Home Security New ‘MichaelKors’ Ransomware-as-a-Service Focusing on Linux and VMware ESXi Methods

New ‘MichaelKors’ Ransomware-as-a-Service Focusing on Linux and VMware ESXi Methods

by crpt os


May 15, 2023Ravie LakshmananLinux / Hypervisor Jackpotting

A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023.

The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a report shared with The Hacker News.

“This trend is especially noteworthy given the fact that ESXi, by design, does not support third-party agents or AV software,” the company said.

“In fact, VMware goes as far as to claim it’s not required. This, combined with the popularity of ESXi as a widespread and popular virtualization and management system, makes the hypervisor a highly attractive target for modern adversaries.”

Cybersecurity

The targeting of VMware ESXi hypervisors with ransomware to scale such campaigns is a technique known as hypervisor jackpotting. Over the years, the approach has been adopted by several ransomware groups, including Royal.

What’s more, an analysis from SentinelOne last week revealed that 10 different ransomware families, including Conti and REvil, have utilized leaked Babuk source code in September 2021 to develop lockers for VMware ESXi hypervisors.

Other notable e-crime outfits that have updated their arsenal to target ESXi consist of ALPHV (BlackCat), Black Basta, Defray, ESXiArgs, LockBit, Nevada, Play, Rook, and Rorschach.

Part of the reason why VMware ESXi hypervisors are becoming an attractive target is that the software runs directly on a physical server, granting a potential attacker the ability to run malicious ELF binaries and gain unfettered access over the machine’s underlying resources.

Attackers looking to breach ESXi hypervisors can do so by using compromised credentials, followed by gaining elevated privileges and either laterally moving through the network or escaping the confines of the environment via known flaws to advance their motives.

VMware, in a knowledge base article last updated in September 2020, notes that “antivirus software is not required with the vSphere Hypervisor and the use of such software is not supported.”

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

“More and more threat actors are recognizing that the lack of security tools, lack of adequate network segmentation of ESXi interfaces, and [in-the-wild] vulnerabilities for ESXi creates a target rich environment,” CrowdStrike said.

Ransomware actors are from the only outfits to strike virtual infrastructure. In March 2023, Google-owned Mandiant attributed a Chinese nation-state group to the use of novel backdoors dubbed VIRTUALPITA and VIRTUALPIE in attacks aimed at VMware ESXi servers.

To mitigate the impact of hypervisor jackpotting, organizations are recommended to avoid direct access to ESXi hosts, enable two-factor authentication, take periodic backups of ESXi datastore volumes, apply security updates, and conduct security posture reviews.

“Adversaries will likely continue to target VMware-based virtualization infrastructure,” CrowdStrike said. “This poses a major concern as more organizations continue transferring workloads and infrastructure into cloud environments – all through VMWare Hypervisor environments.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex