WaterISAC is sharing this for broader awareness of the threat against out-of-date VMware ESXi servers, on the impact such incidents can have on mission critical resources, and most importantly how this incident enabled adversaries to access and encrypt a broadband radio network.
The Public Safety ISAO is sharing this vulnerability advisory due to attacks that exploited unpatched ESXi vulnerabilities in public safety networks leading to compromises of a radio network, computer-aided dispatch system, and a large portion of a municipal network. Three attacks in close succession, including the Akira ransomware syndicate, bring these vulnerabilities to the forefront. Members are encouraged to review the attached advisory. Likewise, utilities using out-of-date VMware ESXi servers are encouraged to update vulnerable systems accordingly.
Recommended mitigations from the Public Safety ISAO include:
- Protect internet-facing services
- Patch known exploited flaws, prioritizing ESXi
- Establish regular data backups
Additional Resources:
- Security Advisories | VMware
- Known Exploited Vulnerabilities Catalog | CISA
- Akira, again: The ransomware that keeps on taking | SOPHOS
