Recent cyber attacks targeted over 2,100 computer systems across the US, France, and Germany, taking advantage of a two-year-old VMware vulnerability. This text shares the details of the attack that occurred and the cascading ones that followed.
In a world constantly advancing with technology, it’s no surprise that the threat of cyber attacks is never far away. No one is immune to the dangers of malicious actors lurking in the virtual realm, from large organizations to small businesses. In this ongoing battle against cyber threats, it’s crucial to stay informed and take the necessary steps to protect ourselves and our organizations.
What Actually Happened and What is Going On?
Cybercriminals recently targeted over 2,100 computer systems across the United States, France, and Germany, exploiting a two-year-old vulnerability in VMware Inc. server software. The number of infected systems represents only a fraction of the 66,000 internet-connected computers that could be potential targets. The hackers utilized VMware’s ESXi hypervisor code to extort organizations.
According to public reports, a new variant of ransomware known as ESXiArgs appears to be exploiting a two-year-old vulnerability, CVE-2021-21974, in VMware systems. Despite patches being made available in a VMware security advisory on February 23, 2021, ESXiArgs can penetrate systems that have not yet applied the necessary updates — as such, maintaining proper security hygiene cannot be overstated.
A VMware spokesperson also emphasized the need for customers to take action and apply the patches as directed in the advisory to protect themselves from the threat of ransomware attacks.
The attack occurred on Friday and compromised over 2,000 systems within 24 hours. The attack timing was carefully chosen, as system administrators and security teams were likely to be off for the weekend. The hackers sought to cause maximum impact by finishing their malicious activities over the weekend.
What Do the Experts Say About the Attack?
According to Patrice Auffret, founder and CEO of Onyphe SAS, a French cybersecurity enterprise that scanned the internet for evidence of the attacker’s code, the speed at which the machines were targeted was remarkable.
In an email, Auffret stated that the attackers chose the time wisely as system administrators and security teams were nearly out for the weekend, creating an opportunity for the threat actors. Therefore, the attackers probably wanted to finish their malicious job during the weekend for maximum impact.
The latest breach underscores the continued threat of hackers leveraging legacy vulnerabilities in software that are widely utilized. Cybersecurity agencies in France, Italy, Canada, and other countries published advisories in response to the attack. They warned organizations using vulnerable software to take necessary steps to secure their systems.
In addition, VMware issued a fix for the software issue in 2021, and it is recommended that all organizations using this software apply the necessary updates to prevent similar attacks in the future.
The Continuing Battle Against Cyber Threats
The recent data breaches serve as another instance of malicious actors exploiting long-standing vulnerabilities in widely used software. In this particular instance, the hackers leveraged VMware’s ESXi hypervisor code for servers to extort organizations that had failed to apply the necessary security updates.
Although VMware, the software company, issued a fix in 2021, the ongoing competition between hackers and security personnel continues to be a constant race. Therefore, for future protection against such attacks, it is recommended that all organizations use this software application for updates.
Security experts warn that as soon as a software company releases a patch for a security vulnerability, hackers begin studying the available information to determine if they can exploit it. The back-and-forth struggle between those who aim to exploit technology weaknesses and those who work to fix them has been ongoing for decades. Some ways to enhance cyber security include:
- Regularly updating software and operating systems.
- Using strong passwords and two-factor authentication.
- Being cautious of phishing emails and other forms of social engineering.
Additionally, organizations can invest in cyber security solutions like firewalls, IDS (Intrusion Detection Systems), and antivirus software to detect and respond to potential threats.
Limited Attack of Breaches
According to Alexander Leslie, an analyst at the threat intelligence company Recorded Future Inc, it was indicated that the impact of the weekend breaches was limited as only one of the 426 cryptocurrency wallets associated with the breaches had a balance of around $11,700.
What is Ransomware, and How to Protect your Organization?
Ransomware is malicious software that uses encryption to lock the victim’s files and demands a ransom payment to restore access. The recent attack has become a major organizational threat, causing significant disruptions and financial losses.
Consequences of a Ransomware Attack:
1. Data Loss: The encryption process used by ransomware can make essential files and data inaccessible to the victim. In some cases, the attacker may threaten to permanently delete the data if the ransom demand is not met.
2. Financial Loss: Ransomware attacks can result in direct economic losses through the ransom payment and indirect costs such as the cost of recovery and mitigation efforts.
3. Reputation Damage: A ransomware attack can harm an organization’s reputation, causing it to lose the trust of its customers and partners, leading to long-term damage to the organization’s brand and financial stability.
How to Protect Your Organization from Ransomware:
1. Regular Backups: Regularly backing up data and storing it in a secure location can minimize the impact of a ransomware attack by allowing the victim to restore the encrypted files.
2. Security Software: Antivirus and anti-malware software can help detect and prevent ransomware infections by detecting and blocking malicious software before it can infect the victim’s system.
3. Employee Awareness: Training employees to recognize phishing scams and other methods used to spread ransomware is critical in preventing infections. Employees should be trained to identify suspicious emails, links, and attachments and to report any suspicious activity to IT.
4. Software Updates: Keeping software and systems up-to-date with the latest security patches is essential in reducing the risk of vulnerabilities being exploited by attackers.
5. Network Segmentation: Segmenting the network and limiting access to sensitive data can reduce the impact of a successful attack by making it more difficult for the attacker to access sensitive information.
The link between the recent campaign and the ransomware attack on ION Trading UK last week, which impacted derivatives trading globally, remains uncertain, according to security experts. The LockBit extortion group, believed to have been operating since January 2020 and to have targeted over 1,000 victims globally and extorted at least $100 million from these organizations, carried out the breach.
Organizations should implement regular backups, use security software, train employees on cybersecurity best practices, and keep software and systems up-to-date with the latest security patches to minimize the impact of such attacks.
Final Words
The speed and efficiency of the recent cyber attack highlighted the importance of staying informed and taking proactive measures to protect yourselves and your organizations from cyber threats. The battle against cyber threats is ongoing, but we can help keep our data and systems secure by staying vigilant and proactive.