Cybercriminals are constantly evolving their tactics, always searching for new pathways to infiltrate networks and deploy malicious payloads. In a troubling new development, a recent study by Barracuda Networks reveals that attackers are now actively exploiting firewalls themselves to launch ransomware attacks—turning a traditional line of defense into a point of entry.
Firewalls are designed to act as protective barriers between trusted internal networks and untrusted external traffic. However, when misconfigured, outdated, or left unpatched, they can become high-value targets. According to the findings highlighted in the Barracuda Managed XDR Global Threat Report, threat actors are increasingly targeting firewall vulnerabilities as an initial access vector. Instead of bypassing perimeter security, they are directly compromising it.
One of the most alarming discoveries is the speed at which these attacks unfold. In incidents involving Akira Ransomware, attackers were observed taking an average of just three hours to escalate a breach into full-scale encryption of systems. This rapid progression significantly reduces the window for detection and response, leaving organizations little time to contain the damage.
Even more concerning is that many of the exploited vulnerabilities are not new. Some date back as far as 2013, indicating that unpatched legacy systems continue to pose substantial risk. In many cases, organizations either delay updates due to operational concerns or lack visibility into exposed assets. Attackers are capitalizing on these oversights, scanning for known weaknesses and exploiting them with precision.
The report also emphasizes that firewall exploitation is often just one component of a broader attack chain. Cybercriminals frequently combine software flaw exploitation with compromised credentials obtained through phishing campaigns. Once inside, they move laterally across networks, escalate privileges, and disable security controls before deploying ransomware payloads.
The scale of the research adds weight to these findings. The study analyzed data from more than two trillion IT events collected in 2025, including over 600,000 security alerts across 300,000 secured endpoints, firewalls, servers, cloud assets, and workstations. This vast dataset underscores how widespread and systematic these attack patterns have become.
Ultimately, the report serves as a stark reminder that perimeter defenses are not immune to compromise. Organizations must prioritize timely patch management, continuous monitoring, multi-factor authentication, and proactive threat detection. In today’s threat landscape, even the tools designed to protect infrastructure can become liabilities if not properly maintained.
Join our LinkedIn group Information Security Community!
