Global Ransomware Hacking attack targeting VMware (VMW.N) ESXi servers

By Nathan Wenzler, Chief Cybersecurity Strategist, Tenable

After thousands of computer servers had been targeted by a global ransomware hacking attack targeting VMware (VMW.N) ESXi servers, VMWare has urged customers to install the latest security updates and disable the OpenSLP. The company added that the attackers aren’t exploiting a zero-day vulnerability and that this service is disabled by default in ESXi software releases issued since 2021.

Nathan Wenzler, Chief Cybersecurity Strategist, Tenable, who says that basic adherence to cybersecurity fundamentals would have surfaced this vulnerability and given organisations plenty of time to patch it and prevent this sort of attack from occurring.

“This is just another example of attacks that take advantage of older vulnerabilities that have patches available and were known to be dangerous even by basic risk rating systems like CVSS v3.0.

“While both private and public organisations lean towards today’s latest and greatest buzzword technologies or niche security tools, attackers keep showing that they’re most successful targeting the wide open doors caused by a lack of basic cybersecurity fundamentals. Every organisation should be assessing all of their technology assets wherever they are for vulnerabilities and misconfigurations, prioritising the remediation efforts based on technical and business criticality measures and then executing the remediation plan as soon as possible.

“Basic adherence to these practices would have surfaced this vulnerability and given organisations plenty of time to patch it and prevent this sort of attack from occurring.

“Organisations need to move away from the notion that fundamental security practices aren’t needed or that organisations are too small to be attacked. Cyberattackers focus on these kinds of crimes of opportunity, as they are simple, easy to execute and cost-effective for them to perform. Organisations must stop taking a reactive, wait-and-see approach to closing the doors on these attack opportunities and build a culture of proactive, preventive security measures that finds these types of vulnerabilities early and creates the mechanism to correct the flaw before it’s exploited.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here