Increasing instability in VMware's potential target landscape is flagged by CrowdStrike
In the rapidly evolving cyber threat landscape, a concerning trend has emerged: a surge in ransomware attacks targeting VMware ESXi, a popular virtualization infrastructure software. This alarming development was highlighted by cybersecurity firm Recorded Future, who tracked over 1,118 ransomware attacks against ESXi in 2022, a significant increase from the two attacks observed in 2020.
Threat actors are actively exploiting several known vulnerabilities in ESXi, with attack vectors including credential theft and virtual machine access. The focus on VMware-based virtualization infrastructure, specifically ESXi and associated products, has become a preferred choice for initiating ransomware attacks.
The widespread use of VMware products such as ESXi, vCenter, ONE Access, and Horizon in organizations hosting hundreds of virtual machines that run critical applications like Active Directory and business operations systems, makes them an attractive target for cybercriminals.
Notably, ransomware operators have been targeting products with unpatched vulnerabilities that were addressed and disclosed at least two to three years ago in security advisories. VMware's hypervisor infrastructure, commanding 71% of the global market for virtualization infrastructure software, is particularly vulnerable.
Threat intelligence researchers at CrowdStrike have identified a new ransomware as a service platform, MichaelKors, targeting ESXi servers running on Windows and Linux. Additionally, cybercriminals are using ransomware as a service platforms like ALPHV - also known as BlackCat, LockBit, and Defray - to target ESXi.
Cyber authorities issued a joint advisory about unpatched Log4Shell in VMware Horizon and Unified Access Gateway servers in June 2022, highlighting the ongoing exploitation of vulnerabilities in VMware products. The lack of security tools, inadequate network segmentation of ESXi interfaces, and existing vulnerabilities in ESXi create a target-rich environment for threat actors.
A VMware spokesperson emphasized the importance of patching known vulnerabilities as a core security practice, stating that endpoint detection and response and antivirus solutions are not a substitution for this practice. However, there is currently no solution available to address the threat of hypervisor jackpotting, which has become a dominant trend due to the multiplying impact of a single compromise and the insufficient detection and prevention mechanisms in these components.
Despite these challenges, VMware remains a significant player in the industry. The company, with over 500,000 customers and generating $6 billion in revenue in 2022, according to Gartner, is awaiting regulatory approval on Broadcom's proposed $61 billion acquisition.
It is crucial for organizations using VMware products to prioritize patch management, network segmentation, and regular security audits to mitigate the risks associated with these ransomware attacks. By doing so, they can safeguard their critical infrastructure and operations from potential cyber threats.
Read also:
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Insecure coding practices permeate numerous businesses, potentially leading to significant future difficulties in ensuring system safety.
- Alleged Cryptocurrency Scam in Politics
- Withdrawing Funds from a Betting Account: A Step-by-Step Guide!
