Cyber Security Threat Summary:
Federal authorities have issued a warning about an increase in cyberattacks targeting Veeam's backup application in the healthcare sector. The attacks exploit a high-severity vulnerability (CVE-2023-27532) in Veeam Backup & Replication, potentially leading to unauthorized access, data theft, or ransomware deployment. The vulnerability affects all versions of the software and poses a significant threat to healthcare environments that rely on Veeam for protecting and restoring files and applications. The attacks have been linked to the cybercrime group FIN7, known for affiliations with ransomware groups. Veeam has released a patch for the vulnerability, urging customers to update their software promptly.

CVE-2023-27532 - “Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts, Base Score: 7.5 HIGH.”

https://nvd.nist.gov/vuln/detail/cve-2023-27532

Security Officer Comments:
Security researchers highlight the seriousness of the vulnerability, noting that it allows for remote code execution and leakage of plaintext credentials with local system privileges. They argue that the CVSS score of 7.5 underestimates the impact and suggest a more appropriate score of 9.1. The flaw has been leveraged in ransomware attacks and data exfiltration campaigns in the past.

Suggested Correction(s):
Veeam recommends that customers install the latest versions of their software and promptly apply the provided patch. Additionally, organizations should follow Veeam's recommended mitigations, which may include blocking external connections to port TCP 9401 in the backup server firewall as a temporary measure.

Source: https://www.bankinfosecurity.com/feds-warn-rise-in-attacks-involving-veeam-software-flaw-a-22050
https://nvd.nist.gov/vuln/detail/cve-2023-27532