According to the BSI, the ransomware attacks, which the Italian cyber security authority warned about at the weekend, affect hundreds of systems in Germany.
According to the Federal Office for Information Security (BSI), hundreds of systems in Germany are affected by the cyber attacks with ransomware, which the Italian cyber security authority ACN warned about at the weekend . In the meantime, VMware has commented on the incidents in its own security blog and is giving IT managers tips on how to protect the machines.
BSI confirms ransomware attacks
The BSI reacted to the incidents and sorted them. As a result, thousands of ESXi servers were attacked in “a worldwide ransomware attack”. The regional focus of the attacks was on France, the USA, Germany and Canada. “Other countries are also affected,” adds the German IT security authority. The BSI goes on to say in the report : “According to current knowledge, there seems to be a mid-three-digit number of systems affected in Germany. It is not yet possible to make more specific statements about the extent of the damage and the extent of the damage.”
In the cyber security warning issued for this purpose, the BSI specifies : “The perpetrators took advantage of a long-known vulnerability in the application’s OpenSLP service, which triggered a “heap overflow” and ultimately allowed code to be executed remotely. Information on the vulnerability itself – which is listed as CVE-2021-21974 and rated “high” according to CVSS with a severity of 8.8 – and a patch were already released by the manufacturer in February 2021″.
In the warning, the BSI also explains what IT managers should check. The catalog of questions includes, among other things, the affected VMware versions, whether the available patches have been installed or whether further measures have been taken so that the systems cannot be accessed from the network.
VMware is also responding
The manufacturer of the attacked software, VMware, has also responded with its own blog entry on the security incident. The company dubs the cyber attacks “‘ESXiArgs’ ransomware attacks”. It emphasizes that it could not find any evidence that it is an unknown vulnerability (zero-day) used to spread the
ransomware. “Most reports explain that EOGS (End of General Support) products and/or significantly outdated products are being attacked with known vulnerabilities that were previously addressed and disclosed in VMware Security Advisories (VMSAs),” VMware said.
The company advises installing the latest versions of the vSphere components to seal previously known vulnerabilities. In addition, VMware recommended disabling the OpenSLP service in ESXi; since 2021, the service has been deactivated by default in the new versions.
(c) Dirk Button
