Top
Home / Cyber Security
Cyber Security

Hacker attack hits Italy and France, what we know

By

5 February VMware ESXi vulnerability involved and dozens of systems with, for now, undetectable damage

Hacker attack: On Sunday afternoon, 5 February, thousands of computer systems worldwide were exposed to a ransomware attack targeting specific systems, just days after a trader in the UK was the target of a similar attack. The first to notice and report the operation were computer security agencies in France and Italy, followed by counterparts in Canada and the United States, all of whom found the cause of the coordinated attacks in a known vulnerability in VMWare ESXi.

The hack exploits a flaw for which VMware had planned a patch launched as early as 2021 and still needs to be implemented by everyone. The reasons? Always the same: little ‘cyber hygiene’ with regard to the risks of corrupted systems and fear of an interruption of services during system upgrades. Moral of the story: within hours of the discovery of the 20-30 Italian companies affected, most had closed the issue, while five systems remained exposed.

The news is not a sensation for what happened but for the escalation of affected global servers. About 2,000 in a few hours, a high number but one that tells nothing new. In 2022 alone, 3,500 ransomware was reported in the United States in about ten days. Let us take advantage of these moments to accelerate the computer security culture without excessive alarmism.

If the first people affected by the ransomware intrusion are those responsible for the computer systems of companies, the fallout of the attack can also affect citizens. Suppose the blockade has affected servers and computers where private companies and public administrations offer digital applications and services. In that case, it can be expected that access will be impossible or the use of the service itself will be progressively slowed down. Restoring systems will be difficult if all or part of the archives were not saved elsewhere before the attack.

The problem is always the same: outdated systems

Updating systems is a fundamental aspect of reducing exposure to possible attacks, and it is astonishing how such a simple rule can still be disregarded today. It is also difficult to tie the ransomware operation, which exploits the CVE-2021-21974 vulnerability in VMware ESXi’s OpenSLP (Service Location Protocol) service, to any criminal gang associated with foreign countries. There is no evidence of any particular matrix at the moment, with the likelihood that the main objective is to monetise the situation as much as possible. So much so that at the end of the ‘work’ done by the ransomware called ESXiArgs, which applies RSA encryption to files with the extensions .vmdk, .vmx, .vmxf, .vmsd, .vmsn, .vswp, .vmss, .nvram, and .vmem, no data is stolen, but an HTML file is copied with instructions to pay the ransom, about 2 Bitcoin, within three days.

Tags: , ,
0

Antonino Caffo has been involved in journalism, particularly technology, for fifteen years. He is interested in topics related to the world of IT security but also consumer electronics. Antonino writes for the most important Italian generalist and trade publications. You can see him, sometimes, on television explaining how technology works, which is not as trivial for everyone as it seems.

RELATED POSTS

Cyber Security

Italy and Albania sign a cybersecurity memorandum: A memorandum of understanding was signed in Tirana between the Director General of the Italian National Cyber Security Agency (ACN), Bruno Frattasi, and the Director General of the Albanian National Cyber Security Authority

News, Tech

By Alberto Chiumento, and Marta Di Donfrancesco ROME (Reuters) - Italy is introducing artificial intelligence in its schools as Prime Minister Giorgia Meloni's government explores new ways to close the country's digital skills gap with other European Union members. Education Minister Giuseppe

News, Sustainability

Kappa FuturFestival is the sustainable side of Italy's biggest electronic music festival. It is a sustainable entertainment. This is one of the mottos of the Kappa FuturFestival, an international event dedicated to music and digital arts, staged in its 11th

4i magazine was founded with the vision of enabling our readers to make sense of the modern world. Our mission is to provide our audience with the most important, cutting-edge tech news and insights. Today's media landscape features too much information and not enough knowledge. Our coverage aims to fix that, by focusing the spotlight on developing trends, up-and-coming talents, and news that's worth your attention.

info@4imag.com
jobs@4imag.com

© Copyright 4i Mag 2022 All Rights Reserved