In today’s threat landscape, some vulnerabilities demand immediate action—and Veeam’s latest flaw, CVE-2024-40071, is one of them. During this Cyber Call, incident response expert Chris and seasoned MSP leader Bob unpacked the serious implications of this 9.8-rated vulnerability, which could allow attackers to execute commands with admin rights and, more dangerously, delete client backups. This opens the door to data encryption, exfiltration, and high-pressure ransomware attacks.
Attackers are gaining access via unpatched firewalls and compromised VPN credentials, bypassing MFA and infiltrating networks with ease. The current threat actor ecosystem is increasingly focused on fast, ruthless payouts—less sophistication, more destruction. Many ransomware groups don’t even bother with decryption keys anymore; deleting backups is now the key tactic to force payment. This is not theoretical—it’s happening now.
For MSPs, this is a reminder that understanding client environments is non-negotiable. Inventory is critical: What tools and backup solutions are your clients using? Are you actively monitoring them? Communicate proactively about vulnerabilities, and update your service agreements to clearly define your patching and maintenance responsibilities. In co-managed IT environments, coordination is even more essential to avoid gaps in defense.
The call also reinforced the importance of personnel security—background checks and due diligence on your technical hires are more critical than ever. When it comes to action, patching Veeam systems should be your first step. Review firewall settings, enforce strong MFA, and implement immutable backup copies to protect against deletion.
Finally, revisit your internal policies and keep your clients informed. The Veeam vulnerability is a stark reminder that proactive vulnerability management, clear policies, and resilient backup strategies are essential for defending your clients—and your MSP business—in 2024 and beyond.
