Virtualization Technology News and Information
Kudelski Security 2017 Predictions: Increase in Discovered Hypervisor Vulnerabilities

VMblog Predictions 2017

Virtualization and Cloud executives share their predictions for 2017.  Read them in this 9th annual series exclusive.

Contributed by Andrew Howard, chief technology officer, Kudelski Security

Increase in Discovered Hypervisor Vulnerabilities

2017 will see a rise in the discovery of vulnerabilities in hypervisors. As businesses are continuing to virtualize their infrastructures ranging from servers and desktops to storage and even mobile devices, security efforts to date have been focused on securing the virtual machines from outside forces, but not the hypervisor itself. While hypervisors don't contain many vulnerabilities due to being such a thin layer, 2016 saw an increase in the number of published vulnerabilities targeting them (Xen for example). This means that more people are focusing greater attention on the hypervisor and hopefully, it will be researchers, and not cybercriminals, making the discoveries.

For enterprises with heavily virtualized estates, they are likely relying on a single hypervisor technology across all virtual machines. This is an "all your eggs in one basket" situation. The concern is that an attacker may find a way to communicate between virtual machines or break into the hypervisor itself. Virtualized technology has a lot benefits for availability and scalability; however, the trade-off is a larger risk exposure to these types of attacks. We view this risk as small, but not zero. Enterprises should expect more hypervisor-focused attacks in 2017 and should have a defensive strategy.

These types of attacks, if successfully executed, will have a high impact due to the number and quality of systems likely impacted. Enterprises, due to the availability and scalability benefits, tend to virtualize important systems. Segregation of systems by sensitivity or classification should be a key defense priority. Do not run low security virtual machines, which are more vulnerable to attack, on the same physical hardware as high security virtual machines.  Solid cyber security hygiene for all virtual systems and the underlying hypervisor will go a long way to protect against rudimentary attacks.  For more sophisticated attack scenarios involving specific technologies, redundancy across different technology platforms may provide a solid defensive option. As with any critical enterprise system, instrumentation and monitoring of these systems is a must.

The threat is real and growing - more virtualized machines out there means more hypervisors deployed, which means more points of vulnerability. And once a criminal cracks the hypervisor, they have the keys to kingdom. 


About the Author

As the Chief Technology Officer for Kudelski Security, Andrew Howard is responsible for the evolution, development and delivery of the organization's technology strategy and solution architecture, including selecting and validating third party technologies and managing research, development and labs.

Prior to joining Kudelski Security, Andrew was a Laboratory Director at Georgia Tech, spearheading the information security research and advisory programs. He has served as advisor on emerging security threats to Fortune 250 CISOs and government bodies and has extensive experience as a security architect, strategist and technical leader. Andrew has an MBA in Management of Technology and a master's degree in Information Security from the Georgia Institute of Technology, and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).

Andrew Howard 

Published Monday, November 21, 2016 7:06 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2016>