NHS England Warns of Critical Veeam Vulnerability Under Active Exploitation

Security

NHS England has posted an alert relating to a critical Veeam Backup & Replication vulnerability which is now under active exploitation by ransomware groups.

Successful exploitation of the vulnerability (CVE-2024-40711) could lead to remote code execution (RCE), the alert noted. RCE could allow attackers to run code on a remote device without the need for physical access.

Threat severity has been rated high, with a CVSS score of 9.8.

These groups are reportedly exploiting CVE-2024-40711 as a second stage exploit to create new local administrator accounts to facilitate further objectives on compromised networks.

Reports warn of exploitation attempts since shortly after official disclosure by Veeam.

Sophos X-Ops MDR and Incident Response has tracked a series of attacks in the past month that have leveraged compromised credentials and CVE-2024-40711 to create an account and deploy ransomware. The firm did not note the target of this attack.

In once case, attackers dropped Fog ransomware and another attack saw the attempted deployment of Akira ransomware, according to Sophos.

Veeam first issued a security bulletin relating to this and four high severity vulnerabilities on September 4, 2024.

The NHS notice highlighted that enterprise backup and disaster recovery applications are valuable targets for cyber threat groups.

Vulnerabilities in backup and disaster recovery applications are often exploited in the wild by ransomware groups shortly after official disclosure.

“NHS England National [Cybersecurity Operations Centre] assess exploitation of CVE-2024-40711 as highly likely to continue,” the advisory later said.

The vulnerability affects Veeam Backup & Replication 12.1.2.172. Veeam noted that unsupported product versions are not tested but are likely affected and should be considered vulnerable.

Affected organizations have been advised to review the Veeam Security Bulletin from and update Veeam Backup & Replication to version 12.2 (or above) as a matter of urgency.

Veeam Backup & Replication is a data protection solution that offers backup and recovery for virtual, physical, network attached storage, and cloud-native environments.

Products You May Like

Articles You May Like

Fake Donald Trump Assassination Story Used in Phishing Scam
Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites
10 Most Impactful PAM Use Cases for Enhancing Organizational Security
Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Leave a Reply

Your email address will not be published. Required fields are marked *