In early February, in the aftermath of a ransomware attack that targeted computer servers around the world running on VMware “ESXi” software, the Italian government reported that the attack was most likely the work of criminals, not a state actor or state-like actor. A statement from the Italian government affirmed that “no evidence has emerged pointing to aggression by a state or hostile state-like entity,” according to Reuters.
According to data from the U.S. cybersecurity company, Censys, most of the thousands of globally affected servers were in France, followed by the United States and Germany. A cybersecurity expert from Britain, Daniel Card, said that “[the attacks appear] to be targeting victims mainly in Western countries, but [they do] not look highly sophisticated,” according to Reuters.The software vulnerability that led to the targeting of the VMware ESXi system had been identified as far back as February 2021, after which the firm issued patches intended to resolve the issue to its customers, according to U.S. News and World Report. According to the same source, a spokesperson for the company stated that they were aware of the report indicating that servers using their software were to be targeted and reaffirmed that customers should download the patch as soon as possible. The existence of this prior warning was reaffirmed by the Italian government’s statement, which added that “some of the recipients of that advice took the warning into due consideration, others did not and unfortunately are now paying the consequences,” according to Reuters.
U.S. cybersecurity officials also said that they were ware of the attacks and said that “[the U.S. Cybersecurity and Infrastructure Security Agency (CISA)] is working with our public and private sector partners to assess the impacts of these reported incidents and [to provide] assistance where needed,” according to U.S. News and World Report. The quick response by the Italian government’s cybersecurity team to trace and publicly identify the most likely sources of the ransomware attack should be highly commended.
Ransomware and other forms of hacking are becoming a greater part of the lives of people across the globe and increasingly have become a new method of waging war which, given the incredibly important role that technology plays in the lives of many, especially in the West, has potentially devastating consequences. This is what makes the Italian government’s statement particularly important, especially in light of the current tense geopolitical atmosphere in Europe. Without such a statement, speculation would almost certainly have attempted to pin such an attack on another state or state-like entity, and given the currently strained relations in Europe at the moment, it is incredibly important for global peace-keeping that such a notion be publicly dispelled.
While this attack was conducted on a relatively small scale, it demonstrates the catastrophic potential of such an incursion, especially given that sizable numbers of users of the software had been warned years in advance and failed to protect themselves. This is increasingly distressing given the increased geopolitical relevance of cyberattacks and cybersecurity on world peace. This attack is therefore a sobering reminder of the potential vulnerabilities of systems around the world, and should be taken as such by all relevant parties, from individual firms to state actors.