Barracuda Networks has outlined the latest threats facing businesses based on insights from its Managed XDR security operations centre (SOC), highlightinga rise in automated attacks, faster ransomware activity and evolving phishing techniques.
Key findings include a spike in brute-force attacks targeting network devices, ransomware that can unfold within minutes of execution, and an increasein ClickFix-style phishing incidents that rely on user interaction.
“Attackers are increasingly relying on scale and speed rather than complexity,” said Mark Lukie, Director of Solutions Architects for APAC, BarracudaNetworks. “We are seeing persistent attempts to access network devices, ransomware that can move in minutes, and techniques that depend on user actions. That makes strong authentication, visibility and rapid response critical for organisations managing modern IT environments.”
Key insights from the report
Analysis of real-world threat detection and response data from January to March 2026 shows how attackers continue to exploit exposed credentials,unmonitored endpoints and gaps in visibility.
- Barracuda Managed XDR recorded a sharp rise in brute-force authentication attempts targeting SonicWall and Fortinet devices. These alerts accounted for more than half,or 56 per cent, of confirmed SOC incidents during February and March.
- Around 88 per cent of brute-force activity originated from the Middle East, with most attempts blocked or directed at invalid usernames. Attackers are systematicallyscanning internet-facing devices for weak or exposed credentials, increasing the risk that a single misconfiguration could lead to compromise.
- The SOC observed ransomware activity linked to the Qilin group progressing within minutes of execution, with rapid file changes and signs of lateral movement.
- A rise in ClickFix-style attacks was also observed, where users are prompted to click links or run commands under the guise of fixing an issue. Because these attacks rely on user action, they can be harder to detect without behavioural monitoringand security awareness controls.
In Australia, where many organisations rely on small IT teams or external providers, these trends add pressure as environments become more complexand more distributed.
“Organisations should prioritise strengthening authentication controls, monitoring for unusual login activity and improving visibility across endpointsand network devices. Rapid containment measures and tested backups are also critical to help limit the impact of ransomware and support recovery when incidents occur,” said Lukie.
Barracuda Managed XDR combines continuous monitoring, threat intelligence and automated response with a 24/7 SOC team to help organisations detectand contain threats across networks, cloud environments and endpoints.
As an example, Barracuda’s SOC teams mitigated a Qilin attack that involved a vulnerable endpoint compromised by attackers. Once the malware executed the attack progressed at speed with large-scale file changes and suspicious execution activity. The team promptly quarantinedthe network to contain the attack and prevent further spread.
The findings form part of Barracuda’s ongoing SOC Threat Radar updates, which provide insight into emerging attacker behaviour and practical guidancefor improving cyber resilience.
