• Thu. Oct 12th, 2023

FBI Issued a Warning About an Increase in Attacks Exploiting a Flaw in Veeam Software

Avatar photo

ByEsme Greene

Jul 17, 2023
FBI Warns of Veeam Software Flaw Exploitation
Esme Greene
Latest posts by Esme Greene (see all)

The flaw reveals decrypted credentials, potentially allowing unwanted access to backup infrastructure sites. The Health Sector Cybersecurity Coordination Center of the Department of Health and Human Services issued the alert.

Exploiting a flaw in Veeam Backup & Replication technology may lead to illicit access to archived network servers, which might result in data theft or ransomware deployment. It affects every version of the program and may perform transaction-level restorations of Oracle and Microsoft SQL databases. 

According to the HHS HC3, the software is important in healthcare since it is used to secure and restore individual files and programs for systems such as Microsoft Exchange and SharePoint.

Notes on Vulnerability

Scientists identified criminal gang FIN7 assaults on internet-facing servers using Veeam Backup & Replication software in March. The gang is linked to ransomware groups such as BlackBasta

Veeam published workaround guidelines and eventually a fix for the vulnerability, which allows malicious actors to run malware with the greatest privileges virtually.  Around 7,500 internet-exposed VBR hosts were discovered to be vulnerable. Veeam advises users to utilize the most recent software versions and to fix vulnerabilities as soon as possible.

Serious Issues

Security firm Rapid7 also reported an uptick in occurrences employing the Veeam backup and replication solution, albeit not primarily in the healthcare industry. The root cause of the CVE-2023-27352 vulnerability, according to Caitlin Condon, a senior manager of security research at Rapid7, is an absence of identification on the distant Windows Communication Foundation. 

The Foundation enables criminals to distribute plaintext credentials and execute code online with local system privileges on the Veeam Backup & Replication server. Condon claims that the CVSS score of 7.5 severely underestimates the severity of the bug and that a more accurate value of 9.1 would classify the vulnerability as serious. 

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.