Fraud Management & Cybercrime , Governance & Risk Management , Patch Management

Attackers are continuing to target unpatched VMware systems to infect them with crypto-locking malware such as ESXiArgs and hold them to ransom.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Since these attacks came to light early this month, VMware has urged all ESXi users to immediately update to a currently supported version of ESXi, which will block one or more flaws being exploited by multiple groups of attackers. Security firm Rapid7 reported Friday that its internet scans found "at least 18,581 vulnerable internet-facing ESXi servers" that have yet to be patched.

The highly automated ESXiArgs ransomware campaign appears to have arrived in at least two waves. The first wave amassed nearly 3,000 known hosts as of Feb. 8, although researchers suspect there may have already been thousands more.

In recent days, attack surface management firm Censys has seen more 500 ESXi servers get newly infected with ESXiArgs ransomware. For unknown reasons, it says, these attacks appear to be mostly limited to servers located in France and Germany, and smaller numbers of attacks have taken place in the Netherlands, the United Kingdom and Ukraine.

During the first wave of attacks, security researchers detailed workarounds that could be used to restore some affected systems, and the U.S. Cybersecurity and Infrastructure Security Agency released a script to help victims rapidly use this recovery approach.

"The script works by allowing users to unregister virtual machines that have been encrypted by the ransomware and re-register them with a new configuration file," Rapid7 researchers Erick Galinkin and Drew Burton say in a blog post. "However, you still need to have a backup of the encrypted parts of the VM to make a full restore."

In response to that workaround, attackers last week launched a second wave of attacks, altering their code so CISA's recovery script no longer works. Attackers also updated their ransom notes to no longer include a unique bitcoin cryptocurrency wallet address for victims to transfer their ransom. Researchers had counted these addresses to count victims. Now, the ransom note instructs victims to message attackers to receive an address.

Conflicting Reports

Multiple details surrounding the ESXiArgs campaign remain unclear. Researchers at cybersecurity firm Trellix say there are conflicting reports as to whether these attacks may include data exfiltration, or if the variant of ransomware is "redeveloped source code from the leaked and now-defunct Babuk ransomware family."

Early versions of the ransomware campaign targeted a heap overflow vulnerability, designated CVE-2021-21974, in the OpenSLP service in ESXi.

VMware warns that there is no proof that this is the only ESXi vulnerability being targeted. Rather, attackers appear "to be targeting 'end of general support' or significantly out-of-date products by leveraging known vulnerabilities previously addressed and disclosed in VMware security advisories," a company spokesperson tells Information Security Media Group.

On the upside, VMware reports there is no "evidence that would suggest an unknown or zero-day vulnerability is being used to propagate the ransomware in the ESXiArgs attacks."

Defending against ESXiArgs thus requires, in part, getting all ESXi systems updated as quickly as possible. "Organizations that are running versions of software older than current releases are at risk and should be updated to the latest versions immediately," VMware says in an FAQ about the ransomware attacks.

VMware also recommends users lock down any ESXi servers that are exposed to the internet. "Organizations that place their IT infrastructure systems' management interfaces directly on the internet should take immediate steps to verify filters and additional security controls in front of them, reviewing those controls for effectiveness," it says.

Experts say normal cyber hygiene rules very much apply to managing virtualized environments. "People need to be aware of their exposures to the internet, reduce their attack surfaces, ensure they have implemented the vendor guidance, and where possible look to deploy allow lists or VPNs to protect management interfaces," says Daniel Card, a cyber specialist at London-based Xservus Limited.

RansomExx2 Enters the Fray

The ESXiArgs ransomware is so named because after the attack campaign hits a hypervisor, it leaves multiple file types, including virtual machines, crypto-locked with an .args extension appended to the filename. Italy's cybersecurity agency has suggested the BlackBasta ransomware group may be tied to the attacks, although it has not shared any supporting evidence.

But a different campaign using malware called RansomExx2 has also been targeting CVE-2021-21974 on unpatched servers, the Rapid7 researchers say. They describe RansomExx2 as "a relatively new strain of ransomware written in Rust and targeting Linux" and say that malware written in Rust can be relatively difficult for endpoint security systems to detect.

While the ESXiArgs campaign was first spotted early this month, Censys' researchers Mark Ellzey and Emily Austin write in a blog post that the attacks may have begun months earlier, based on similarities they've found between ESXiArgs ransom notes and prior attacks.

"During analysis, we discovered two hosts with strikingly similar ransom notes dating back to mid-October 2022," they say. This could reveal early stages of the ESXiArgs ransomware campaign when attackers were testing and refining "their methods on a select few hosts." While it's not clear which flaws attackers were exploiting at that time, the attacks occurred "just after ESXi versions 6.5 and 6.7 reached end of life," they say.

Patching Guidance

In response to the ransomware campaign, VMware has issued detailed tips for keeping vSphere and cloud infrastructure secured.

"The security of our customers is a top priority at VMware, and we recommend organizations upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities," says a spokesperson. "Customers should also visit VMware's tips for updating ESXi to learn more about moving workloads to patch. Additional recommendations are available in VMware's customer blog on ESXiArgs ransomware."

VMware recommends that whenever possible, users employ the vMotion component of vSphere, which it designed to facilitate "zero downtime live migration of workloads from one server to another," and which can be used to "move workloads seamlessly so that ESXi can be patched." The vSphere Update Manager component can be used to update and patch individual ESXi hosts.

Hypervisors Under Fire

This will not be the last attack campaign to target unpatched hypervisors and attempt to crypto-lock their virtual machines.

"Virtual infrastructure is a high-value target, precisely because organizations run their most important workloads there," Paul Turner, vice president of product management for VMware's cloud infrastructure platform, writes in a Wednesday blog post.

But Xservus' Card says patching any type of hypervisor can be challenging. "It's very easy to deploy a virtualized environment but when it comes to updates, it is a pain. Also, it's very easy to not do that because of constraints involving time, money and skills."

In addition, if organizations have a single host, updating it will require downtime, "which organizations often don't like," Card says. "When they are clustered, it's usually easier, but there is often more cost for host-hypervisor infrastructure/licenses and possible guest virtual machine software."

As with any system at risk from ransomware, Rapid7 says the ESXiArgs attack campaign is a reminder that anyone using virtual machines must ensure they're getting backed up. "Make sure you have a backup solution in place, even for virtual machines," it says. "There are a wide variety of backup solutions available to protect virtual machines today."

A faster and more responsive technology backbone enables data-empowered farming for the world's largest fresh multi-berry producer

SAN ANTONIO, Feb. 16, 2023 (GLOBE NEWSWIRE) -- Rackspace Technology® (NASDAQ: RXT), a leading end-to-end multicloud technology solutions company, today announced working with Reiter Affiliated Companies (RAC) to optimize IT workloads on VMware Private Cloud, resulting in effective data-empowered farming for the world's largest fresh multi-berry producer.

Based in Oxnard, California, RAC is the world's largest fresh multi-berry producer. The Reiter family began farming in the San Francisco Bay Peninsula and, by the turn of the century, had migrated south into the Santa Clara Valley. In the 1970s, operations expanded into southern California. Today, the family-owned agricultural grower produces Driscoll's proprietary varieties of strawberries, raspberries, blueberries, and blackberries year-round in the United States, Mexico, Portugal, Germany, Morocco, Canada, Peru, and China. The company has doubled in size roughly every five years and employs more than 30,000 workers worldwide.

Along with the company's growth, RAC experienced costly operational challenges and inefficiencies tied to the occasional need for a manual scale-up of operations. RAC sought to globalize and standardize business processes by leveraging technology while improving application performance and reliability by migrating workloads across dispersed IT environments. The company turned to Rackspace Technology to modernize its technology stack and Excellerate overall data accessibility by bringing together global hardware and its hosting footprint for its many technologies and applications.

Rackspace Technology helped RAC expand its email capabilities by migrating to Microsoft Office 365™. As RAC grew, it moved to Rackspace Private Cloud, consolidating devices in its Oxnard data center, and moving workloads to a more modern VMware® solution. Then, RAC reduced its data center and migrated from a legacy environment to Rackspace Private Cloud powered by VMware. RAC improved its agility with a geographically dispersed and linguistically diverse workforce. With its migration to the private cloud, the company was able to reduce costs and significantly increase performance within the same budget and build out a disaster recovery environment.

Story continues

"Looking back at our approach to IT, we were a little of 'everything everywhere,' understandably, without a clear enterprise architecture in mind. Our approach to technology was more reactive, supporting growth, but only when required", said RAC CIO John Thompson. "Now, with the right technology, we have gained real-time insights. Rackspace Technology has delivered additional help or expertise when incidents arise. The joint flexibility and expertise of the Rackspace Technology team enabled the company to use its resources better while elevating trust."

RAC saw an immediate improvement in the performance of several applications, including its custom SQL application and backup solution. Rackspace Technology worked with RAC to consolidate and combine workloads while upgrading the company's storage capabilities. "The collaborative flexibility and expertise of the Rackspace Technology team enabled the company to use its resources better while elevating trust," said Thompson.

With a modern cloud solution and its access to expertise, RAC's technological backbone is faster and more responsive than before, allowing employees to invest more energy in the company's core business, and partnering with a trusted vendor to take care of the rest.

"RAC could reduce infrastructure costs and reinvest in other areas of its organization without increasing the company's overall IT budget. In addition, RAC was able to build out disaster recovery capabilities with little incremental cost, providing more performance within the same budget," said Josh Prewitt, President of Private Cloud for Rackspace Technology. "Rackspace Technology was able to help RAC consolidate workloads and migrate to a newer, robust, and more flexible platform, and do things it's wanted to for years but hadn't been able to act upon."

"Rackspace was able to go above and beyond, including having multilingual staff, which is a benefit given that the vast majority of RAC's frontline operatives and much of their team speak Spanish as a first language," continued Thompson.

To learn more about the Rackspace Technology and RAC partnership, watch their video or click here for their case study.

About Rackspace Technology
Rackspace Technology is a leading end-to-end multicloud technology services company. We can design, build and operate our customers' cloud environments across all major technology platforms, irrespective of technology stack or deployment model. We partner with our customers at every stage of their cloud journey, enabling them to modernize applications, build new products and adopt innovative technologies.

Media Contact
Natalie Silva
publicrelations@rackspace.com

Over the last decade, many organizations have turned to cloud technologies on their journey to become a digital business. The advantages of multi-cloud are well-documented: efficiency, flexibility, speed, agility, and more. Yet without consistent, comprehensive management across all clouds – private, hybrid, public, and even edge – the intended benefits of multi-cloud adoption may backfire. Increasingly, multi-cloud operations have become a priority for organizations to successfully negotiate cloud adoption.

Today, not only are competitors more aggressive and margins tighter, but partners, customers, and employees also have higher expectations and greater demands. As organizations continue to adapt and accelerate service delivery, they need to look to modern management solutions to simplify and speed  access to the infrastructure and application services teams need, when they need them – without increasing business risk. By deploying solutions that offer comprehensive capabilities with a common control plane, organizations can unify their multi-cloud operations to Excellerate infrastructure and application performance, gain visibility into costs, and reduce configuration and operational risks.

Multi-Cloud Management Challenges

Almost every digital business today faces the issue of complexity when it comes to managing its multi-cloud operations. As organizations have moved away from managing single data centers to managing hybrid and native public clouds, the scope and scale of management have exploded into countless moving parts. Organizations can face complexity due to siloed infrastructure, user access policies, multiple APIs, billing, and lack of a formal operations plan that ensures processes and security remain consistent across multiple clouds.

With so many moving parts, organizations can also face siloed teams that in many cases have to contend with different cloud constructs, including different definitions of the infrastructure services provided by those clouds and different policies for security and compliance. In addition, teams often deploy different tools to manage their various clouds. A fragmented approach to operational priorities for cloud services makes it difficult to get a holistic view of how an organization uses cloud services, shares best practices, and ensures sufficient governance. Not only can disconnected operations impede an organization’s ability to run efficiently, but also impact their ability to troubleshoot problems and recover from outages quickly. Siloed teams and the sprawl of management solutions can also result in a lack of visibility into cloud costs.

As we enter an uncertain market in 2023, organizations face increasing pressure to control their cloud spending. Complexity is the enemy of cost optimization. As a result of different pricing structures across different cloud provider services and siloed teams, organizations are often struggling to predict future spend. In fact, according to a recent VMware study, more than 41% of organizations want to optimize their existing use of cloud to save on costs.

The Benefits of Unifying Multi-Cloud Operations

As organizations mature in their multi-cloud management strategies, they increasingly recognize that success depends on having comprehensive visibility. Organizations cannot manage what they can’t see. Although management solutions have been around for a very long time, comprehensive visibility has yet to be fully appreciated or achieved by businesses.

Cloud management powers your cloud operating model by helping you manage, control, and secure your cloud environments. A unified approach to multi-cloud management enables consistent and seamless operations across clouds, simplifying cloud adoption, streamlining app migrations, and accelerating modernization. An effective, efficient cloud operating model today requires a modern management solution such as VMware Aria. By bringing together a comprehensive visual map of multi-cloud environments with actionable management insights, VMware Aria enables organizations to leverage end-to-end intelligent operations across clouds to Excellerate performance, lower costs and reduce risk.

As we enter a year of uncertainty, agility is the key to resilience and growth, and no matter where organizations are at in their cloud journey, a cloud operating model rolled out with modern, comprehensive, multi-cloud management solutions will bring consistency and efficiency to managing all types of clouds. More importantly, it will allow business leaders to quickly adapt, respond, and innovate on the fly which will prove critical to staying competitive.

To learn more, visit us here.

February 15, 2023, 06:52 PM EST

The recent ‘ESXiArgs’ ransomware campaign has compromised thousands of servers running VMware’s ESXi hypervisor.

If customers haven’t seen their virtual infrastructure as a likely target for ransomware attacks in the past, VMware is hoping the recent campaign that compromised thousands of ESXi servers will change their view on that.

In a statement Wednesday, VMware indicated there is no denial on its part about the fact that malicious actors are increasingly going after customers running its virtualization platforms, acknowledging that virtual infrastructure is now a “high-value target” for attackers.

[Related: VMware ESXi Ransomware Attacks: 5 Things To Know]

The recent “ESXiArgs” ransomware campaign has targeted customers that run the VMware ESXi hypervisor, and an estimate by the FBI and a federal cybersecurity agency put the number of compromised servers worldwide at 3,800 as of last week.

The attacks began in early February and have targeted organizations in countries including the U.S., Canada, France and Germany, according to cybersecurity vendor Censys.

While infections peaked on Feb. 3, the attacks have been continuing, and between Feb. 11 and 12 there were 500 additional hosts infected with the ESXiArgs ransomware, Censys said in a post Wednesday.

VMware released a statement to media Wednesday saying that “the recent ESXiArgs ransomware attacks have highlighted important truths about protecting virtual infrastructure.”

“The important truth is that virtual infrastructure is a high-value target, precisely because organizations run their most important workloads there, and that threat actors are continuously evolving their tools and tactics to work in those environments,” VMware said in a follow-up statement to CRN.

Ransomware attacks on virtualization platforms have already been on the rise for some time: Research from Mandiant, released in April 2022, pinpointed a “significant increase” in such attacks. Mandiant reported at the time that it had been observing the increase over the previous six to 12 months, and noted that it had been seeing numerous ransomware groups target VMware’s vSphere and ESXi platforms.

The scope of the ESXiArgs campaign, however, has brought a lot more attention to the threat. The attacks have exploited a two-year-old vulnerability (tracked at CVE-2021-21974) that affects older versions of VMware ESXi, researchers have said.

According to cybersecurity vendor Wiz, 12 percent of servers running the VMware ESXi hypervisor were unpatched against the vulnerability, which was first disclosed in 2021, as of earlier this month. Rapid7 research found that a total of 18,581 internet-connected ESXi servers were vulnerable to the flaw as of late January.

Robby Hill, CEO of Florence, S.C.-based MSP HillSouth, told CRN he questions why a business would ever think it made sense to put its ESXi servers on the internet. VM servers are the core of an organization’s server infrastructure, he said, and their only utility is providing the execution of the VMs.

“They should never be exposed to the public,” Hill said. “It seems like this was almost bound to happen by designing the setup at these companies so poorly.”

In its statement to CRN, VMware said that “to be resilient, organizations will need to prioritize security as an ongoing task, including keeping software up to date and hardening against the threat landscape.”

On Wednesday, the company published a blog about how its vSphere platform can be helpful to customers with such challenges.

“VMware is urging customers to harden their virtual infrastructure, and we are delivering guidance on how to update software with zero down-time and better configure their deployments to defend against malware threats that target virtual infrastructure,” the company said in its statement Wednesday. “We encourage organizations to enforce identity access management, modernize security architecture, and other hygiene practices for ransomware resilience.”

A two-year-old heap overflow vulnerability in VMware ESXi hypervisors seems to have come to the attention of a ransomware operator that is targeting unpatched systems indiscriminately in what has the potential to become a serious incident, and may already have claimed more than 300 victims, according to warnings.

Tracked as CVE-2021-21974, the vulnerability exists in how VMware ESXi processes service location protocol (SLP) messages, and stems from a lack of validation over the length of user-supplied data before copying it to a heap-based buffer. If left untreated, it allows an unauthenticated attacker to execute arbitrary

In an alert issued immediately prior to the weekend of 4-5 February, France’s national Computer emergency response team (CERT), CERT-FR, said: “On 3 February 2023, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them. These attack campaigns seem to exploit the CVE-2021-21974 vulnerability, for which a patch has been available since 23 February 2021.

“CERT-FR recommends applying without delay the workaround proposed by the publisher…which consists of disabling the SLP service on ESXi hypervisors that have not been updated. CERT-FR strongly recommends applying all patches available for the ESXi hypervisor.”

However, CERT-FR added, applying a patch along may not be enough as an attacker may well have already exploited the vulnerability to drop malicious code, so defenders should also run a full system scan at the same time.

Systems targeted by the attacker in the campaign observed by CERT-FR are versions 6.x up to 6.7 of the ESXi hypervisor. However, ESXi 7.x earlier than ESXi70U1c-17325551; ESXi 6.7.x earlier than ESXi670-202102401-SG; and ESXi 6.5.x earlier than ESXi650-202102101-S, are also known to be vulnerable.

Andy Norton, European cyber risk officer at Armis said: “The ongoing VMware ESXi Ransomware attack is a major global incident. The potential negative impact for entities who are exposed is high and all VMWare ESXi users are strongly encouraged to take prompt action.

“The majority of impacted entities are spread across Europe. Speculation still surrounds who the bad actors ultimately are in this case…however, the good news is there is an active fix for the vulnerability.”

As with any vulnerability affecting VMware’s ESXI lines, CVE-2021-21974 carries a higher than average potential for disruption because of the sheer volume of other applications and systems that it can be used to access. Those that missed the 2021 advisory or decided not to patch must now do so without fail.

The ransomware in question seems to be a new strain that has been dubbed ESXIArgs, and according to some early analysis, may be based on leaked Babuk source code. Analysts at OVHCloud, who have also been tracking the campaign, said that in some cases process by which ESXIArgs encrypts its victims’ files has been seen to partially fail, meaning it may be possible to recover data in some instances.

Stefan van der Wal, EMEA consulting solutions engineer for application security at Barracuda Networks, commented: “This highlights how important it is to update key software infrastructure systems as quickly as possible. It isn’t aways easy for organisations to update software. In the case of this patch, for example, organisations need to disable temporarily essential parts of their IT infrastructure. But it is far better to face that than to be hit by a potentially damaging attack.

“Virtual machines can be attractive targets for ransomware since they often run business-critical services or functions – and a successful attack could cause extensive disruption. It is particularly important to ensure that access to a virtual system’s management console is secured and can’t be easily accessed through a compromised account on the corporate network, for example.

“To fully protect virtual infrastructure, it is important to segregate it from the rest of the business network, ideally as part of a zero-trust approach. Organisations deploying ESXi should update immediately to the latest version, if they haven’t already done so – and do a full security scan of the servers to ensure they haven’t been compromised,” said van der Wal.

Organizations using older versions of VMWare ESXi hypervisors are learning a hard lesson about staying up-to-date with vulnerability patching, as a global ransomware attack on what VMware has deemed "End of General Support (EOGS) and/or significantly out-of-date products" continues.

However, the onslaught also points out wider problems in locking down virtual environments, the researchers say.

VMware confirmed in a statement Feb. 6 that a ransomware attack first flagged by the French Computer Emergency Response Team (CERT-FR) on Feb. 3 is not exploiting an unknown or "zero-day" flaw, but rather previously identified vulnerabilities that already have been patched by the vendor.

Indeed, it was already believed that the chief avenue of compromise in an attack propagating a novel ransomware strain dubbed "ESXiArgs" is an exploit for a 2-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974), which affects the hypervisor's Open Service Location Protocol (OpenSLP) service.

"With this in mind, we are advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities," VMware told customers in the statement.

The company also recommended that customers disable the OpenSLP service in ESXi, something VMware began doing by default in shipped versions of the project starting in 2021 with ESXi 7.0 U2c and ESXi 8.0 GA, to mitigate the issue.

Unpatched Systems Again in the Crosshairs

VMware's confirmation means that the attack by as-yet unknown perpetrators that's so far compromised thousands of servers in Canada, France, Finland, Germany, Taiwan, and the US may have been avoided by something that all organizations clearly need to do better — patch vulnerable IT assets — security experts said.

"This just goes to show how long it takes many organizations to get around to patching internal systems and applications, which is just one of many reasons why the criminals keep finding their way in," notes Jan Lovmand, CTO for ransomware protection firm BullWall.

It's a "sad truth" that known vulnerabilities with an exploit available are often left unpatched, concurs Bernard Montel, EMEA technical director and security strategist for security exposure management firm Tenable.

"This puts organizations at incredible jeopardy of being successfully penetrated," he tells Dark Reading. "In this case, with the … VMWare vulnerability, the threat is immense given the active exploitation."

However, even given the risks of leaving vulnerable systems unpatched, it remains a complex issue for organizations to balance the need to update systems with the effect the downtime required to do so can have on a business, Montel acknowledges.

"The issue for many organizations is evaluating uptime, versus taking something offline to patch," he says. "In this case, the calculation really couldn’t be more straightforward — a few minutes of inconvenience, or days of disruption."

Virtualization Is Inherently a Risk

Other security experts don't believe the ongoing ESXi attack is as straightforward as a patching issue. Though lack of patching may solve the problem for some organizations in this case, it's not as simple as that when it comes to protecting virtualized environments in general, they note.

The fact of the matter is that VMware as a platform and ESXi in particular are complex products to manage from a security perspective, and thus easy targets for cybercriminals, says David Maynor, senior director of threat intelligence at cybersecurity training firm Cybrary. Indeed, multiple ransomware campaigns have targeted ESXi in the past year alone, demonstrating that savvy attackers recognize their potential for success.

Attackers get the added bonus with the virtualized nature of an ESXi environment that if they break into one ESXi hypervisor, which can control/have access to multiple virtual machines (VMs), "it could be hosting a lot of other systems that could also be compromised without any additional work," Maynor says.

Indeed, this virtualization that's at the heart of every cloud-based environment has made the task of threat actors easier in many ways, Montel notes. This is because they only have to target one vulnerability in one instance of a particular hypervisor to gain access to an entire network.

"Threat actors know that targeting this level with one arrow can allow them to elevate their privileges and grant access to everything," he says. "If they are able to gain access, they can push malware to infiltrate the hypervisor level and cause mass infection."

How to Protect VMware Systems When You Can't Patch

As the latest ransomware attack persists — with its operators encrypting files and asking for around 2 Bitcoin (or $23,000 at press time) to be delivered within three days of compromise or risk the release of sensitive data — organizations grapple with how to resolve the underlying issue that creates such a rampant attack.

Patching or updating any vulnerable systems immediately may not be entirely realistic, other approaches may need to be implemented, notes Dan Mayer, a threat researcher at Stairwell. "The truth is, there are always going to be unpatched systems, either due to a calculated risk taken by the organizations or due to resource and time constraints," he says.

The risk of having an unpatched system in and of itself may be mitigated then by other security measures, such as continuously monitoring enterprise infrastructure for malicious activity and being prepared to respond quickly and segment areas of attack if a problem arises.

Indeed, organizations need to act on the assumption that preventing ransomware "is all but impossible," and focus on putting tools in place "to lessen the impact, such as disaster recovery plans and context-switched data," notes Barmak Meftah, founding partner at cybersecurity venture capital firm Ballistic Ventures.

However, the ongoing VMware ESXi ransomware attack highlights another issue that contributes to an inherent inability for many organizations to take the necessary preventative measures: the skill and income gaps across the globe in the IT security realm, Mayer says.

"We do not have enough skilled IT professionals in nations where wealthy companies are targets," he tells Dark Reading. "At the same time, there are threat actors across the globe who are able to make a better living leveraging their skills to extort money from others than if they took legitimate cybersecurity work."

Mayer cites a report by the international cybersecurity nonprofit (ICS²) that said to secure assets effectively, the cybersecurity workforce needs 3.4 million cybersecurity workers. Until that happens, "we need to ramp up training these workers, and while the gap still exists, pay those with the skills around the world what they are worth, so they don’t turn to being part of the problem," Mayer says.

The MarketWatch News Department was not involved in the creation of this content.

Feb 12, 2023 (CDN Newswire via Comtex) -- A recent study on the Global Unified Endpoint Management Market was released by MarketQuest.biz. It offers a thoughtful and detailed analysis of the market situation. The research report focuses on certain key factors essential for the growth of the Unified Endpoint Management market. The study helps the researchers develop several market strategies that can successfully aid the buyer of the report in expanding their business significantly in the Unified Endpoint Management market. It provides information on industry growth projections, challenges, and restrictions. Market estimates and predictions are also included in the research. Similar estimates and forecasts back the report's segments to offer a quantitative growth approach to the Unified Endpoint Management market.

The MarketWatch News Department was not involved in the creation of this content.

Dateline Moscow and Kyiv: Rectification of names.

Ukraine at D+348: Preparing for the first anniversary of the invasion. (CyberWire) Russia moves conscripts to assembly areas, and a dark web souk appears on Moscow's electronic billboards.

Russia-Ukraine war live: Moscow repeats warning that Nato countries supplying Kyiv with arms risks ‘unpredictable escalation’ (the Guardian) Russian defence minister accuses Nato of trying to ‘prolong the conflict’

Ukraine Warns Russia Is Planning Major Offensive (Wall Street Journal) Kyiv says Russia is amassing troops and Preparing for a new push along the eastern front. This comes amid a signal that Ukraine may reshuffle in its military leadership following a corruption scandal.

Russia-Ukraine war: Wagner founder challenges Zelensky to a dogfight for control of Bakhmut (The Telegraph) The founder of Russia’s notorious Wagner mercenary group challenged Volodymyr Zelensky to a dogfight on Monday for the control of Bakhmut, as Ukraine braced for a renewed Russian offensive.

Ukraine releases video appearing to show Russian troops beating own wounded officer (the Guardian) Footage thought to show Wagner group fighters beating commander with what appear to be shovelsWarning: video contains footage that some viewers may find distressing

Austria’s About to provide Russia a Soapbox at the OSCE (Foreign Policy) Vienna will allow sanctioned Russian parliamentarians to attend the next big security meeting on the anniversary of Russia’s invasion of Ukraine.

Perspectives on Ukraine and the Russian Invasion (Global ECCO) Dr. Douglas Borer, Department of Defense Analysis at the US Naval Postgraduate School, asked Dr. Myerson some questions about the causes of the Russian war against Ukraine, the role of allies in Ukraine’s defense, and his perspective on how the war might end.

How Russia Decides to Go Nuclear (Foreign Affairs) Deciphering the way Moscow handles its ultimate weapon.

U.S. Leadership on Ukraine Is Increasing European Dependence (World Politics Review) Unwillingly and unintentionally, US leadership on Ukraine war policy is increasing Europe’s dependence. That could be a problem.

American conservatives are right behind Ukraine – but they want a better strategy than Biden’s (The Telegraph) The White House has been reactive, often only moving after significant Congressional and international pressure

Japan’s Long-Awaited Return to Geopolitics (Foreign Policy) Tokyo’s abandonment of its post-1945 security stance is another fallout from Russia’s war.

Analysis: Swiss neutrality on the line as arms-for-Ukraine debate heats up (Reuters) Switzerland is close to breaking with centuries of tradition as a neutral state, as a pro-Ukraine shift in the public and political mood puts pressure on the government to end a ban on exports of Swiss weapons to war zones.

The Deeper Reason Netanyahu Won’t Arm Ukraine Against Russia (Foreign Policy) Jerusalem’s ties to Moscow are partly about security. They’re also about illiberalism.

The Ukraine war is fuelling and obscuring cyberattacks (The National) The fighting is dominating the attention that might otherwise be given over to understanding the links between online threats and modern warfare

Darknet drug market BlackSprut openly advertises on billboards in Moscow (The Record from Recorded Future News) It's unclear why BlackSprut was able to buy the Moscow billboard space, but Russia is known for some permissiveness toward darknet groups.

Inside Safe City, Moscow’s AI Surveillance Dystopia (WIRED) Moscow promised residents lower crime rates through an expansive smart city project. Then Vladimir Putin invaded Ukraine.

Russia ends disclosure rules for officials, citing wartime secrecy needs (Washington Post) In the latest indication of expanded state secrecy in wartime Russia, President Vladimir Putin on Monday signed legislation that will exempt Russian lawmakers from a previous requirement that they disclose details of their income, expenses and property.

Russian Deficit Soars to $25 Billion on War Spending, Oil Embargo (Wall Street Journal) The government’s budget recorded its deepest deficit to start the year in more than a decade.

Attacks, Threats, and Vulnerabilities

Foreign states already using ChatGPT maliciously, UK IT leaders believe (CSO Online) Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams.

Ransomware Hits Unpatched VMware Systems: 'Send Money Within 3 Days' (Virtualization Review) Users who neglected to install security patches issued by VMware two years ago are now being hit by a big ransomware attack wave.

Massive ransomware attack targets VMware ESXi servers worldwide (CSO Online) Cybersecurity agencies globally — including in Italy, France, the US and Singapore — have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.

CISA steps up to help VMware ESXi ransomware victims (SC Media) CISA says any organization experiencing a cybersecurity incident tied to VMware ransomware campaigns should immediately report it to CISA or the FBI.

‘Massive’ new ESXiArgs ransomware campaign has compromised thousands of victims (The Record from Recorded Future News) Thousands of servers running an unpatched version of VMware's ESXi product are vulnerable to ESXiArgs ransomware, researchers say.

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (The Hacker News) South Korean and American e-commerce industries have been targeted by a GuLoader malware campaign.

Polygraph: Click Fraud Scammers Are Targeting Pay-Per-Click Affiliate Schemes (GlobeNewswire News Room) Pay-per-click affiliate schemes are vulnerable to sophisticated click fraud techniques....

Hackers hit Vesuvius, UK engineering company shuts down affected systems (Graham Cluley) Vesuvius, the London Stock Exchange-listed molten metal flow engineering company, says it has shut down some of its IT systems after being hit by a cyber attack.

British steel industry supplier Vesuvius ‘currently managing cyber incident’ (The Record from Recorded Future News) Vesuvius Plc confirmed that the incident “involved unauthorized access to our systems,” but it did not provide further details.

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419) (Rapid7) Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System (DMS) offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralization of Input During Web Page Generation, in this disclosure, we have ordered them from most severe to least.

CyRC special report: Secure apps? Don’t bet on it (Application Security Blog) The Cybersecurity Research Center conducted a security analysis of the 10 most popular Android sports and betting apps.

Highmark Health Suffers Phishing Attack, 300K Individuals Impacted (Health IT Security) Highmark Health notified 300,000 individuals of a phishing attack that potentially compromised protected health information.

Cybersecurity Incident Under Investigation in Berkeley County Schools - 19,000 Students Have Day Off (WV MetroNews) More than 19,000 students got the day out of school in Berkeley County on Monday (February 06), but it was a workday for staff.  This after a cybersecurity incident in the district Friday. Berkeley County Schools sent out a message saying they are  investigating the “cause and scope.”

West Virginia students returning to class after days-long outage following cyberattack (The Record from Recorded Future News) Nearly 20,000 students in West Virginia were forced to miss classes on Monday due to a cyberattack that crippled their school.

MTU close Cork campuses after a 'significant' IT breach (Cork Beo) All full-time and part-time classes have been cancelled

Trends

Cybercrime Shows No Signs of Slowing Down (Dark Reading) Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.

Cyber Apocalypse 2023: Is The World Heading For A ‘Catastrophic’ Event? (Forbes) According to the 2023 Global Cybersecurity Outlook from the World Economic Forum, the world is facing more and potentially catastrophic cyber-attacks. Here, we explore what that means.

Blog | Permiso 2022 - End of Year Observations () The Permiso p0 labs team provides an overview of what they have observed from the front lines of cloud attacks over 2022, and where they expect cloud attacks to head next!

DataDome’s Inaugural E-Commerce Holiday Bot & Online Fraud Report Reveals the US as the Top Source of Bot Attacks (DataDome) Study finds US generated 10 times the number of bot attacks compared to China, the second highest source during the 2022 holiday season.

State of the Cloud 2023 (Wiz) The Wiz Threat Research team looks back on the past year to highlight trends and the state of cloud usage based on visibility across our customer base.

Marketplace

IronNet Signs Contract to Enhance Cybersecurity of U.S. Navy’s Naval Sea Systems Command (NAVSEA) Following Successful Pilot Program (Business Wire) Agreement addresses cyber threats against the Defense Industrial Base (DIB) by using the IronNet Collective Defense℠ Platform to Excellerate threat visibility and anonymized intelligence sharing

Bitwarden Boosts FIDO Alliance Membership (Business Wire) Bitwarden, the leading open source password manager trusted by millions, today announced that it has expanded its partnership in the FIDO Alliance, an

Netsurion CRO John Addeo Honored on 2023 CRN Channel Chiefs List (GlobeNewswire News Room) Netsurion, a leading provider of managed XDR, today announced that CRN®, a brand of The Channel...

Sumo Logic SVP of Global Partners and Alliances Named as a 2023 CRN Channel Chief (GlobeNewswire News Room) Sumo Logic (NASDAQ: SUMO), the SaaS analytics platform to enable reliable and secure cloud-native...

Aqua Security’s Jeannette Lee Heung Named a 2023 CRN Channel Chief (GlobeNewswire News Room) Lee Heung was behind the Aqua Advantage partner program launch driving a surge in channel revenue...

Axis Channel Leader Nicholas Mirizzi Receives 2023 CRN Channel Chief Honor (PR Newswire) Axis, the leading innovator in Security Service Edge, today announced that CRN®, a brand of The Channel Company, has recognized Nicholas...

Jamie Hawkins of DH2i Honored as a 2023 CRN Channel Chief (DH2I) Recognized for Dedication, Innovative Strategies, and Programs That Have Driven Partner Success

Brillio Appoints Navneet Narula to Lead Global Banking and Financial Services Unit (CXOToday.com) Industry veteran tapped to turbocharge company’s burgeoning BFSI vertical    Brillio, a leading digital transformation services and solutions provider

Moti Gindi, Former CVP of Security Products at Microsoft, Joins Apiiro as Chief Product Officer (GlobeNewswire News Room) Moti, who built Microsoft Defender into a multi-billion dollar business, joins Apiiro to scale the growing business...

Folio Photonics Expands Engineering Leadership Team with the Appointment of Greg Kittilson as Vice President of Engineering (Business Wire) Announces Great Leap Forward with Newly Patented Systems and Methods for Increasing Data Rate and Storage Density in Multi-Layer Optical Discs

Products, Services, and Solutions

Cognni Launches AI-Powered Automated Infosec Risk Assessment Product (GlobeNewswire News Room) The new risk-assessment tool can scan all the data held by an organization in minutes and provide a detailed report on risks and the mitigation measures...

Cequence Security Enhances API Security Testing Capabilities (Business Wire) Cequence Security, the leading provider of Unified API Protection, today announced it has enhanced the testing capabilities within its Unified API Pro

Keyfactor Global Channel Program Hits New Milestones as Businesses Prioritize Machine Identity Management (Business Wire) Keyfactor appoints Michael de Paris as VP of EMEA Channels; SVP of Global Channel Joe Tong named to 2023 CRN Channel Chief List.

Cadien Cyber Response Launches to Deliver Incident Response & Complex Digital Forensics Services (Dark Reading) Cadien Cyber Response, a US-based incident response and complex digital forensics firm, formally launched operations today and unveiled its team of leading industry and government cyber experts focused on reactive services.

Baffle Makes Multi-Tenant Data Security for SaaS Providers Even Easier (GlobeNewswire News Room) Record-level Encryption Isolates Customer Data; BYOK Gives Customers Complete Control

How Parallel Loop Empowers Torq Users to Rapidly Automate Bulk Data Processing Up to 10x (Torq) Torq is proud to introduce Parallel Loop, a new capability that enables users to process bulk data from myriad security tools with unprecedented ease. It also provides the power of orchestration like no other automation tool in the security automation industry with true parallelism. That means multiple tasks can be run simultaneously, and optionally, on […]

Snyk Achieves FedRAMP “In Process” Milestone (GlobeNewswire News Room) With Expected FedRAMP Authorization, Snyk to Address Crucial Need for Developer Security in Public Sector

Coalfire Compliance Essentials Optimized for Automated Evidence Collection (PR Newswire) Global cybersecurity pioneer Coalfire announced today major innovations to its Compliance Essentials solution, including advanced automated...

Deepwatch Advances SecOps Platform to Detect and Contain Identity Threats (Business Wire) Introduces Managed Extended Detection and Response (MXDR) for Rapid Containment of Identity Compromise

Technologies, Techniques, and Standards

Agencies Seek Public Input on Updates to Guiding Plan for Cyber R&D (Nextgov.com) The document is updated once every four years.

How Artificial Intelligence is Changing the Spy Game (SpyCast) Mike Susong (Website, LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss the impact and potential of AI on the intelligence field. Mike is a former CIA case officer who now oversees global intelligence for a risk management company.

Why Crowdsourced Security is Devastating to Threat Actors (Security Intelligence) See how crowdsourcing security is an effective tool against phishing and other cyber threats.

How to deal with sneaky spear phishing- and more - on Safer Internet Day (WatchGuard Technologies) In support of a safer Internet for all here are some insights on today’s most prevalent threats and what you can do to stay cyber secure. Follow our tips and protect yourself and your business.

Design and Innovation

Microsoft announces surprise event for tomorrow with Bing ChatGPT expected (The Verge) Microsoft won’t be streaming this event, though.

The Race to Build a ChatGPT-Powered Search Engine (WIRED) A search bot you converse with could make finding answers easier—if it doesn’t tell fibs. Microsoft, Google, Baidu, and others are working on it.

Google has unveiled its ChatGPT rival and is promising its will offer AI-powered search 'soon' (Silicon Valley Business Journal) Google is following through on CEO Sundar Pichai's promise last week to open up it AI tools to the public.

Google launches ChatGPT rival called Bard (BBC) Google is launching an Artificial Intelligence (AI) powered chatbot called Bard to rival ChatGPT.

Google Releases ChatGPT Rival AI ‘Bard’ to Early Testers (Bloomberg) Microsoft expected to announce ChatGPT integration into Bing search engine

Academia

The SANS Institute Reopens HBCU Cyber Academy Application Window to Address Growing Need for Cybersecurity Professionals (PR Newswire) The SANS Institute is proud to announce the reopening of the HBCU Cyber Academy application window from February 1, 2023 to March 1, 2023. The...

Legislation, Policy, and Regulation

Chinese hacking probably outweighs balloon, experts say (Washington Post) Don’t forget about Chinese hackers

Quad Joint Statement on Cooperation to Promote Responsible Cyber Habits (The White House) We the Quad partners of Australia, India, Japan, and the United States are launching a public campaign to Excellerate cyber security across our nations: the

Wikipedia unblocked in Pakistan after Prime Minister's intervention (TechCrunch) Pakistan has unblocked Wikipedia in the South Asian market, three days after the online encyclopedia was censored in the nation.

What CISOs need to know about the renewal of FISA Section 702 (CSO Online) Section 702 of the Foreign Intelligence Surveillance Act sets out the rules for the US intelligence community around gathering information abroad—but is it inadvertently being used at home too?

Let Section 230 Stay (The Information) Gonzalez v. Google, which the Supreme Court will hear this month, is the culmination of years of litigation. The action—a consolidation of lawsuits filed against Google, Twitter and Facebook—attempts to hold these platforms liable for their automated recommendation of content to users. Social ...

Biden taps experts in threat intel, networking and satellite cybersecurity for telecom advisory board (SC Media) The Biden administration appointed new leaders for the National Security Telecommunications Advisory Council, while adding a number of other notable tech and cybersecurity executives.

Litigation, Investigation, and Law Enforcement

China’s tech weapons roll in to quell demonstrations, identify protesters (The Record from Recorded Future News) At a time when an errant spy balloon has raised new questions about President Xi Jinping’s absolute control over all things Chinese, we take a look at how his regime quelled last year’s Covid protests and how an arsenal of digital weapons helped tighten his grip on power.

U.S. senators question Meta over Chinese, Russian access to Facebook data -statement (Reuters) A bipartisan pair of U.S. senators said on Monday they had sent a letter to Meta CEO Mark Zuckerberg questioning the company about documents that they say reveal that Facebook developers in China and Russia had access to user data.

Police hacked Exclu 'secure' message platform to snoop on criminals (BleepingComputer) The Dutch police announced on Friday that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations.

Finnish psychotherapy extortion suspect arrested in France (Naked Security) Company transcribed ultra-personal conversations, didn’t secure them. Criminal stole them, then extorted thousands of vulnerable patients.

How Sam Bankman-Fried’s Psychiatrist Became a Key Player at Crypto Exchange FTX (Wall Street Journal) Hired as a coach at the crypto exchange, George Lerner was there for its dramatic downfall.

Politie leest opnieuw mee met criminelen (Politie) De politie en het Openbaar Ministerie in Nederland zijn er opnieuw in geslaagd toegang te krijgen tot data van een cryptocommunicatiedienst van criminelen en de afgelopen vijf maanden hun…

Eurocops shut down Exclu encrypted messaging app (Register) German and Dutch authorities say the app was a favorite of organized criminals and drug smugglers

© 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.