Yet firm refuses to say the word DDoS. What are they hiding?
Outage-hit security firm Barracuda appears to have been struck down by a DDoS – though the firm says it’s still investigating and refuses to confirm or deny it.
This morning the company’s status page said in an update posted at 0044 GMT: “Barracuda Networks is still continuing to see a large number of inbound connections from unverified sources for customers using Essentials for Email Security and Cloud Protection Layer. We have successfully filtered and are actively monitoring the situation while taking the appropriate actions when needed.”
On Wednesday Barracuda’s email scanning services went down worldwide, with many customers confused as to what had happened and why.
El Reg asked the company what was going on and received a brusque brush-off which initially “could not confirm” that Barracuda had fallen victim to a DDoS, before an invitation to expand on that prompted this informative missive from the company’s mouthpiece:
We are not denying or agreeing. We are still investigating the actual cause so until we have confirmation I cannot say either way.
There was no acknowledgement of, or response to, The Register‘s questions about traffic sanitisation or screening measures which could have helped mitigate the attack, though a statement on the status page posted at 2239 GMT yesterday read: “We have made significant progress sanitizing these connections.”
Customers of Barracuda on Twitter were tweeting at the firm asking for updates, which during UK office hours were not forthcoming.
Have you or your customers been hit by the Barracuda ballsup? Leave us a comment or contact us in confidence through firstname.lastname@example.org and we’ll contact you by the method of your choice. ®
No, carrier pigeons are not an acceptable method of choice.
Sponsored: Customer Identity and Access Management