The Italy National Cybersecurity Agency has reported that a global ransomware attack had taken place, compromising thousands of computer servers from organisations in Italy, France, Finland, United States and Canada. Cybersecurity officials are still assessing the impact of the attack, and are warning organisations to secure their assets before they get locked out.
“The cyber-attack on the Italian infrastructure is quite different from the attacks that we normally hear about in the daily news, with damage and data breaches targeting private organisations. This ransomware attack has a potential impact that could spill over to the entire citizenry, producing national, or even global, disruptions.” said Teong Eng Guan, Regional Director, Southeast Asia and Korea, Check Point Software Technologies.
“The possible inefficiencies, on which we depend, and which have occurred in recent hours, can be attributed precisely to this huge ransomware attack, a growing threat not only in Italy, but worldwide. Already last July, our threat intelligence, Check Point Research, reported a 59% increase in ransomware, year-on-year and globally. Considering this disproportionate growth and the attack reported yesterday, it is good to reiterate that, in this digital age, defending against and preventing cyber threats must be the number one priority of entities, organisations and home users. A cybersecurity strategy that involves everyone, from the individual citizen to the government leadership, is absolutely vital.”
“The recent massive cyber attack on ESXi servers is considered the most extensive cyber attack ever reported on non-Windows machines. What makes the situation even more worrying is the fact that until recently, ransomware attacks were limited to Windows-based machines. The ransomware threat actors have realised how crucial Linux servers are for the systems of institutions and organisations. This has certainly prompted them to invest in the development of such a powerful cyber weapon and to make ransomware so sophisticated.”
“According to what our research team also analysed, the ransomware attack did not only stop at the Italian IT infrastructure. Cybercriminals exploited CVE-2021-21974, a flaw already reported in February 2021. But what can make the impact even more devastating is the use of these servers, on which other virtual servers are usually running. Thus, the damage is probably widespread, more than we can imagine.” concluded Teong Eng Guan.
“Patching software isn’t a nice-to-have; it is a necessity, especially when we’re talking about computer systems used by companies. When a vulnerability is found, users must try to mitigate this and protect affected systems. One of the best ways to do so is to apply a patch, if one is on offer.” said Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group.
“Granted, there are instances when IT will need to apply the patch on a staging or test system first to ensure it will not interfere with normal operations. Nevertheless, this should not be used as a reason to delay patching for more than a year. If there is reason to delay the patching, then other measures should be put in place to compensate for this.”
“Patching software, be it commercial or open source, must be a planned procedure. To make it successful, companies must take a thorough approach, starting with an inventory of the software it uses. Once this inventory is established, it is critical that the company is regularly kept up to date on any changes or news about the software. That way, if a vulnerability is identified, those responsible can take the necessary steps to protect their systems. If a patch is made available, this should be tested and applied to affected systems as soon as possible. Organisations would benefit from having a clear, step-by-step guide, outlining the actions they need to take in these situations. This guide should be tested periodically as well. Without testing the plan and improving on it, one cannot be sure that it will work in reality.” concluded Boris Cipot.