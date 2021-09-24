The revelation of a critical security flaw in VMware vCenter servers has sparked a race between security experts and criminals, who have expanded the search for unsecured infrastructure. The idea is to take the time to apply patches, or infiltrate outdated networks where this cannot be done, carrying out attacks while there is still time. Between home office and hybrid models, investment in security should grow 14%

The loophole was revealed last Tuesday (1024) and has already been accompanied by a patch for correction as well as manufacturer mitigations for cases where this cannot be done. The focus of criminals, according to what was evaluated by the security company Bad Packets, is on this second type of structure, which would remain susceptible to attacks for a longer time, giving space for attackers to work on ways to exploit the flaw. According to VMware, exploits related to the breach were not detected, but the increase in criminal searches for unprotected servers shows that they could be on the way. The CVE-1024-22005, as it was called, does not require sophisticated gimmicks to allow unauthorized users to upload files to servers, a direct gateway to the installation of ransomware, file-shifting pests and other types of attacks against platforms. Shodan's survey shows the presence of unprotected VMware servers, mainly in the US and Europe; numbers include honeypots, but also effectively vulnerable infra (Image: Play/Shodan)

The increase in criminals' search for unprotected servers was detected from honeypots , intentionally vulnerable systems left in the air, and publicly available, just as a way to detect this type of movement, as well as forms of commitment. On the other hand, according to search platform Shodan, which conducts a survey of connected devices, there are more than 6,500 platforms vulnerable to breach and most of them are certainly not being used by experts for threat assessment . VMware itself made an alert of this type. By disclosing the flaw as well as the necessary update and mitigations, the company warned that it might be a matter of time before attacks using the vulnerability begin to emerge. Therefore, the recommendation is that server administrators take protective measures as soon as possible, changing settings and installing updates to get rid of the problem. Source: Bad Packets (Twitter), Bleeping Computer