Veeam vulnerability exploited to deploy malware via compromised VPN credentials

Hackers are abusing a vulnerability in a Veeam product to try and deploy ransomware against their targets.

This is according to cybersecurity researchers from Sophos, who detailed their findings on Infosec Exchange late last week. As per the researchers, crooks are using a combination of compromised credentials, and vulnerability abuse, to deploy Fog and Akira ransomware.

First, they would go after VPN gateways with poor passwords and no multi-factor authentication (MFA) set up. Some of these VPNs were even running unsupported software versions, it was said. After that, they would exploit a vulnerability in Veeam Backup & Replication, tracked as CVE-2024-40711, which allows them to create a local account.

Akira and Fog

CVE-2024-40711 is a critical vulnerability that allows unauthenticated remote code execution (RCE) via deserialization of untrusted data. By sending a malicious payload to the app, threat actors can be granted arbitrary code execution abilities, without authentication. It has a severity score of 9.8 (critical). Veeam released a fix for this flaw in the version 12.2 (build 12.2.0.334), which was pushed in September this year. The vulnerability affected previous versions of VBR, particularly version 12.1.2.172 and earlier.

Admins were advised to upgrade to the latest version to mitigate the risk of exploitation.

After creating a local account, the crooks would try to deploy either Fog, or Akira ransomware. In total, Sophos’ researchers observed four attack attempts so far.

“These cases underline the importance of patching known vulnerabilities, updating/replacing out-of-support VPNs, and using multifactor authentication to control remote access. Sophos X-Ops continues to track this threat behavior.”

Despite having only a handful of recorded attack attempts, the news was big enough to warrant an advisory from NHS England. As reported by The Hacker News, the advisory stressed that enterprise backup and disaster recovery applications were “valuable targets” for cybercriminals everywhere.

Via The Hacker News

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/mX3W9KraGSUsScvjwiRudM-1200-80.jpg

Source link

Supply chain vulnerabilities are facilitating a surge in ransomware

Proton Pass launches new family plan

Spotify says it will allow staff to work from home, says employees “aren’t children”

Intel’s Arrow Lake CPUs get a free gaming boost with APO, and 12 new games are supported including Fortnite and CyberPunk 2077

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Veeam vulnerability exploited to deploy malware via compromised VPN credentials

Supply chain vulnerabilities are facilitating a surge in ransomware

Proton Pass launches new family plan

Spotify says it will allow staff to work from home, says employees “aren’t children”

Intel’s Arrow Lake CPUs get a free gaming boost with APO, and 12 new games are supported including Fortnite and CyberPunk 2077

Leave a reply Cancel reply