of Rödl & Partner, with offices spread throughout the United States and servicing clients across the globe. Mercer and his team oversee a global network that needs to support both accountants that travel internationally and an increase in remote work during the pandemic.