Recently, researchers have made strides toward detecting malware in hypervisors, but are there a few best practices,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
particularly for hypervisors, that can prevent malware from getting on there in the first place? Also, how common is hypervisor malware?
Malware for hypervisors is rare, but could have a significant effect on the trustworthiness of the system as reported. For hypervisor malware to increase in occurrence, it's likely that criminals would need to find ways to more easily monetize attacks on the hypervisor. However, given the high level of access that could be gained by compromising a hypervisor, these types of attacks are one of several virtualization security concerns that are likely to increase in occurrence and could cause significant disruptions, such as denial-of-service (DoS) attacks or compromises of sensitive data.
Also, some hypervisors are vulnerable to malware attacks because of the platform they run on. Microsoft Hyper-V, VirtualPC and certain versions of VMware, run on top of Windows, and other hypervisors run on top of Linux-based systems. The Linux or Windows server components could be attacked to compromise the security of the virtual infrastructure.
A new method that can be used to prevent malware from infecting a hypervisor was discussed in a recent technical report by researchers at North Carolina State University and IBM, but some other best practices can be taken. These could include isolating the management interfaces of, and connections to the hypervisor to only the systems that need access, not running un-trusted code on the hypervisor , such as software not provided by the hypervisor vendor and keeping the hypervisor software up to date. This excludes any security measures that should be taken on the guest OSes on the virtual infrastructure to ensure the guests cannot be used to attack the hypervisor.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.