19 servers spread across Italy were attacked (for a total of 300 across Europe) and were mostly managed by small and medium-sized enterprises operating in non-critical sectors.
Table of Contents:
What to do?
Cybersecurity First
What to do?
Regarding this attack campaign, the Italian CSIRT (Computer Security Incident Response Team) reported what was published in the security advisory of the French Computer Emergency Response Team (CERT-FR), which invites you to follow the instructions provided by
In summary, it is recommended to disable the SLP service on ESXi hypervisors that have not been updated and to proceed with applying all available patches. At the same time, it is recommended to perform a system scan to identify any compromises. This is because the attacker may have already exploited the vulnerability and been able to delete the malicious code.
Cybersecurity First
Although our country is only marginally affected, sometimes it is the lack of attention from companies in terms of IT security that determines the success of attacks. In this case, in fact, the vulnerability had been known for almost two years and VMware had provided the patch to correct the bug.
This highlights how fundamental prevention activity is, which generally involves updating infrastructures to avoid exposing systems and providing a Disaster Recovery plan , in order to restore data and file backups in a short time and ensure the stability of the company's business.