Summary:
Threat groups are exploiting a critical vulnerability (CVE-2024-40711) in Veeam Backup and Replication software for ransomware attacks, according to researchers and federal authorities. This vulnerability, with a CVSS score of 9.8, was disclosed by Veeam in a security bulletin on September 4. It allows unauthenticated attackers to perform remote code execution. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-40711 to its catalog of known exploited vulnerabilities, citing its use in ransomware incidents.

Researchers from Sophos X-Ops have identified at least four ransomware attacks using this exploit, linked to Akira and Fog ransomware variants, where attackers accessed targets through compromised VPN gateways without multifactor authentication.

Analyst Comments:
The security of backup software, like Veeam Backup and Replication, is very important because it helps protect data from being lost during cyberattacks, especially ransomware. If attackers find a weakness in backup systems, they can delete or lock backups, which means companies might have to pay a ransom to get their data back. Backup software stores sensitive information, so if it gets compromised, it can lead to serious data breaches. Many businesses depend on backups to keep running after problems or attacks. If the backup system is not safe, it can result in lost data, long downtimes, and big financial losses. Keeping backup software secure is crucial for trust and smooth operations.

Suggested Corrections:
Despite Veeam releasing a patch on August 28 with version 12.2, some instances remain exposed. The vulnerability affects Veeam Backup and Replication version 12.1.2.172 and earlier. Companies should patch VEEAM. Censys and Rapid7 highlighted the ongoing risk, noting that over 2,700 exposed instances of Veeam servers remain online, primarily in Europe. Veeam has not disclosed how many customers have patched the issue, but the company communicated the fix directly to affected customers. Due to the software’s widespread use in enterprise environments, it remains a prime target for attackers.

Link(s):
https://www.cybersecuritydive.com/news/veeam-critical-cve-exploits-ransomware/730570/