• EN

CISA: Akira Ransomware Cybersecurity Advisory

dips
Userlevel 7
Badge +7
  • dips
  • Veeam Legend
  • 716 comments

Hi Everyone, 

CISA recently published a Cybersecurity Advisory for Akira Ransomware:

The Threat Actors are gaining access to vulnerable environments via VPN which do not have multifactor authentication enabled, using known Cisco vulnerabilities, internet facing RDP access, spear phishing and valid credential abuse. 

However, what is most interesting is that they are also going after Veeam Backup Servers and have created their own scripts:


Ensure:

  • MFA is enabled
  • Segment networks
  • Patch often
  • Review and audit user accounts
  • Have offline and offsite backups
Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk

5 comments

Chris.Childerhose
Userlevel 7
Badge +20

Wow this is great to know.  We have security for our environments but I am also working on domain segregation with a new forest based on best practices for our Veeam.  They will soon have their own domain which will be locked down tight.  Thanks for sharing this one Dipen.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
dips
Userlevel 7
Badge +7

Shows how important backups are @Chris.Childerhose 

Seems they are beginning to focus a lot more on backup servers. 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk
coolsport00
Userlevel 7
Badge +17

Thanks for the heads up Dipen! 👍🏻

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
vAdmin
Userlevel 7
Badge +2

Oh wow, thank you for the sharing @dips ,
Veeam is now targeted since it is the market leader of the backup software.

 

Standing at the peak of the mountain, you become visible to all and the wind blows harder

Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner
dips
Userlevel 7
Badge +7

Oh wow, thank you for the sharing @dips ,
Veeam is now targeted since it is the market leader of the backup software.

 

Standing at the peak of the mountain, you become visible to all and the wind blows harder

I reckon we will see more targeted attacks against Veeam infrastructure in the environment with the way things are going. 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk

Comment


Terms & Conditions