VMware Workspace ONE Attack
Released: Oct 26, 2022
Multiple malware campaigns targeting VMware vulnerability.
Fortinet researchers observed VMware vulnerability (CVE-2022-22954) being exploited in the wild and leveraged to deliver multiple malware payloads such as cryptocurrency miners and ransomware on the affected machines. During August 2022, more than 50,000 devices were seen in attack attempts trying to exploit this vulnerability. Learn More »
Common Vulnerabilities and Exposures
Background
VMware published a security advisory on April 2022 a CVE-2022-22954 vulnerability on their products VMware Workspace ONE Access, Identity Manager and vRealize Automation. A week later, VMware updated their advisory that CVE-2022-22954 is being exploited in the wild. https://www.vmware.com/security/advisories/VMSA-2022-0011.html
Threat Radar Overall Score: 4.6
CVSS Rating | 9.0 | |
Reconnaissance Score | 92/100 | |
KEV Catalog | Yes | |
EPSS | 97% | |
FortiGuard Telemetry | 14091 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
In April, 2022, Fortiguard labs added protections throughout the Security Fabric to block any attack attempts and are actively monitoring ever evolving malware distribution leveraging the VMware vulnerability CVE-2022-22954. User are advised to patch vulnerable versions as per the vendor's recommendations.
October 20, 2022, Fortinet researcher posted a blog elaborating exploitation of the VMware vulnerability and installation of the malware. https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
Web App Security
AV Block attack attempts related to VMware vulnerability (CVE-2022-22954)
AV (Pre-filter) Block attack attempts related to VMware vulnerability (CVE-2022-22954)
IPS Block attack attempts related to VMware vulnerability (CVE-2022-22954)
Web App Security Block attack attempts related to VMware vulnerability (CVE-2022-22954)
-
IOC
-
Outbreak Detection
-
Content Update
-
Threat Hunting
Outbreak Detection
Content Update
Threat Hunting
-
Assisted Response Services
-
Automated Response
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
-
InfoSec Services
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
-
Attack Surface Monitoring (Inside & Outside)
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.