The recent Venom Vulnerability has been open since 2004. The ShellShock Vulnerability released last year was open for 25 years! What is happening now that is causing us to just get around to finding out about these flaws?
What is happening is the evolution of virtual machines (VMs). VMs are operating systems or application environments installed on software that are meant to imitate dedicated hardware. Essentially, these machines aim to offer the end user the same experience virtually as they would have on dedicated hardware. These virtual machines are managed by a hypervisor, a program that facilitates the multiple operating systems.
The use of VMs and hypervisors have presented challenges for security professionals in the past because of security concerns where malware can exploit the virtual machine and threats can be posed to the hypervisor itself. This trend looks like it may be set to continue.
Here are 5 reasons why Virtual Machine and Hypervisor Security might become a challenge for security professionals in the future.
- VM Escape: If we are just getting around to finding flaws in the Floppy Disk Driver, are there other driver instances that could also allow for this break out? How high is the risk of the VM interacting with the host system?
- OpenSSL Vulnerabilities: Previous VM Escape vulnerabilities applied only to a single virtualization platform or they didn’t directly allow for arbitrary code execution. OpenSSL vulnerabilities that continue to plague encryption could become the start of something more.
- APT Vulnerabilities and Backdoors: RAM scraping attacks are one way that APT vulnerabilities and backdoors can be exploited. Viewing CPU states from a provider level is easy and revealed to be in use by the PRISM program. What guarantees that there aren’t view states open to others?
- Provider Protections: What if an insider purposely creates a backdoor in a VM? Will your cloud provider have the detection and mitigation capabilities for this?
- Future Patches: With virtualization happening on network devices as well as servers there could be a large region of patchwork in the future. Will we have to patch all of the ADCs and Network Function Virtualization (NFV) platforms every time a new exploit comes out?
These scenarios are things we have to ask ourselves about as security professionals. Application testing needs to be aggressively done, but is it getting done, and if so, who is doing this testing? It seems that more and more vendors are just releasing products and this leaves us all vulnerable to the next headline-grabbing threat that has gone undiscovered for the past decade. What we need to do as security professionals is ensure that both the hypervisor and virtual instances are protected. A way to do this is to have thorough protection that includes on hypervisor behavior anomaly detection and virtual instance protection including hybrid solutions that are platform agnostic. Read more about how a Hybrid Cloud Based WAF Service can help provide unmatched protection from today's most challenging web-based cyber-attacks.