Security Breached: Barracuda Email Gateway Targeted with Stealthy “SUBMARINE” Backdoor:-

Prateek Kumar Gupta
4 min readJul 30, 2023

--

Introduction

Hackers have recently deployed a new backdoor called “SUBMARINE” in Barracuda Email Security Gateway attacks. This backdoor allows hackers to gain access to the targeted system and steal sensitive data. In this blog, we will discuss the details of this attack and how you can protect your system from such attacks.

What is Barracuda Email Security Gateway?

Barracuda Email Security Gateway is an email security solution that provides protection against spam, viruses, and other email-borne threats. It is designed to protect businesses from email-based attacks and is used by many organizations worldwide.

What is SUBMARINE Backdoor?

SUBMARINE is a new backdoor that has been used in Barracuda Email Security Gateway attacks. It is a type of malware that allows hackers to gain access to the targeted system and steal sensitive data. The backdoor is named SUBMARINE because it uses a technique called “domain fronting” to hide its traffic.

How does the attack work?

The attack starts with the hackers sending a phishing email to the target. The email contains a malicious attachment or a link to a website that hosts the malware. Once the user clicks on the attachment or the link, the malware is downloaded onto the system. The malware then communicates with the command and control server to receive instructions on what data to steal.

How to protect your system?

To protect your system from such attacks, you should follow these best practices:

  • Keep your software up to date: Make sure that you have the latest security updates installed on your system. This will help to patch any vulnerabilities that hackers can exploit.
  • Use antivirus software: Install antivirus software on your system and keep it up to date. This will help to detect and remove any malware that may be present on your system.
  • Use email filtering: Use email filtering to block phishing emails and other email-based threats. This will help to prevent users from clicking on malicious links or downloading malicious attachments.
  • Educate your users: Educate your users on how to identify phishing emails and other email-based threats. This will help to prevent them from falling victim to such attacks.

SUBMARINE backdoor is a new type of malware that has been used in Barracuda Email Security Gateway attacks

Python script that simulates a simple email filtering mechanism to detect potential phishing emails based on specific keywords in the email subject and content:

import re

def is_phishing_email(subject, content):
# List of keywords commonly found in phishing emails
phishing_keywords = [
‘SUBMARINE’, ‘backdoor’, ‘hackers’, ‘security breach’, ‘malware’,
‘phishing’, ‘command and control’, ‘sensitive data’, ‘attack’
]

# Check if any of the keywords are present in the subject or content
for keyword in phishing_keywords:
if re.search(r’\b{}\b’.format(keyword), subject, re.IGNORECASE) or \
re.search(r’\b{}\b’.format(keyword), content, re.IGNORECASE):
return True

return False

def simulate_email_filtering():
# Sample email data
email_subject = “Important Security Update — Urgent Action Required”
email_content = “Dear user, we have detected a security breach due to the SUBMARINE backdoor. \
Hackers may gain access to your system. Please take immediate action to secure \
your sensitive data from this attack.”

# Check if the email is flagged as a phishing email
if is_phishing_email(email_subject, email_content):
print(“Phishing Email Detected: ‘{}’”.format(email_subject))
print(“Content: {}”.format(email_content))
print(“Action: Blocked and sent to spam folder.”)
else:
print(“Email passed filtering: ‘{}’”.format(email_subject))
print(“Content: {}”.format(email_content))
print(“Action: Delivered to the recipient’s inbox.”)

if __name__ == “__main__”:
simulate_email_filtering()

Conclusion

The SUBMARINE backdoor is a new type of malware that has been used in Barracuda Email Security Gateway attacks. It allows hackers to gain access to the targeted system and steal sensitive data. To protect your system from such attacks, you should follow the best practices mentioned above. Keeping your software up to date, using antivirus software, using email filtering, and educating your users are some of the best practices that can help to prevent such attacks.

--

--

Prateek Kumar Gupta
Prateek Kumar Gupta

Written by Prateek Kumar Gupta

A proactive B.Tech Information Technology student at the Sharda University. Possess with cybersecurity, IT, leadership and writing skills.