Home Innovation Cyber Security A wave of ransomware attacks a...
Cyber Security
Business Fortune
15 December, 2023
Cyber authorities connected a two-year-old VMware vulnerability to the attacks, known as ESXiArgs. There are at least 2,250 compromised machines.
Hundreds of businesses employing particular VMware ESXi versions were the target of a global ransomware attack, according to experts and cyber authorities.
While investigations are still ongoing into the initial access vector, investigators and agencies from various nations have connected the campaign to a VMware vulnerability that was identified and fixed nearly two years ago. The attacks occur in several European, Canadian, and American nations.
At least 2,250 PCs have been compromised thus far, and nearly 2,000 servers were compromised in less than a day, according to Patrice Auffret, the founder, CTO, and CEO of the cybersecurity company Onyphe, located in France.
Critical flaws in VMware products are a persistent issue, and ransomware operators frequently target ESXi, the hypervisor software used for server virtualization.
Threat actors can obtain access to VMware's OpenSLP service and launch relatively simple attacks by taking use of the known heap-overflow vulnerability, CVE-2021-21974.
According to Auffret, this wave of attacks may expose roughly 66,000 computers, but it's unclear how many of them are patched.
Threat actors might modify the code or find new ways to enhance the attack vector in order to affect more unpatched versions. Such a move might lead to yet another significant wave of casualties.