Login to your account

Username *
Password *
Remember Me

Blog

Macbook Cybersecurity Macbook Cybersecurity Michael Geiger

Italian ransomware attack highlights bad patch management

A major ransomware attack Sunday kicked the majority of Italians off of the internet before administrators were able to restore service.

Italy’s National Cybersecurity Agency, ACN, said the attackers targeted a known vulnerability in VMware’s ESXi servers. VMware encouraged customers to install patches.

If it feels like you’ve heard this story before, that’s because you probably have. In fact, you’re forgiven for thinking this feels like Groundhog Day.

That’s because the vulnerability was first detected almost two years ago, and the Canadian Centre for Cyber Security issued its first security advisory – known as AV21-093 – on February 24, 2021. The Canadian cybersecurity agency issued a second advisory, AV22-689, on December 9, 2022. 

Targeting the weak

The newest attack impacted servers across Italy. At its peak, traffic was reduced to 26% of normal levels across the country. Servers in France, Finland, the United States, and Canada were also affected. The French cybersecurity agency, ANSSI, which issued the first alert on Friday, warned of continuing attacks against vulnerable servers in the days to come, and reiterated its guidance to administrators to patch their affected systems.

So, in case we’re keeping score, here’s where we’re at:

  • VMware identified a weakness in its products 2 years ago.
  • The company released a security update almost immediately, along with an advisory letting customers know they needed to download and install it.
  • National cybersecurity agencies in Canada, the U.S., and elsewhere issued similar advisories and linked to the VMware download.
  • 22 months later, VMware issued another advisory - meaning not everyone had applied the update.
  • Within weeks, the yet-to-be-identified cybercriminals behind this attack pounced. They knew about the weakness, knew that large numbers of servers in Italy and elsewhere had not yet applied the update, and they targeted the weakest links in much the same way lions go after the weakest prey.

In short, this attack happened because the easy fix was ignored on a shockingly large scale. Whoever was responsible for the affected servers in the affected countries failed to download and apply a small piece of free software. In doing so, they left the virtual front door wide open for a couple of years.

This isn’t an exercise in finding fault. We get it: IT isn’t easy. And the cybersecurity competency is even harder to figure out. The threat landscape continues to intensify just as demands from the business - whatever business that happens to be - become more complex and mission-critical.

Worse, the techies must keep the lights on while simultaneously keeping the bad guys at bay - at a time when IT budgets are being increasingly scrutinized amid overall pullbacks in business spending.

The pandemic has pushed IT to, and sometimes beyond, the limit, forcing it to support virtual and hybrid workforces, deploy sophisticated customer-facing e-commerce capabilities, and wrestle with economic uncertainty and supply chain mayhem. In the rush to keep the lights on throughout the pandemic, established protocols and best practices may have been skipped along the way – leaving the organizations they serve dangerously exposed. 

A tough sell

Cybersecurity, for too long, has been a difficult line item to justify in the budget. Like insurance, we tend to ignore its importance until we’ve been digitally compromised. Even still, it is becoming even more of a tough sell. Unlike the shiny new piece of hardware or the massive new building, cybersecurity doesn’t generate the same kind of visceral excitement among those who pay the bills.

Data from JumpCloud reinforces the uphill climb IT now faces, with 44% of IT professionals reporting their organizations will reduce their cybersecurity spending in 2023. Three-quarters of respondents say these cuts will put their organizations at greater risk, and just over half - 58%, say their current security position has worsened over the past year.

They say all this is largely due to the tight labor market, inflation, recessionary fears, and global conflict. Which is likely plausible – but is hardly an appropriate excuse. The sad reality for IT leaders is stark: reduced cybersecurity spending provides the perfect fuel for an explosion in cybercriminal activity. Cutting corners on cybersecurity preparedness is the worst kind of IT math that could very well destroy the business. 

Creativity to the rescue?

As cybersecurity spending falls behind fast-evolving and expanding needs, IT professionals are left to do their best to keep up. More often than not they manage to keep everything together, often through the sheer forces of creativity and will. But sometimes they end up dropping the ball on mundane operations like security patches and updates. And this global-scale attack is a perfect example of what happens when they fail to keep up.

Applying security fixes in a timely manner slams the door on opportunistic attacks like the one that darkened Italy for much of the day. As ever, human nature, more than any one technology, is what makes us more vulnerable than we need to be. It also explains why attacks seem to be getting bigger, more damaging, and more frequent: because cybercriminals are getting better at identifying who isn’t keeping up and are learning how to choose the most opportunistic targets for ever more impactful cyberattacks. 

the bottom line

The Italian ransomware attack should sound the alarm across all geographies – as well as all governments, corporate leaders, and regular folks alike – that cybersecurity has been an underserved competency for too long.

As organizations continue to evaluate their technology priorities amid an ever-shifting economic landscape, they must examine their cybersecurity spending priorities through a new and more urgent lens. Shaving cybersecurity budgets won’t represent much of a saving after a successful ransomware breach brings the organization to its knees and permanently damages its brand.

The Italian attack proves this risk is more real now than it’s ever been.  And we can start by double-checking whether or not we’ve applied every outstanding security patch and fix. It’s the least we can do. 

 

Read 610 times Last modified on Monday, 06 February 2023 18:00
Rate this item
(0 votes)


Our exceptional talented developers and supportive team, combined with our highly effective, well-developed methodology has provided custom applications to Fortune 500 corporations and entrepreneurial companies.

 

Latest Posts from Blog

DeSantis campaign launch livestream meltdown reaffirms Twitter’s tech decline

DeSantis campaign launch...

When Ron DeSantis decided to forego a traditional...

Montana’s TikTok ban is an appalling line in the sand for freedom of speech

Montana’s TikTok ban is a...

In the wake of Montana’s decision to ban the Chine...

Collaboration tools hit their stride in the post-COVID age

Collaboration tools hit t...

It’s been just over three years since a newly disc...

Geoffrey Hinton’s resignation from Google is AI’s canary in a coal mine

Geoffrey Hinton’s resigna...

It’s no understatement to say that Geoffrey Hinton...

Follow these 4 steps to build a successful post-pandemic roadmap for hybrid work

Follow these 4 steps to b...

Three years after the COVID-19 pandemic sent milli...

Batten down the hatches and hit the gas: 8 steps to recession-proof your IT budget

Batten down the hatches a...

There’s no way to sugar coat it: the economy is he...

Massive Pentagon data leak shines light on insider cybersecurity risks

Massive Pentagon data lea...

Cybersecurity has long been focused on keeping the...

Today’s CIO role is evolving more rapidly than ever. Here’s what’s driving it.

Today’s CIO role is evolv...

Not so long ago, the Chief Information Officer was...

Tech leaders pen letter demanding AI pause: are we moving too quickly?

Tech leaders pen letter d...

Over 1,100 of some of the most influential names i...

Twitter source code gets leaked online. Here’s why it matters.

Twitter source code gets...

By now, we should all be used to eye-popping headl...

AI chatbots go next-level – and productivity apps are their next target

AI chatbots go next-level...

OpenAI’s ChatGPT has been justifiably generating h...

STEP Software celebrates 18 years – and looks to the future

STEP Software celebrates...

It isn’t every day a business celebrates its 18th...