Running VMware ESXi? Better check this out!

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

Did you know? Apple products always show 9:41 on their clock in advertisements. This because Steve Jobs unveiled the first iPhone at precisely 9:41.
Not a fan, but that’s pretty cool.

In this week's edition:
🏴‍☠️ VMware ESXi under full scale attack
🧱 Don’t fall into “frontdoor security” protocols
❔ Disable User Explains: Risk Appetite
🔥 the quick and dirty

Reading time: 02:51

VMware ESXi under full scale attack

Although the exploit is almost 2 years old, last week unpatched VMware ESXI servers were targeted by a new ransomware named ESXiArgs.

Over 2400 VMware servers were reportedly victim of the ransomware.
I have to be honest here, I find it hard to call anyone a victim if you don’t update your OS for 2 years.

I could write an entire post about what they could have done to prevent this, but let’s not get too Captain Hindsight-y.
Luckily, there is some good news:

• The ransomware was highly ineffective - the ransomware did not manage to encrypt the underlying virtual hard disks, making it easier for companies to restore data.

• A method to help with the decryption was quickly online - Although the method was a bit tech-y for some people, the U.S. Cybersecurity and Infrastructure Security Agency created a script based on their method.

• Only four payments, for a total of $80 thousand, were made - Every penny wasted on hackers is one too many, but four payments on 2400 servers isn’t much. For reference, the famous CryptoLocker ransomware made over $3 mil.

Original help;

CISA script;

Okay I said I wasn’t going to do it but..

Don’t fall into “frontdoor security” protocols

Frontdoor security.
Not sure if it exists, but if the phrase hasn’t been claimed - you heard it here first!

In my not that long career, I’ve had the pleasure of meeting a lot of great people. Experienced people, experts in their field. People with a clear vision, and knowledge that’s sometimes frightening.

Yet when it comes to making changes, they get stuck over the tiniest of details. It’s mostly processes that affect them, or processes that have been around for quite some time.
And when it affects people personally, suddenly it’s very hard to see the full picture.

So what happens is, they fall into detail and many more meetings than necessary were planned. Making little to no progress, making it even harder to accomplish something.
Without someone there to keep track of the bigger picture, the general idea will get lost and nothing will be done. Which in security could lead to scenario’s like unpatched VMware servers.

So the advice I’m giving here is;

• If you feel you’re getting into too much detail on a subject that’s rather small, take a step back.

• If you can’t take a step back, bring in someone who can.

• Don’t focus on locking your windows, when your front door is wide open.

Risk Appetite

Amount and type of risk that an organization is willing to pursue or retain.

Different companies have different risk appetites.
Start-ups have a big risk appetite because without taking risks they cannot grow.

Banks have a low risk appetite. They rather have 50 known low-risk income strategies, than 1 high risk, high stake strategy.
(Haha yeah, remember what happened in 2008?)

The quick and dirty

• Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot - All the Ubiquiti fanboys are in shock right now

• More tech job market misery as Dell lays off 5% of worldwide workforce - Recession, anyone?

• Microsoft Outlook outage prevents users from sending, receiving emails - Microsoft just keeps piling up f#ck-ups the last few weeks, time to bring in another BINGO card?

• Meme of the week