The importance of installing updates has been highlighted by VMware Users who have failed to update and found themselves at the mercy of malware attacks.
VMware is a tech company which specializes in providing both cloud computing services and virtualization technology (such as remote desktop software). Founded nearly 25 years ago, VMware has proved to be highly popular with businesses of all sizes. However, this experience doesn’t mean their software is perfect. In fact, no tech company – not even the biggest ones – can claim to create products which are 100% resistant to threat actors.
And that’s why VMware’s Workspace ONE Access service, an application which allows digital apps in an organization to be accessed on any device, has been compromised. The attack has been declared a significant one, so we’re going to take you through it.
Workspace ONE Compromised
The attack, which was discovered by security experts at Fortiguard Labs, centers around a vulnerability patched by VMware back in April 2022. However, this attack is still targeting this exploit, an indicator that the uptake of VMware’s patch has been poor. As a result, the CVE-2022-22954 vulnerability has the potential to open your PC up to all manner of malware.
If the vulnerability is still present, threat actors have the opportunity to launch remote code execution attacks against an infected PC. With the help of this foothold, the hackers have been able to download a wide range of malware to PCs and their associated networks. Examples involved in this attack have included:
- Cryptoware
- Ransomware
- Software which removes other cryptomining apps
- Malware used to spread the attack even further
- Botnets
All of these campaigns are installed and operated separately, indicating that this is a well-organized attack by the unknown threat actors. Activity for the overall campaign peaked in August 2022, but it remains active as it seeks further users of Workspace ONE who have failed to patch their software.
Protecting Yourself Against Software Exploits
The impact of falling victim to the Workspace ONE vulnerability is huge as it attacks its victims on numerous fronts. Not only is there the financial risk of ransomware, but the activity of cryptoware and ransomware is going to seriously eat into the resources of your IT infrastructure. Therefore, you need to make sure you carry out the following:
- Install all updates: if you are a Workspace ONE user then you need to ensure it’s fully patched and up to date. And, once this is complete, it’s crucial you make sure all your software is patched.
- Monitor network activity: one of the most obvious signs of a botnet or cryptoware infection is a surge in network activity. Accordingly, it’s important to establish a benchmark for what constitutes ‘normal’ network activity within your organization. If this benchmark is breached, investigating it closer may reveal a malware attack is taking place.
- Limit user access: minimizing the attack surface which a piece of malware has access to can reduce the impact of the attack. So, for example, if access to the Workspace ONE software was restricted to only those who need it, the chances of the exploit damaging the network would be reduced.
For more ways to secure and optimize your business technology, contact your local IT professionals.