The government of the Australian Capital Territory is one of the victims of a vulnerability found in Barracuda’s Email Security Gateway (ESG). At a press conference on June 8, ACT government chief digital officer Bettina Konti said there was a likelihood some personal information would be involved, but a damage assessment needed to be completed to make it clear .
Barracuda had first identified the CVE-2023-2838 vulnerability on May 19 by issuing a worldwide patch on May 20 followed by a second patch on May 21. A few days later, on May 30, the vendor revealed that the first identified mining tests took place in October 2022.
Two days before the ACT government revealed it was responding to a security breach, Barracuda issued a warning that affected devices should be replaced immediately. The vulnerability existed in a module that initially examines attachments in incoming emails.
ACT Government response to security breach
Once the vulnerability was discovered by the Territory Government, the ACT Cyber Security Center immediately completed a rebuild of the affected Barracuda system to remove any ongoing vulnerabilities, the ACT Government revealed in a statement.
“The investigation has now identified that a breach has occurred and a damage assessment is underway to fully understand the specific impact on our systems and, in particular, the data that was accessed” .
The Territory Government is confident that the actions taken to date have contained the breach and that there is no ongoing threat, and informed citizens can continue to use the ACT Government’s online systems with confidence.
The ACT Government is working with the Australian Cyber Security Center and Barracuda Networks on the ongoing investigation.
Weekly updates are expected to be shared on a dedicated incident page.
Copyright © 2023 IDG Communications, Inc.
The ACT government has fallen victim of a major security breach involving Barracuda Networks, a leading vendor of internet security solutions. The security vulnerability, exposed by Barracuda’s Environmental, Social, and Governance (ESG) deficiencies, has resulted in an unexpected disruption for the governmental agency.
A potential negative public reaction to the security breach can be expected due to the vast public and private information entrusted to the government’s care. Taking appropriate and preemptive measures is critical for the government to completely secure its IT infrastructure.
The situation has highlighted some of the larger issues with ESG compliance. Organisations of all sizes across multiple industries that use Barracuda for their security solutions are at immediate risk. Active engagement and close attention to ESG standards should be a priority for organisations that process, store, and share sensitive information. The government’s investigation can create a roadmap for organisations to ensure that best practices and security standards are constantly met.
At Ikaroa, a full stack tech company, we understand the importance of preemptive measures when dealing with sensitive data. Our team of experts offers a full suite of services to secure IT systems and meet compliance standards. Our mission is to provide organisations of all sizes with the tools and resources needed to protect information.
We urge organisations to consider the potential risks and take any necessary steps to ensure the safety of their data. Ikaroa stands ready to provide comprehensive solutions to prevent state and private entities from becoming victims of cyber security vulnerabilities.