Most computers have some kind of threat detection program or toolkit installed to provide data and Internet security protections, but what happens when the software or manufacturer or this software comes under attack? This is more of a threat now than it has been in past years, and a recent attack seems to have been perpetrated on Barracuda Networks. TechWeek Europe reports that backdoors have been found in the company’s flagship toolkit, which may allow hackers privileged access into customers’ networks.
Stefan Viehböck of SEC Consult Vulnerability Lab found the backdoors in nearly all of the company’s security appliances, according to the website, which he said was reported to the company back in November. There was preconfiguration to accept secure shell connections from predefined user accounts with a list of IP ranges, he said.
“There were two security problems with this,” TechWeek Europe said. “First, the passwords needed to access those user accounts were not difficult to find or crack, Viehböck said. He claimed to have cracked a number of passwords relating to backdoor accounts called ‘product,’ ‘support,’ ‘ca’ and ‘websupport.’ For the ‘product’ account, he was able to get a shell to run on the appliance and could access the MySQL database to add new users with administrative privileges to the appliance configuration.”
Barracuda is no longer the only company sitting on a public IP range, as there are unaffiliated entities, all of which can access these SSH on the affected networks. Anyone in these ranges could have been spying on Barracuda users, a gigantic oversight by a company that builds its name of robust data security. Products that have been affected by this, according to the website, include Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer and Barracuda SSL VPN.
An advisory by Barracuda said this threat was only of “medium” security risk, adding that there was an attacker with a specific internal knowledge of the company’s appliances that could be able to log into non-privileged accounts on a small set of IP addresses. There was a patch issued, but Viehböck said there are still considerable risks to users.
Barracuda Networks’ vice president for product management Steve Pao sent a statement to TechWeek Europe said the discovery was related to a limited number of IP addresses used to initiate remote support from the company.
“We have released a security definition to existing Barracuda Networks appliances that minimizes potential attack vectors,” he told the website. “Individual customers should contact Barracuda Networks Technical Support if they need more information. As we do with all issues reported through our ‘Bug Bounty’ program, we have acknowledged the SEC Consulting’s reporting of the issues in both the release notes with our security definition and on the Tech Alerts section of our website.”
A menacing threat vector
More hackers and cybercriminals have been trying to infect security companies over the past couple of years, causing a problem for everyone looking to protect data security. In 2011, EMC’s RSA security group had SecurID authentication technology codes stolen, according to Computerworld. This puts many enterprises in a situation where they have to wonder how much they can trust data security software and perhaps implement their own set of rules and guidelines to protect data.
CSO Online said the impact of the attack on RSA is still being debated, as as many as 40 million employee records were stolen. John Linkous, vice president, chief security and compliance officer of eIQnetworks, told the website that the breach of RSA was massive in terms of creating fear that companies may have for enterprise authentication and security. He said even good security companies are not infallible when it comes to being hacked, adding that humans are still a weak link in every company. Beyond adopting a security program, companies must be sure to have their own set of security in an effort to stay safe online.
Data Security News from SimplySecurity.com by Trend Micro.