Bad actors are increasingly exploiting gaps in their targets' security postures, like vulnerable software, rogue devices, and misconfigurations, to compromise organizations, according to
Barracuda Networks.
Barracuda's Managed XDR Global Threat Report, released this month, reveals that 90% of ransomware attacks in 2025 exploited firewalls launched through unpatched software or vulnerable accounts. In addition, attackers are also using legitimate IT tools like remote access software and targeting unprotected devices in their operations.
The findings of the report – based on the dataset from Barracuda’s Managed XDR AI-powered security service, including more than 2 trillion IT events collected throughout 2025, more than 600,000 security alerts, and more than 300,000 protected endpoints, servers, and firewalls – illustrated the risk that also comes from outdated encryption and disabled endpoint security.
They also bring into focus the mounting security challenges facing enterprises, SMBs, MSSPs, and other security services providers. These challenges are chiefly stemming from sophisticated and complex AI-fueled cyber threats, according to
Merium Khalid, director of SOC (security operations center) offensive security at Barracuda.
“Cyberattacks are stealthy,” Khalid
wrote in a blog post accompanying the release of the report. “They sneak into networks, looking for gaps, errors, and oversights: a single rogue device, an account that wasn’t disabled when someone left, a dormant application that hasn’t been updated, or an accidentally disabled security feature. They’ll try to trick employees and steal their identities, take advantage of legitimate IT tools, and join privileged access groups. Much of this will look like everyday IT activity.”
'Immense Security Challenges'
This becomes a tricky proposition for defenders.
“For organizations and their security teams, especially if that ‘team’ is a single IT professional, this presents immense security challenges,” she wrote. “With limited resources and visibility and a stack of fragmented security tools, they must safeguard identities, assets, and data from attacks that can unfold in a matter of hours or lurk in the network for months.”
Such threats are outlined in the key findings of the report, such as that nine in 10 ransomware attacks exploited firewalls through a software vulnerability or vulnerable account, allowing threat actors to access and gain control of systems via the network and bypassing protections.
Patching is Needed
Speed is also an issue. An attack using Akira ransomware took three hours from the time of the breach to encryption, giving defenders little time to detect the attack and respond. In addition, “attackers are actively weaponizing software bugs, often in the supply chain, and the importance of identifying and addressing unpatched software cannot be overstated,” Khalid wrote, noting that one in 10 detected vulnerabilities had a known exploit.
That included a detected vulnerability from 2013.
Among other top findings were that 96% of incidents where the attackers moved laterally through the network ended up in ransomware being used, and 66% of incidents involved the supply chain or a third party, a jump from 45% in 2024.
Gaps Need to Be Addressed
“If left unresolved, a single red flag can quickly escalate into a widespread incident that disrupts operations, reduces productivity, compromises sensitive data, and damages financial stability and brand reputation,” the report’s authors wrote. “No organization is immune; attackers target businesses of every size, across all industries and geographies. What makes targets vulnerable can be many things - security gaps, rogue devices, unpatched systems, oversights, misconfigurations - and a lack of time and resources to spot the intrusion, remove the attackers, and lock the door firmly behind them.”
Khalid said that organizations need a unified strategy that integrates advanced and AI-powered detection capabilities that include a fully autonomous SOC as well as user education, automated threat response, and a security culture that breeds resilience. She pointed to “quick wins” outlined in the report that can help security teams, including consistent MFA and access controls, strong patch management and data protection, and ongoing employee cybersecurity awareness training.
She also argued that organizations need to adopt a managed security platform and XDR solution.
Advice for MSSPs
There is a lot for MSSPs and MSPs to take away from the Barracuda report, Khalid told MSSP Alert.
The report “reveals that attackers are overwhelmingly exploiting basic, overlooked vulnerabilities, creating urgent implications for MSSPs and MSPs,” she said. For security services providers, “the takeaway is clear: customers need help identifying, understanding, and closing the overlooked gaps that drive most compromises. Partners should use the report as a framework to assess risk, strengthen visibility across endpoints and identities, address legacy vulnerabilities, and implement rapid detection and response.”
They also need to apply the lessons in the report to their own security environments, given that a compromise of their security could directly expose their clients, Khalid said.