An analysis of more than two trillion IT events collected during 2025 by Barracuda Networks finds 90% of ransomware incidents exploited firewalls via unpatched software or a vulnerable account that enables cybercriminals to gain access to an IT environment.

Merium Khalid, director of offensive security for the security operations center (SOC) at Barracuda Networks, said the analysis makes it clear that adversaries have become adept at exploiting weaknesses in firewalls that many cybersecurity teams are finding challenging to update and maintain.

In fact, the most widely detected vulnerability (CVE-2013-2566) is an outdated encryption algorithm found in legacy systems that was originally discovered in 2013.

The analysis also suggests that adversaries are developing exploits for vulnerabilities found in firewalls faster. One in 10 detected vulnerabilities had a known exploit. A full 96% of incidents involving lateral movement ended with the release of ransomware.

More troubling still, the fastest ransomware case observed involved Akira ransomware, which took just three hours from initial breach to data encryption.

Finally, the report notes 66% of incidents involved the supply chain or some type of third party supplier.

The report makes it clear that many cybersecurity attacks could be easily thwarted if security operations teams paid more attention to fundamentals, said Khalid. There are simply too many firewalls that are running older versions of software that have vulnerabilities that cybercriminals have found ways to exploit, she added.

In some cases, cybersecurity teams are reluctant to update firewalls because the rules that have been embedded in them are often complex, noted Khalid. In other instances, however, it’s simply an oversight, she said.

Regardless of the reason, adversaries only need to find one weakness, such as a misconfiguration, to bypass a firewall, added Khalid. It’s also clear cybercriminals are reusing the same low-level tactics and techniques multiple times over to achieve that goal, she added. Adversaries are counting on the fact that many organizations simply don’t have the appropriate level of hygiene in place to effectively manage their firewalls, noted Khalid.

Hopefully, in the age of artificial intelligence (AI) more organizations will be able to automate the updating of firewalls. However, it’s also likely that adversaries will be able to take advantage of AI to also discover and exploit vulnerabilities faster than ever. As such, it may behoove more organizations to rely on some type of managed security service to ensure that firewalls are always running the latest most stable update available. Many of those services are already making use of autonomous AI agents to ensure the latest updates are installed on security infrastructure, noted Khalid.

Each cybersecurity team should, of course, regularly review their SecOps workflows if for no other reason than to justify the investment made in acquiring security tools and platforms in the first place. After all, no cybersecurity professional wants to find themselves in the unenviable position of having acquired a tool or platform only to see that investment wasted simply because they were never properly maintained.