Virtualization Vulnerabilities & Cloud-specific Vulnerabilities

Virtualization Security

In today’s cloud-based environments, virtual machines (VMs) can be created and destroyed quickly, often in large numbers.

• Quantity of resources vary between VMs. These virtual machines may all be built with different configurations

• Since VMs can have varying configurations, the complexity of managing them increases, providing attackers with more opportunities to exploit vulnerabilities.

You should apply the same security best practices to virtual machines as you would to physical devices. Virtualized environments also introduce some security challenges, including:

• Local privilege escalations: Attackers gaining higher privileges within a VM.

• Command injection: Malicious code being executed due to improper handling of inputs.

• Information disclosure: Sensitive data being exposed due to misconfigurations or vulnerabilities.

VM Escape

Refers to an attack where an attacker breaks out of a VM and gains access to the host operating system or hardware.

• Some hypervisors manage tens or even hundreds of virtual machines. If an attacker can escape from one VM, they may be able to access another VM running on the same hypervisor.

• Would allow the attacker to access multiple systems and the data contained within them, leading to significant security breaches

Escaping the VM Example

In March 2017, during the Pwn2Own competition, attackers demonstrated a VM escape exploit.

• Attackers were able to use a bug in the JavaScript engine of Microsoft Edge to gain access to a sandbox that’s built into the Edge browser.

• From that sandbox, they were then able to exploit a vulnerability within the Windows 10 kernel.

• Allowed them to gain full access to that guest operating system.

• From there, they were able to take advantage of a hardware simulation bug within VMware and hop from one VM to another VM within that same hypervisor.

Patches were quickly released to fix the vulnerabilities, but this example highlights the serious risks associated with VM escape attacks

Resource Reuse

The hypervisor assigns specific amounts of resources to each virtual machine (VM). However, this doesn't mean that each VM has exclusive access to those resources.

• A hypervisor host may have a total of 4 GB of physical RAM, but if it's managing three VMs, each might be allocated 2 GB of RAM. This means the system is using 6 GB of memory on a host that only has 4 GB of physical RAM.

• In this scenario, memory areas might be reused or shared. One VM could potentially write to a memory area, and another VM could read from it

Security in the Cloud

Over a short period, companies have widely adopted cloud services, and today, almost every organization runs one or more applications in the public cloud. It's hard to find a company that isn't using the cloud in some capacity.

• However, with the convenience of storing sensitive data in the cloud, attackers are also targeting this data.

• Unfortunately, many organizations are not putting the right protections in place. For instance, 76% of organizations don’t use multifactor authentication (MFA) to access their cloud-based systems' central console.

• 63% of code in production remains unpatched, leaving systems vulnerable. Some of these vulnerabilities have a Common Vulnerability Scoring System (CVSS) rating of 7 or higher on a scale of 10

Attack The Service

When you deploy an application in the public cloud, anyone in the world can potentially attempt to connect to it, which is the purpose of using the cloud—broad accessibility. However, this also opens the door for anyone to try to take down the application.

• Attackers launch Denial of Service (DoS) rendering it unavailable to legitimate users.

• If authentication processes are weak or misconfigured, unauthorized users could gain access to sensitive information, leading to a data breach

• A common misconfiguration seen in web servers is directory traversal, which allows users to navigate through the server’s structure and access files or directories.

• If the system is unpatched, attackers can exploit existing vulnerabilities in the application or operating system.

• Could allow them to perform remote code execution, giving them full control over the cloud-based system and enabling them to run any application they choose.

Attack the Application

Attackers can exploit vulnerabilities in applications to gain access to the cloud environment.

• Web application attacks have become increasingly common, with well-known vulnerabilities like Log4j and Spring Cloud Function

• You don't need extensive IT security knowledge to exploit these vulnerabilities, and once exploited, attackers often gain full control of the system, leading to potentially massive rewards.

Common application vulnerabilities include:

• Cross-Site Scripting (XSS): Exploits poor input validation

• Out-of-Bounds Write: Attackers can write data to memory locations that should be off-limits

• SQL Injection: This allows attackers to directly manipulate a database by injecting malicious SQL code into the application's input fields, potentially exposing or corrupting sensitive data.