Austin Gadient is CTO & cofounder of Vali Cyber. Vali’s ZeroLock Platform protects Linux systems and hypervisors.
getty
A significant part of navigating the complex realm of cyber threats is addressing the vulnerabilities inherent in ESXi hypervisors, a cornerstone of modern IT infrastructure and virtualization. ESXi plays a crucial role as a hypervisor, managing and hosting virtual machines (VMs). Despite its central importance, the security of ESXi environments is often overlooked, mainly due to their limited ability to integrate advanced security tools.
This oversight leaves ESXi environments vulnerable, making them attractive targets for cybercriminals looking to exploit network weaknesses or deploy ransomware. As a cybersecurity expert, I have seen the devastating impacts of such attacks, with high-profile incidents like the $100 million MGM casino ransomware hack serving as stark reminders of how severe the consequences can be. IT managers must implement robust security measures to protect these vital systems from increasingly sophisticated cyber threats.
Understanding The Threat Landscape
Until recently, there has been no runtime security available for ESXi. Because of this gap in protection, nation-state actors often exploit ESXi vulnerabilities to maintain a prolonged and undetected presence within networks. This kind of stealth attack is especially concerning because of the previously limited security capabilities of ESXi hypervisors.
Perhaps the most alarming threat to ESXi systems is ransomware. Encrypting an ESXi system results in the simultaneous compromise of all hosted VMs, leading to massive operational disruptions. Cases like the $60 million Johnson Controls cyberattack show how serious these attacks can be to our critical infrastructure and defense systems.
Attackers tend to exploit two critical vulnerabilities in ESXi systems. Older versions of ESXi are prime targets for cybercriminals because of their known security flaws, such as the CVE-2021-21-74 vulnerability. Another frequent attack vector involves gaining administrative credentials to ESXi systems. Attackers use these credentials to modify security settings and launch remote attacks, which can result in significant data breaches and/or operational disruptions.
Proactive Security Strategies
Mitigating these threats takes a multi-pronged approach. First, keeping ESXi systems updated with the latest security patches is fundamental. Regular updates close off known vulnerabilities, reducing the risk of exploitation. Employing standards like the CIS benchmarking framework ensures systems are configured correctly for optimal security. Adjusting default security settings in ESXi, strengthens the system against potential threats.
If a cyberattack succeeds, I strongly advise against paying ransoms. This doesn’t just fuel the cybercrime cycle; it’s also no guarantee that your data or systems will ever be restored. Would you trust someone who broke into your systems and held your data for ransom to keep their word? I certainly wouldn’t. This also follows the newest pledge set forth by the Counter Ransomware Initiative, of which the US is a participant.
Backups are often recommended as a solution for ransomware attacks against ESXi systems. Unfortunately, backups suffer from a critical issue when it comes to security breaches. How do you know if the attacker’s malware isn’t in the image you are using to restore your systems? Attackers typically dwell in a network for a median of 16 days. Defenders must then choose between 16 days of data loss or the potential of letting a threat actor re-enter their network. Backups are effective at restoring systems for issues such as corrupted drives because there is likely no threat actor on the network in this scenario. That’s why it’s important to pick the right use case for backups.
The increasing sophistication of cyber threats means we have to employ equally advanced security measures. Organizations relying on ESXi must adopt comprehensive security practices to protect their virtual environments. Securing ESXi hypervisors is more than just a technical challenge; it’s a critical business imperative. By adopting these strategies and tools, businesses can safeguard their virtual infrastructure and guard against evolving cyber threats. Fortunately, with new runtime security for ESXi coming to the market, there are going to be even better answers to the ESXi security problem.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
