VMware issued a critical advisory this week regarding multiple products. Effectively an attacker can exploit multiple CVEs to do the one thing that VMware is supposed to protect the most: the physical endpoint / hosted server.
This issue should be addressed immediately if you use any of the following products:
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
What this tells us more than anything else, is that platform based security isn't going to be sufficient to handle all security threats. This kind of issue has occurred in the past, including how VMware Horizon was a good target for other security threats such as Log4j. Security professionals need to remain consistent in viewing platforms alone as not a security solution, merely an architecture one - and plan accordingly.
If anything, it once again proves ignoring endpoint security is a set-up for failure.
One of the ways to prevent this kind of issue from fully compromising your system is to look at having layers of security that will stop attacks even if they evade the initial protection of the perimeter or the platform itself. Having an MDR solution, having 24/7/365 alerting and actions taken to prevent Malware in progress from infecting a system and spreading across your corporate network is a MUST in today's world.
This has been repeatedly shown, and once again we are seeing the reason why companies need to include layers of security beyond simply basic perimeter or endpoint protections, and invest in security plans that will operate in spite of failure. You can only automate so much protection, and having the additional security feature of a 24/7/365 SOC or MDR solution can mean the difference between cleaning a single system, or coming into your office (or logging in from home) and finding your entire corporate network down.
London Security has been lucky enough to catch attacks such as this one in progress when doing our Ransomware Risk Assessment, and I recommend reaching out if your business is concerned about this threat or others that have accelerated at the beginning of 2022. Reach out today.