I thought I would start my blog with a bang by concluding that it may be possible that the next major threat we all face may not just be the fact that we have virtual workloads or virtualized infrastructure, it could be the virtualization capability itself that may be used against us to deploy malwares or malicious operating systems.
It may be entirely possible to auto-deploy a malicious virtual image and run it on a host…… once deployed, what could it do?
With a complete operating system downloaded onto the target system just about anything could be possible including surreptitious network monitoring, network information gathering, data grabbing, vulnerability scanning from inside the network as well as just about anything else including forming an outbound virtual private network to use as a way inside the internal network. Add encryption to the scenario by encrypting the virtualized drives used by the virtual host and it now becomes almost unstoppable.
Let’s walk through this a bit by examining how this may be possible:
- Create a malware payload which consists of a virtual machine player and an infected image or an image created with hacker tools installed on it.
- Craft a zero day attack to infect a host with a file dropper to download the image and player.
- Spread the malware infection using a specially crafted social engineering based e-mail to induce your target to click and execute your zero day and deploy the malware .
- Have the malware download dropped files containing a virtual machine player (with command line capabilities) along with the malicious image you created in the first step.
- Launch your newly downloaded virtual machine image on targeted host as an installed service.
- Use host memory and process obfuscation techniques to make the processes and memory hidden.
A scary concept, one that many of us should think about and plan against.
Category: Security Tags: