Kowatek Solar LTD
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site
SolarPACES has now mapped all 43 of China’s new CSP projects
17:57
SolarPACES has now mapped all 43 of China’s new CSP projects

Threat Analysis: VMware ESXi Attacks Soared in 2022

The ESXiArgs ransomware attack, which began infecting VMware ESXi hypervisor servers on February 2, 2023, is the latest in a long list of malicious campaigns exploiting vulnerabilities in ESXi.

Threat intelligence firm Recorded Future has been tracking ESXi-focused ransomware since 2020. “As organizations continue to virtualize critical infrastructure and business systems.”

However, VMware’s hypervisor is becoming increasingly attractive to attackers, with the report stating that “ESXi-targeting ransomware will nearly triple between 2021 and 2022, with ALPHV, LockBit, BlackBasta and other ransomware Products from many groups are becoming available,” he said.

ESXi exploits were virtually non-existent in 2020, the report notes, noting that during this period, “due to the availability of initial access presented by the pandemic and multiple critical vulnerabilities, attackers It targeted Windows-based networks.”

Cyber-attacks exploiting ESXi spike to 434 in 2021, Recorded Future finds an even bigger spike in 2022, with ESXi-focused cyber-attacks reaching at least 1188 .

Get initial access

In most cases, attackers take advantage of vulnerabilities in ESXi to gain initial access “specifically via remote code execution (RCE) or authentication bypass.”

Several organizations, such as the US Cybersecurity and Infrastructure Security Agency (CISA) and France’s CERT-FR, believe the ESXiArgs ransomware campaign exploited the 2021 vulnerability (CVE-2021-21974). increase.

The Recorded Future also notes that threat actors attacking ESXi typically attempt to obtain administrator credentials, enable SSH on the ESXi server, and then attempt to escalate to root privileges for unrestricted access. discovered.

“This type of access using legitimate credentials is difficult to detect because it can blend in with normal system administrator activity. [by] Abusing native commands to perform actions,” the report said.

Also, the immaturity of antivirus and EDR solutions covering ESXi makes the technical barrier for attackers to deploy malware on ESXi lower than for attackers targeting Windows.

Backdoors, Ransomware, SharpSphere

Once gaining privileged access to an ESXi server, attackers typically use it for three purposes:

  • backdoor installation;
  • deployment of ransomware;
  • For example, use post-exploit toolkits such as SharpSphere, a C# implementation of vSphere’s web services API, to deploy credential dumping attacks.

A multifaceted mitigation approach is needed

The report notes that mitigating these attacks is no trivial task “due to the complex nature of hypervisors.” A multi-faceted, multi-layered approach is required.

First, “traditional defenses, strong password policies, and a minimal attack surface can provide a significant deterrent to threat actors,” says the report. However, it does not prevent more sophisticated attacks.

For better protection, Recorded Future recommends the following implementations:

  • Enable multi-factor authentication (MFA) and apply it to highly privileged accounts.
  • Create alerts on account changes, service enablements, and authentication patterns.
  • Do not implement Active Directory authentication for administrators.
  • Disable SSH and shell access to ESXi. However, if you must enable it, consider setting a timeout and enabling key-only authentication.
  • Implement network segmentation for the ESXi management network.
  • Minimize the number of open ESXi firewall ports and use vSphere Client, ESXCLI, or PowerCLI commands to check and manage port status.
  • Validate ESXi software, drivers, and other components, enable secure boot on ESXi, and perform component validation at boot time.
  • Install and configure the Trusted Platform Module 2.0 chip. This is because it provides the most effective way to ensure the integrity of the software components on your system, supported by VMware.
  • Use VMkernel.Boot.execInstalledOnly to disallow code execution inside ESXi.

“Ransomware targeting ESXi continues to pose a threat to organizations, putting them at risk of operational downtime, competitive disadvantage, and brand damage. […] As organizations continue to deploy virtualized infrastructures, it is critical to implement security best practices and precautions similar to those used in existing infrastructures,” concludes the report. I’m here.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us