A sweeping new cybersecurity report from Barracuda Networks has laid bare a startling reality: firewalls, long considered a cornerstone of digital defense, are now the primary gateway for ransomware attacks. The Barracuda Managed XDR Global Threat Report, drawing from over two trillion IT events collected in 2025, reveals that 90% of ransomware incidents exploited firewall vulnerabilities — either through unpatched software flaws or compromised accounts.
Three Hours From Breach to Chaos
Perhaps the most alarming data point in the report is the speed of modern ransomware attacks. The fastest incident observed — involving the Akira ransomware strain — took just 3 hours from initial breach to full system encryption. This compressed timeline leaves security teams with a razor-thin window to detect, respond, and contain an attack before irreversible damage is done. For organizations with lean IT teams or fragmented security tools, three hours is often not enough.
A Decade-Old Flaw Still Haunting Networks
The report uncovers another uncomfortable truth: the most widely detected vulnerability in 2025 dates back to 2013. CVE-2013-2566 — a flaw in an outdated encryption algorithm — continues to lurk in legacy servers, embedded devices, and aging applications. Meanwhile, one in ten detected vulnerabilities already has a known exploit actively circulating among threat actors, often targeting weaknesses in third-party software and supply chains. Supply chain-related incidents surged to 66% of all cases, up sharply from 45% in 2024.
Lateral Movement: The Point of No Return
Once attackers gain a foothold, the data shows they rarely stop. A staggering 96% of incidents involving lateral movement — in which attackers navigate from one compromised device to another across the network — culminated in a ransomware deployment. Lateral movement, experts warn, is the clearest early warning sign of an attack in progress, and organizations that fail to detect it in time face near-certain catastrophe.
The Human Factor Behind the Gaps
“Attackers only need to find one weakness to succeed,” said Merium Khalid, Director of SOC Offensive Security at Barracuda. That weakness is often invisible in plain sight — a rogue unmanaged device, an employee account left active after departure, or a dormant application never updated. The report calls for integrated, AI-powered security solutions capable of autonomous threat detection, particularly for organizations where a single IT professional serves as the entire security team. In today’s threat landscape, reactive defense is no longer a viable strategy.
