Ad End 1 August 2026
Ad End 4 july 2026
ad End 17 June 2026
ad End 25 July 2026
banner Expire 27 September 2026
adv exp at 20 April 2026
banner Expire 25 July 2025
Ads end 31 October 2026
What's new
Ad expires at 9 July 2026
Ads end 31 October 2026
Wizard's shop 2.0
RonalClub cc shop
Patrick Stash
Luki Crown
best shop
best shop

Anonymous

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 21, 2020
Messages
5,633
Reaction score
1,376
Points
1,012
Awards
4
  • Rich User
  • trusted user
  • Somebody Likes you
  • First post
A single administrator error can affect the entire corporate network.

The Israeli cybersecurity company Sygnia notes that virtualization platforms such as VMware ESXi often suffer from incorrect settings and vulnerabilities, which makes them attractive targets for hackers.

In the course of investigations related to various ransomware families, such as LockBit, HelloKitty, BlackMatter, and others, Sygnia found that attacks on virtualization environments follow a set sequence of actions:

  1. Gaining initial access: Attackers use phishing attacks, downloading malicious files, and exploiting known vulnerabilities in systems accessible from the Internet.
  2. Privilege escalation: Attackers gain access to credentials for ESXi or vCenter hosts using various methods, including brute-force attacks.
  3. Access verification: Cybercriminals check access to the virtualization infrastructure and implement ransomware.
  4. Deleting or encrypting backups: To complicate the recovery process, backups are either deleted or encrypted, and sometimes passwords are changed.
  5. Data exfiltration: Data is sent to external resources, such as Mega.io, Dropbox, or the attackers own hosting services.
  6. Starting the ransomware: Encryption of the "/vmfs/volumes" folder in the ESXi file system begins.
  7. Ransomware distribution: Ransomware is distributed to "non-virtualized" servers and workstations to expand the attack zone.

2bjn52keh15ssr4l6mixfsqkwwmqmjsw.png


Attack Chain

How to protect yourself

To minimize risks, organizations should ensure proper monitoring and logging, establish reliable backup mechanisms, implement strong authentication measures, strengthen infrastructure, and limit network activity to prevent intra-network movement.
 
Ad End 1 November 2024
Top