Barracuda Networks warns that exposed remote access, weak credentials and insufficient access controls continue to be one of the main gateways for cyberattacks that occur against companies today. The latest findings from Barracuda Research, collected in the June 2026 SOC Threat Radar report, show how threats such as LemonDuck malware, the GoldBrute botnet or password spraying attacks against VPNs take advantage of these gaps to compromise devices, expand their reach and prepare the ground for more serious incidents. The latest findings from Barracuda Research on the threats facing companies.
Massive attacks with worse consequences
The incidents mitigated last month by Barracuda Managed XDR demonstrate how poor access controls and exposed remote services attract adversaries to launch massive attacks and pave the way for more serious attacks. The conclusions drawn from the report on the cyber attacks that occurred in the last year are clear:
– LemonDuck malware infects terminals for cryptocurrency mining.
– The GoldBrute botnet performs brute force attacks against remote services.
– Password spraying attacks from Iran target VPNs.
It should be noted that LemonDuck is a type of malware that spreads across networks, hijacking systems and end devices to mine cryptocurrencies and facilitate new attacks. It targets vulnerable systems, exposed services and weak credentials, turning infected computers into part of a criminal botnet that is exposed by cyberattacks.
The malware ran hidden scripts using PowerShell to download more malicious code and connected to known command and control servers. Additionally, it configured scheduled tasks or Windows Management Instrumentation (WMI) events (“automated trigger rules”) to re-execute the malware and maintain its long-term persistence.
Obtain unauthorized access
The Barracuda Networks report also notes a 55% increase in password spraying activity from Iran targeting Fortigate VPNs in May compared to the previous month.
The malware executed hidden scripts using PowerShell to download more malicious code
According to the study, unknown attackers targeted several organizations by making repeated login attempts on numerous user accounts, with the goal of identifying valid credentials and gaining unauthorized access to the VPN infrastructure.
According to Barracuda Networks, the attempts were unsuccessful, but they show that remote access infrastructure continues to be a common target of cyber attacks that are carried out.
