Admins using Veritas Backup Exec need to update the application as soon as possible due to three high-threat vulnerabilities that attackers are currently exploiting. The vulnerabilities, known as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878, allow attackers to execute malicious code after successful attacks. Security updates for Veritas Backup Exec version 21.2 have been available since March 2021.
According to a report by Mandiant, a module tailored to exploiting the vulnerabilities in the Metasploit tool collection has been available since September 2022. A month later, Mandiant observed the first attacks on Windows servers. The attackers are targeting publicly accessible instances of Veritas Backup Exec, with over 8,500 installations reachable via the Internet.
While the exact number of vulnerable installations is not known, some are still vulnerable due to flaws in SHA authentication. If attackers gain unauthorized access, they use tools like ADRecon to collect network information for further advancement, record access data with Mimikatz, and ultimately install the ransomware ALPHV, which encrypts data and demands a ransom.
It is essential to update Veritas Backup Exec to protect against these vulnerabilities and prevent unauthorized access to instances. Admins should also use additional security measures like firewalls and multi-factor authentication to further protect against attacks. By taking these steps, admins can secure their systems and data from potential threats.