Threat actors are increasingly targeting Veeam Backup & Replication in cyber attacks. Veeam Software’s Veeam Backup & Replication (VBR) software is an industry-leading backup, recovery and data security solution used to back up, duplicate, and restore data.
This week, Federal authorities warned the healthcare industry of a probable rise in data breaches due to a vulnerability in a backup app developed by Veeam. The vulnerability being exploited seems to be the high-severity flaw exposed in March this year.
Earlier this year, Veeam notified its consumers of the vulnerability. “Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.”
The vulnerability exposes encrypted credentials stored in Veeam Backup & Replication. Its exploitation could lead to unauthorized access to backup infrastructure hosts, says the Health Sector Cybersecurity Coordination Center in an alert this Wednesday.
“What makes this threat significant is that in addition to backing up and recovering virtual machines, VBR is used to protect and restore individual files and applications for environments such as Microsoft Exchange and SharePoint, which are used in the healthcare and public health sector,” HHS HC3 writes.
What You Should Do
HC3 recommends that all users adhere to Veeam’s guidance regarding Veeam Backup & Replication, which are the following:
- If using an earlier Veeam Backup & Replication version, please upgrade to a supported version first, which can be found here.
- If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.
- The patch must be installed on the Veeam Backup & Replication server. All new deployments of Veeam Backup & Replication versions 12 and 11a installed using the ISO images dated February 23, 2023 (V12) and February 27, 2023 (V11a) or later are not vulnerable.