You are here

(TLP:CLEAR) Public Safety ISAO Vulnerability Advisory – Exploitation of ESXi Vulnerabilities Disrupted Emergency Services

(TLP:CLEAR) Public Safety ISAO Vulnerability Advisory – Exploitation of ESXi Vulnerabilities Disrupted Emergency Services

Created: Tuesday, February 6, 2024 - 15:06
Categories:
Cybersecurity, Security Preparedness

WaterISAC is sharing this for broader awareness of the threat against out-of-date VMware ESXi servers, on the impact such incidents can have on mission critical resources, and most importantly how this incident enabled adversaries to access and encrypt a broadband radio network.

The Public Safety ISAO is sharing this vulnerability advisory due to attacks that exploited unpatched ESXi vulnerabilities in public safety networks leading to compromises of a radio network, computer-aided dispatch system, and a large portion of a municipal network. Three attacks in close succession, including the Akira ransomware syndicate, bring these vulnerabilities to the forefront. Members are encouraged to review the attached advisory. Likewise, utilities using out-of-date VMware ESXi servers are encouraged to update vulnerable systems accordingly.

Recommended mitigations from the Public Safety ISAO include:

  • Protect internet-facing services
  • Patch known exploited flaws, prioritizing ESXi
  • Establish regular data backups

Additional Resources: