A new backdoor malware has targeted Barracuda’s Email Security Gateway (ESG) appliances. Customers who have not yet replaced the unrecoverable appliances will have to hurry.
CISA discovered the backdoor malware “Whirlpool” designed to exploit the vulnerability in Barracuda’s ESG appliances. This is now the third backdoor that allows hackers to attack the devices. “WHIRLPOOL is a backdoor that establishes a Transport Layer Security (TLS) reverse shell to the Command-and-Control (C2) server,” the agency further points out.
The devices are an interesting target for hackers because Barracuda already signed them off as unrecoverable. The affected versions are 5.1.3.001 to 9.2.0.006.
The first discovered vulnerability has been exploited since October 2022 and carries a vulnerability score of 9.8 out of 10. In May, the email security specialists discovered the vulnerability and a patch was released. Despite Barracuda’s in-house expertise, the patch proved insufficient to protect. The malware developed too quickly to keep up with patches.
The problem has since been known for several months, but not all vulnerable ESG devices will have found their way to the dumpster yet. Barracuda does provide a replacement product free of charge to affected customers. However, there are still costs in labor for the replacement, and the right circumstances first have to present themselves to take the device offline.