Exploring the Exploitation of Critical Veeam Vulnerability: The Diffusion of Akira and Fog Ransomware Explained
Common Vulnerability Scoring System (CVSS), is a critical privilege escalation vulnerability that allows remote attackers to bypass authentication and execute arbitrary code.
Veeam announced the discovery of this vulnerability on March 22 and issued out a patch.
The Method of Attack
The threat actors start by compromising VPN credentials to gain internal network access and then leverage the CVE-2024-40711 vulnerability to escalate privileges within the network.
The actors create new local accounts in the infected system (sometimes with arbitrary names) which are then used to execute the ransomware.
The Akira and Fog ransomware variants are being increasingly deployed in cyberattacks due to their ability to efficiently encrypt a victim’s data and demand a ransom.
Unpatched Systems at Risk
Veeam warns that all unpatched systems remain at incessant risk of cyberattacks that can result in significant data loss and business disturbance.
In response to the Veeam vulnerability, the cybersecurity community has urged organizations to promptly apply the security updates to mitigate the potential risks
.
Real-World Example
An example of the real-world impact of this vulnerability was seen when a Europe-based manufacturing company fell victim to the Akira ransomware after attackers exploited the CVE-2024-40711 vulnerability in their Veeam backup server.
The attack led to massive data loss and production downtime, significantly affecting the company’s key business operations.
Steps to Prevention & Mitigation
Organizations are advised to take immediate action to mitigate vulnerability exposure.
This includes promptly applying the Veeam patches, always using the latest software versions, and frequently changing and strengthening user credentials.
Furthermore, companies should employ multi-factor authentication (MFA) wherever possible, conduct regular vulnerability assessments, and ensure their incident response plan is updated.
Conclusion
The exploitation of the Veeam vulnerability to spread Akira and Fog ransomware serves as a stark reminder of the evolving nature of cybersecurity threats and the need for continuous vigilance and effective cyber hygiene practices across all sectors.
