Hackers embarrass Barracuda Networks with web attack

Security vendor Barracuda Networks has confirmed that hackers successfully used a relatively simple technique to access an internal database via its website.

The Malaysian hackers used a SQL injection, in which database querying code is inserted through a web form, on the company’s website, gaining access to employee email addresses and sales contacts.

Barracuda Networks, which sells web and email security products, says the web application firewall it uses to protect its website "was unintentionally placed in passive monitoring mode and was offline through a maintenance window" at the time of the attack.

Earlier this year, Barracuda published a report that found that 74% of organisations have been hacked at least once in the last two years through insecure web applications. It found that while website hacks were the number one concern among the surveyed security professionals, few organisations test their web applications for security vulnerabilities.

"The state of web application security is dismal," the company wrote at the time.

Barracuda Networks is the latest in a string of security companies to have suffered sucessful attacks. Last month, RSA Security admitted its website had been compromised in "an extremely aggressive cyber attack", while more recently a hacker was able to steal web security certificates from certification authority Comodo.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics