VMWare Vulnerabilities’ Alert Sparks Spike in Attack Attempts - Barracuda Networks

Asia-Pacific businesses could find themselves unprotected from new VMWare vulnerabilities that prompted a sudden spike in attacks when first announced - according to Barracuda, a trusted partner and leading provider of cloud-first security solutions.

First reported on April 6, 2022, VMWare outlined the multiple new security vulnerabilities in this security advisory. Barracuda researchers started seeing probes and exploit attempts for this vulnerability soon after the release of the advisory, detecting a sharp spike in attack attempts between 20-22 April 2022.

One of the most severe vulnerabilities announced was a server-side template injection issue which has the effect of allowing an unauthenticated user with web access to execute any arbitrary shell command posing as the legitimate VMware user. The list of vulnerabilities also contained a local privilege escalation vulnerability in the affected products, which could possibly be chained by attackers.

Barracuda researchers also found that the majority of attacks originated in the U.S. geographically, with most of them coming in from data-centres and cloud providers. While the spikes came largely from these IP ranges, there are also consistent background attempts from known bad IPs in Russia. Some of these IPs perform scans for specific vulnerabilities at regular intervals, and it looks likely that the new VMware vulnerabilities have been added to their usual rotating list of Laravel/Drupal/PHP probes.

“The attacks have been consistent over time, barring a few spikes, and the vast majority of them are what would be classified as probes rather than actual exploit attempts. However, we’ll probably see low-level scanning and attempts to exploit them for some time,” said Tushar Richabadas, Senior Product Marketing Manager, Applications and Cloud Security, Barracuda.

“Even if scans and exploits remain steady, it’s important to take steps to protect your systems. One solution is patching - the ideal time to patch is now, especially if the system is internet-facing in any way. Or placing a web application firewall in front of such systems will add to a defence against zero-day attacks and other vulnerabilities, including Log4Shell.”