According to Veeam Software, unauthenticated users can gain access to the Veeam network operating in the redundant infrastructure network perimeter and obtain encrypted credentials stored in the configuration database. image.
WHY IT IMPORTANT
Following an increasing number of cyberattacks exploiting the Veeam Backup & Replication software vulnerability, tracked as CVE-2023-27532, the Health Sector Cybersecurity Coordination Center (HC3) recommends that all Healthcare organizations using this software should update their systems and patch vulnerabilities.
“What makes this threat so serious is that in addition to backing up and restoring virtual machines, it is also used to protect and restore individual files and applications for different environments,” the agency said. such as Microsoft Exchange and SharePoint, used in the HPH field”. Note the May 10 analysis.
The software is also capable of providing transaction-level rollback of Oracle and Microsoft SQL databases.
Veeam issued a warning to its customers on March 7, noting that the vulnerable process is Veeam.Backup.Service.exe – TCP 9401 by default – and advised them to update their software. me.
WithSecure Labs has identified FIN7 – a group of financially motivated cybercriminals – in recent attacks on Veeam servers.
“On March 28, 2023, initial activity was observed on internet-connected servers running Veeam Backup & Backup software,” according to its website.
“The SQL server process ‘sqlservr.exe’ associated with the Veeam Backup instance executed a shell command, which performed an in-memory download and executed a PowerShell script.”
WithSecure Labs notes that the threat agent tested for peer-to-peer movement using filtered credentials.
TREND TO BIGGER WOMAN
Whether it’s online phishing, exploiting vulnerabilities to steal credentials, or taking advantage of insider threat schemes, hospitals, health plans, and other healthcare organizations are targets. The top of the bad guys always find a way to penetrate the network easily.
John Hendley, head of strategy at IBM Security X-Force, advises in a 2022 data breach cost report: “Organizations should consider implementing their identity and access management to keep them safe. Mandatory use of multi-factor authentication”.
“This single step also helps limit the possibility of cybercriminals using stolen credentials, which is one of their favorite early compromise methods.”
ON PROFILE
“HC3 recommends that all units in the HPH industry be alert and aware of suspicious activity, keep systems up to date, and immediately patch any vulnerable systems,” the agency said. know in the warning note.
“In addition, organizations are encouraged to take a proactive approach using CISA’s free cybersecurity tools and services to strengthen their cyber position.”
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
