Search This Blog

Powered by Blogger.

Blog Archive

Labels

Global Ransomware Attack Targets VMware ESXi Servers

The Italian National Cybersecurity Agency (ACN) recently reported a global ransomware hacking campaign that targeted VMware ESXi servers.



Cybersecurity firms around the world have recently warned of an increase in cyberattacks, particularly those targeting corporate banking clients and computer servers. The Italian National Cybersecurity Agency (ACN) recently reported a global ransomware hacking campaign that targeted VMware ESXi servers, urging organisations to take action to protect their systems.

In addition, Italian cybersecurity firm Cleafy researchers Federico Valentini and Alessandro Strino reported an ongoing financial fraud campaign since at least 2019 that leverages a new web-inject toolkit called drIBAN. The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments, altering legitimate banking transfers performed by the victims and transferring money to an illegitimate bank account.

These accounts are either controlled by the threat actors or their affiliates, who are then tasked with laundering the stolen funds. The fraudulent transactions are often realized by means of a technique called Automated Transfer System (ATS) that's capable of bypassing anti-fraud systems put in place by banks and initiating unauthorized wire transfers from a victim's own computer.

The operators behind drIBAN have become more adept at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks. Furthermore, there are indications that the activity cluster overlaps with a 2018 campaign mounted by an actor tracked by Proofpoint as TA554 targeting users in Canada, Italy, and the U.K.

Organisations need to be aware of these threats and take immediate action to protect their systems from cyberattacks. The ACN has reported that dozens of Italian organisations have been likely affected by the global ransomware attack and many more have been warned to take action to avoid being locked out of their systems.


Share it:

Anonymous

Data Breach

ICAN

Italy

Kali

Linux

PowerShell

servers

Software

Trojan

unauthorised access

zero-day