Thursday, November 14, 2024

HomeCyberSecurityCritical Veeam CVE targeted by new ransomware variant
CyberSecurity

Critical Veeam CVE targeted by new ransomware variant

Matt Kapko
By Matt Kapko
0
2
Critical Veeam CVE targeted by new ransomware variant

Dive Brief:

  • A critical vulnerability in Veeam Backup and Replication is being exploited by a new ransomware variant, Sophos X-Ops said in a Friday blog post.
  • The cybercriminal group operating Frag, the previously undocumented ransomware, used similar tactics, techniques and procedures as those used by Akira and Fog threat groups. Those groups were involved in exploitation of the same vulnerability last month. 
  • “Similar to the previous events, the threat actor used a compromised VPN appliance for access, leveraged the Veeam vulnerability, and created a new account named ‘point,’” Sean Gallagher, principal threat researcher at Sophos X-Ops, said in the blog post. “However in this incident a ‘point2’ account was also created.”

Dive Insight:

Veeam Backup and Replication is used by enterprises to backup, replicate and restore virtual, physical and cloud machines. The use of multiple ransomware variants in attacks linked to CVE-2024-40711 exploits only escalates the risk confronting those customers.

All told, Veeam said it has more than 550,000 customers globally, including 74% of the Global 2000. It’s unclear how many organizations use Veeam Backup and Replication.

“We see this as a tool being used as part of a very specific kit of tactics, techniques and practices that are likely either connected to an access broker selling breached network access to other cybercriminals or a set of independent actors using multiple ransomware as a service platforms,” Gallagher said via email. 

“Either way, it will potentially lead to more ransomware attacks with different malware,” Gallagher said. “The Frag ransomware is an example of this.”

The Cybersecurity and Infrastructure Security Agency added CVE-2024-40711, which has a CVSS score of 9.8, to its known exploited vulnerability catalog on Oct. 17. The deserialization vulnerability allows an unauthenticated attacker to perform remote code execution.

Veeam did not answer questions about Sophos’ research but reiterated advice for customers to upgrade to Veeam Backup and Replication v12.2. Veeam patched the vulnerability in a software update on Aug. 28.

“When a vulnerability is identified and disclosed, attackers will still try to exploit and reverse-engineer the patches to use the vulnerability on an unpatched version of Veeam software in their exploitation attempts,” Heidi Monroe Kroft, senior director of corporate communications and global public relations at Veeam, said via email Monday.


Source link

Bookmark (0)
Please login to bookmarkClose
Previous article
Rat urine smell ‘overpowering’ at ‘squalid’ and ‘decrepit’ prison, watchdog says | Politics News
Next article
US hopes to leverage UN cybercrime treaty toward ransomware fight
Matt Kapko
Matt Kapko
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Load more

Sponsored Business

- Advertisment -spot_img

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

Market World’s portal of services include news, marketing, development and ecommerce. We strive to meet the needs and provide high value for all visitors and customers. We offer digital services for small, mid-sized and large enterprise platforms. We treat our customers as partners and offer the tools and services for growth and success for your journey.

Become a Market World Entrepreneur

FOLLOW US              

© 2022 Market World LLC. All rights reserved