- Firewalls are a common target for hackers, reports claim
- Barracuda Report Finds 90% of All Ransomware Incidents in 2025 Exploited Firewalls
- Some bugs were more than a decade old, so patch it now
If you can only secure one device on your network today – make sure it’s the firewall, as a new report from Barracuda claims that almost all ransomware incidents start with a compromised firewall instance.
The Barracuda Managed XDR Global Threat Report is based on Barracuda Managed XDR’s 2025 dataset of more than two trillion IT incidents and approximately 600,000 security alerts.
The researchers found that 90% of all ransomware incidents occurring in 2025 exploited firewalls through either a vulnerability or a compromised account. One in 10 vulnerabilities discovered already had a known exploit, they added, meaning that in many cases they targeted “low-hanging fruit”.
Old school mistakes
One of the more painful findings of the report is that the most widespread vulnerability is 13 years old. CVE-2013-2566, a flaw discovered back in 2013, is in an outdated encryption algorithm and is often found in legacy systems (old servers, embedded devices, applications).
Barracuda is not the only company sounding the alarm about breached firewalls, as recent research from Sophos also found that incidents involving network edge devices such as routers, VPNs and firewalls are becoming a growing point of intrusion, accounting for nearly 30% of the initial compromises observed in Sophos’ annual threat report.
At the same time, new findings in the Searchlight Ransomware H2 2025 report said the number of active ransomware groups reached levels never seen before, with the growth rate of victims doubling since 204.
In late 2025, it was reported that SonicWall firewall appliances with SSL-VPN enabled across multiple generations were vulnerable and targeted by the Akira ransomware group.
Confirmed victims are not widely known as company names, but reports and security advisories noted that dozens of organizations were affected, including instances where more than 100 SSL-VPN accounts across ~16 customer environments were compromised and used for follow-up activity.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
