Attacking virtualisation: Web crooks' New Year's resolution

Time to lock down your hypervisor

Never shy of jumping on a passing technology bandwagon, canny cybercriminals now have virtualisation in their sights.

According to a report by security vendor Trend Micro, next year online crooks will turn their attention to virtualisation and cloud environments as the technologies' take-up increases among businesses.

"New attack vectors will arise for virtualised/cloud environments" next year, according to the report, which identifies the hypervisor as one area in particular that virtualisation users should look to protect.

"Hypervisors bring both new capabilities and new computing risks. As virtualisation becomes mainstream, it will become ever more important to find new ways to identify risks and protect these new infrastructures. Hypervisors, while central to all virtualisation methods, are a core risk area," it said.

The hypervisor, essentially a software layer that allows multiple OSes to run on the same hardware at the same time, "is a natural security target" as it controls all aspects of virtual machines, the report added.

The APIs used by virtual machines to make requests from the hypervisor are also considered "prime targets for malicious code", especially those that have been made public by vendors.

"There is a risk that, owing to the rapid change in the API space and the current race to market, management systems will, in the future, not be secure," the report concluded.