New Ransomware Attacks Explore Recent Vulnerability in Veeam Software
Recent Veeam Vulnerability Exploited in Ransomware Attacks
One of the significant threats to businesses and organizations in today’s digital realm involves Ransomware attacks.
Recent findings indicate that attackers are exploiting a vulnerability in Veeam Backup & Replication, a well-established data protection and management software, posing a severe challenge for cybersecurity teams on a global scale.
Veeam Exploit Uncovered:
The unpatched and misconfigured Veeam Backup & Replication servers have been targeted by ransomware operators, as reported by Sophos, a global leader in cybersecurity solutions.
The vulnerability identified as CVE-2020-10915, is a critical command injection vulnerability.
This vulnerability allows the execution of arbitrary commands, potentially leading to a full system compromise.
Real-world Exploitation:
Sophos reported that attackers are breaching certifications by exploiting the exposed software’s XML External Entity (XXE) Injection vulnerability along with the command injection flaw.
Later, they deploy the Ragnar Locker ransomware noting that the ransomware was present in systems having Veeam’s product.
Preventing Veeam Ransomware Attacks:
Considering the severity of the vulnerability, it becomes increasingly crucial for businesses and organizations using Veeam’s product to update their systems ASAP.
Patches correcting the CVE-2020-10915 vulnerability were already released in April 2020 with version 9.5.5.
However, systems not updated with these patches are amenable to exploitation.
In addition to patching, it is recommended to review system configurations to prevent unauthorized access.
Conclusion:
In an era of hyper-connected systems, cybersecurity has become a major concern.
As the Veeam vulnerability situation demonstrates, lax security strategies can result in dire consequences.
It’s essential to maintain updated systems and never overlook the importance of regular patches and security configurations.
