Skip to main content

CISA: Akira Ransomware Cybersecurity Advisory

dips
Forum|alt.badge.img+7
  • dips
  • Veeam Legend
  • 808 comments

Hi Everyone, 

CISA recently published a Cybersecurity Advisory for Akira Ransomware:

The Threat Actors are gaining access to vulnerable environments via VPN which do not have multifactor authentication enabled, using known Cisco vulnerabilities, internet facing RDP access, spear phishing and valid credential abuse. 

However, what is most interesting is that they are also going after Veeam Backup Servers and have created their own scripts:


Ensure:

  • MFA is enabled
  • Segment networks
  • Patch often
  • Review and audit user accounts
  • Have offline and offsite backups
Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
Chris.Childerhose
coolsport00
marco_s
7 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • coolsport00
    coolsport00
  • marco_s
    marco_s
  • vAdmin
    vAdmin
  • MarcoLuvisi
    MarcoLuvisi
  • Iams3le
    Iams3le
  • Madi.Cristil
    Madi.Cristil

5 comments

Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8494 comments
  • April 19, 2024

Wow this is great to know.  We have security for our environments but I am also working on domain segregation with a new forest based on best practices for our Veeam.  They will soon have their own domain which will be locked down tight.  Thanks for sharing this one Dipen.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
dips
vAdmin
3 people like this
  • coolsport00
    coolsport00
  • dips
    dips
  • vAdmin
    vAdmin
dips
Forum|alt.badge.img+7
  • dips
  • Author
  • Veeam Legend
  • 808 comments
  • April 19, 2024

Shows how important backups are @Chris.Childerhose 

Seems they are beginning to focus a lot more on backup servers. 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
Chris.Childerhose
1 person likes this
  • Chris.Childerhose
    Chris.Childerhose
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4142 comments
  • April 19, 2024

Thanks for the heads up Dipen! 👍🏻

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
dips
1 person likes this
  • dips
    dips
vAdmin
Forum|alt.badge.img+2
  • vAdmin
  • Influencer
  • 168 comments
  • April 21, 2024

Oh wow, thank you for the sharing @dips ,
Veeam is now targeted since it is the market leader of the backup software.

 

Standing at the peak of the mountain, you become visible to all and the wind blows harder

Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner
Chris.Childerhose
dips
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dips
    dips
dips
Forum|alt.badge.img+7
  • dips
  • Author
  • Veeam Legend
  • 808 comments
  • April 22, 2024
vAdmin wrote:

Oh wow, thank you for the sharing @dips ,
Veeam is now targeted since it is the market leader of the backup software.

 

Standing at the peak of the mountain, you become visible to all and the wind blows harder

I reckon we will see more targeted attacks against Veeam infrastructure in the environment with the way things are going. 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
Chris.Childerhose
1 person likes this
  • Chris.Childerhose
    Chris.Childerhose

Comment


Terms & Conditions