Over the last twelve months, VMWare has made headlines multiple times due to being the latest target of cyber-attacks. The best defense against such attacks for any organization is to build a resilient environment. To do this requires not only technical changes but also procedural changes and mindset shifts.
Assume your organization is being targeted
All organizations' infrastructure and information security teams should learn to think that nefarious individuals are targeting them. This thinking leads to teams that are more prepared for potential breaches. Let's look at some practical tasks that can assist in preparation.
Updated business continuity plans
Ensure that disaster recovery plans always include ransomware contingencies. Services should always be possible to restore without paying an attacker. Attackers are not guaranteed to assist once paid, and even if they do, the tools they provide could contain malware. The attackers also share details on exploiting the environment with other ransomware groups, so one attack is usually followed closely by another attack.
Ensuring software and firmware are up to date offers potential attackers the smallest footprint to abuse in an organization. Often, attackers will leave a hardened environment instead of targeting quick and easy wins with easily exploitable setups.
Administration of infrastructure
Administrators should have dedicated accounts to manage infrastructure. Role-Based Access Control, or RBAC, is the recommended option for granting access as this ensures minimal just-in-time access to complete a required task.
Running the latest software and firmware updates from all vendors, not just VMWare, and adopting a defensive mindset for the operational team will assist any organization in minimizing attacks on their environment.