VBR: ngCERT warns of critical ransomware attacks targeting Nigeria

Nigerians have been alerted of a flaw in Veeam Backup & Replication (VBR) software being exploited in ransomware attacks targeting users in the country, according to the Nigerian Computer Emergency Response Team (ngCERT).

Nigerians have been alerted of a flaw in the Veeam Backup & Replication (VBR) software being exploited in ransomware attacks targeting users in the country, according to the Nigerian Computer Emergency Response Team (ngCERT).

The Nigerian cyberpolice, ngCERT, says in the urgent advisory regarding a critical vulnerability the CVE-2023-27532 vulnerability affects VBR versions 12 and below, allowing threat actors to obtain sensitive credentials stored in the software’s configuration database.

This flaw enables attackers to elevate privileges and execute arbitrary code, leading to severe consequences such as system compromise, data breaches, and ransomware attacks, ngCERT warns.

ngCERT on why VBR software flaw matters

“The CVE-2023-27532 is a critical vulnerability in Veeam Backup & Replication (VBR) software, which allows unauthorized users to access sensitive information, including encrypted credentials. Cybercriminals exploit this flaw by connecting to the exposed Veeam services (C: \Program Files\ Veeam\Backup and Replication \Backup\ Veeam. Backup. Service.exe) on port TCP 9401, where they can issue requests to extract confidential data from backup infrastructure without proper authentication,” according to the ngCERT advisory.

Recent Exploitation in Nigeria
ngCERT also says that ransomware groups, including Phobos, have exploited this vulnerability in recent attacks on cloud infrastructures within Nigeria’s cyberspace.

These cybercriminals, ngCERT reports, have used the flaw to infiltrate systems, install malware, and exfiltrate sensitive data, causing significant damage to targeted entities.

Data Theft: Nigeria’s ngCERT warns of zimbra email vulnerability

NITDA alerts Nigerians on ransomware threats, recommends safeguard tips

ngCERT: Anatsa, malware stealing banking data, hits 70,000 Android devices

With the potential for widespread damage, ngCERT urges immediate action by tech users to prevent further ransomware attacks exploiting this flaw in Nigerian networks.

Potential Consequences
ngCERT says that the successful exploitation of this vulnerability could result in the following:
System compromise;
Unauthorised access to sensitive data;
Data theft or loss;
System takeover;
Deployment of ransomware;
Financial losses;
DDoS attacks.

Mitigation and Recommendations

ngCERT says it strongly advises VBR users to implement the latest security patches and adopt the following mitigation strategies:

1. Avoid opening attachments from untrusted sources

2. Block malicious IP addresses.

3. Keep systems, applications, and antivirus software up to date.

4. Activate built-in security features that scan for malware.

5. Strengthen security with firewalls, intrusion detection, and endpoint protection.

6. Enforce strict password policies with regular updates.

7. Disable unnecessary services and ports on all systems.