“Hyperjacking”的意思、由来-开放百科全书

Hyperjacking is an attack in which a hacker takes malicious control over the hypervisor that creates the virtual environment within a virtual machine (VM) host.^[1] The point of the attack is to target the operating system that is below that of the virtual machines so that the attacker's program can run and the applications on the VMs above it will be completely oblivious to its presence.

Overview

Hyperjacking involves installing a malicious, fake hypervisor that can manage the entire server system. Regular security measures are ineffective because the operating system will not be aware that the machine has been compromised. In hyperjacking, the hypervisor specifically operates in stealth mode and runs beneath the machine, it makes more difficult to detect and more likely gain access to computer servers where it can affect the operation of the entire institution or company. If the hacker gains access to the hypervisor, everything that is connected to that server can be manipulated.^[2] The hypervisor represents a single point of failure when it comes to the security and protection of sensitive information.^[3]

For a hyperjacking attack to succeed, an attacker would have to take control of the hypervisor by the following methods:^[4]

Mitigation techniques

Some basic design features in a virtual environment can help mitigate the risks of hyperjacking:

Known attacks

As of early 2015, there had not been any report of an actual demonstration of a successful hyperjacking besides "proof of concept" testing. The VENOM vulnerability (CVE-2015-3456) was revealed in May 2015 and had the potential to affect many datacenters.^[5] Hyperjackings are rare due to the difficulty of directly accessing hypervisors; however, hyperjacking is considered a real-world threat.^[6]

See also

References

1. ^¹²³{{cite web|title=HYPERJACKING|url=http://itsecurity.telelink.com/hyperjacking/|website=Telelink|accessdate=27 February 2015}}
2. ^{{cite web|last1=Gray|first1=Daniel|title=Hyperjacking - Future Computer Server Threat|url=http://www.syschat.com/hyperjacking-future-computer-server-threat-4917.html|website=SysChat|accessdate=27 February 2015}}
3. ^{{cite web|last1=Ryan|first1=Sherstobitoff|title=Virtualization Security - Part 2|url=http://virtualization.sys-con.com/node/740145|website=Virtualization Journal|accessdate=27 February 2015}}
4. ^{{cite web|last1=Sugano|first1=Alan|title=Security and Server Virtualization|url=http://windowsitpro.com/virtualization/security-and-server-virtualization|website=WindowsITPro|accessdate=27 February 2015}}
5. ^{{cite web|title=VENOM Vulnerability|url=http://venom.crowdstrike.com/|website=CrowdStrike.com|accessdate=18 October 2016}}
6. ^{{cite web|title=Common Virtualization Vulnerabilities and How to Mitigate Risks|url=https://pentestlab.wordpress.com/tag/virtualization/|website=Penetration Testing Lab|accessdate=27 February 2015}}