Firewall Flaws Fuel 90% of Ransomware Attacks, New Report Finds

CAMPBELL, Calif. – February 18, 2026 – A startling new report from cybersecurity firm Barracuda Networks reveals a critical vulnerability at the heart of corporate defenses, finding that an overwhelming 90% of ransomware incidents in 2025 exploited firewalls through unpatched software or a compromised account. The findings, detailed in the Barracuda Managed XDR Global Threat Report, paint a grim picture of an evolving threat landscape where attackers are moving faster than ever, with one observed attack progressing from initial breach to full data encryption in just three hours.

The report, which analyzed data from over two trillion IT events and thousands of real-world security incidents, underscores a fundamental and dangerous gap in how organizations protect their networks. Firewalls, long considered the primary gatekeepers of network security, are increasingly becoming the point of entry for sophisticated cybercriminals who leverage known, and often old, vulnerabilities to bypass defenses and unleash devastating attacks.

The Crumbling Digital Fortress

For years, security professionals have relied on firewalls as a foundational layer of defense. However, the Barracuda report suggests this perimeter is far more porous than many believe. Attackers are not just finding new ways in; they are actively and successfully exploiting old, well-documented weaknesses that have gone unaddressed.

One of the most alarming discoveries is the continued prevalence of CVE-2013-2566, a thirteen-year-old vulnerability related to an outdated encryption algorithm. Its widespread detection indicates that countless organizations are still operating legacy systems, old servers, or embedded applications without applying necessary patches or configuration updates. This digital ghost in the machine provides a reliable backdoor for attackers.

The danger is compounded by the fact that cybercriminals are actively weaponizing such flaws. According to the report, one in every ten vulnerabilities detected had a known, publicly available exploit, demonstrating a clear and active effort by threat actors to turn software bugs into breach opportunities. This transforms theoretical risks into imminent threats.

The speed at which these exploits are leveraged is perhaps the most concerning aspect. The report documents the fastest observed ransomware case, involving the Akira ransomware variant, which took a mere three hours to escalate from initial breach to the final encryption stage. Such a compressed timeline leaves security teams with almost no window to detect, analyze, and respond, turning a manageable incident into an irreversible crisis in less time than a typical lunch break.

A Widening Battlefield: The Supply Chain Threat

While internal defenses are proving insufficient, the threat is also expanding outward. The report highlights a dramatic escalation in supply chain attacks, with 66% of all incidents in 2025 involving a third-party vector. This represents a significant jump from 45% in the previous year, signaling a major strategic shift by attackers.

Cybercriminals are increasingly targeting smaller, often less-secure partners—such as software vendors, service providers, and other contractors—as a stepping stone to access their ultimate, larger targets. By compromising a single link in the supply chain, attackers can gain trusted access to dozens or even hundreds of other organizations, bypassing perimeter defenses entirely.

This trend is directly linked to another critical finding: 96% of incidents that involved lateral movement—where attackers move from a compromised endpoint to explore the wider network—culminated in a ransomware deployment. Lateral movement is the moment an attacker breaks cover, and the data shows it is the most significant red flag of an impending ransomware catastrophe. An initial breach through a third-party supplier can quickly become a full-blown internal crisis as attackers map out the network and identify high-value targets for encryption.

Overwhelmed Defenders and the Rise of AI

The report also shines a light on the immense human and resource challenges facing modern security teams. Many organizations, particularly small and medium-sized businesses, are struggling to keep pace with the volume and sophistication of threats.

“Organizations and their security teams — especially if that ‘team’ is a single IT professional — face an immense challenge. With limited resources and fragmented security tools, they must safeguard identities, assets and data from an evolving threat landscape and attacks that can unfold in a matter of hours,” said Merium Khalid, Director, SOC Offensive Security at Barracuda, in the press release. “What makes targets vulnerable is often easy to overlook — a single rogue device, an account that wasn’t disabled when someone left, a dormant application that hasn’t been updated, or a misconfigured security feature. Attackers only need to find one to succeed.”

This human factor—the simple oversights born from being overwhelmed—is precisely what attackers exploit. To counter this, security experts are increasingly advocating for integrated, AI-powered solutions. Advanced platforms like Extended Detection and Response (XDR) can correlate threat signals across endpoints, networks, and the cloud, automating detection and response at a speed that human teams cannot match. By leveraging AI to fight AI, organizations can empower their defenders to focus on strategic priorities rather than being buried under an avalanche of alerts.

Fortifying the Front Lines

In the face of these multi-faceted threats, a return to security fundamentals, augmented by modern technology, is paramount. Experts stress that organizations can no longer afford to neglect basic cyber hygiene. Proactive and aggressive patch management to close vulnerabilities like CVE-2013-2566 is the first and most critical step.

Implementing robust multi-factor authentication (MFA) across all accounts, especially for remote access and VPNs tied to firewalls, can stop credential-based attacks in their tracks. Furthermore, network segmentation is crucial for containment; by dividing the network into isolated zones, companies can prevent attackers from moving laterally and limit the blast radius of a breach.

Ultimately, combating today's rapid-fire ransomware requires a defense-in-depth strategy that combines technology, process, and people. This includes having a well-documented and frequently tested incident response plan, guided by frameworks like those from NIST or MITRE, and leveraging managed security services to provide 24/7 monitoring and expertise. The findings from the Barracuda report serve as a stark reminder that in the current cybersecurity climate, vigilance is not just a best practice; it is a condition for survival.