Hyperjacking

Virtualization is the modern way building a datacenter or just running business application. It is simple, it saves money for hardware and power. It’s easier to provision servers, it’s easier to move servers, and it’s easier to decommission servers. It’s easier to set up networks. It’s easier from a management perspective all around. But in order to attain this simplicity, a complexity is added on the platform side – the hypervisor. Part of that complexity is Hyperjacking.

Hyperjacking is an attack which takes control over the Hypervisor that creates the virtual environment within a VM Host.

Hyperjacking

Still Hyperjacking is not common and it’s more theoretically at this point, it’s a critical threat to the security of every virtualized environment. Hyperjacking involves installing a rogue hypervisor that can take complete control of a server. Regular security measures are ineffective because the OS will not even be aware that the machine has been compromised.

Because the hypervisor actually runs underneath the operating system it’s a juice target for attackers who want not only to own host servers in order to attack guest VMs, but also to maintain persistence. Gaining control of the hypervisor the bad guy can control everything running on the machine.

For a hyperjacking attempt to succeed, an attacker would need a processor capable of doing hardware-assisted virtualization, also the attacker would need to either have physical access to a server, or somehow convince an administrator/user to install some malicious code.

Mitigation techniques

Some basic design features in a virtual environment can help mitigate the risks of hyperjacking:

  • Security Management of hypervisor must be kept separate from regular traffic. This is more network related measurement than a hypervisor itself related.
  • Guest operating systems should never have access to the hypervisor. Management tools should not be installed or used from guest OS.
  • Regular patching the hypervisor.