Cloud Security

Attacks on virtualized environments may cause lateral movement to the cloud


Researchers on Wednesday reported that cybercriminals have been increasingly developing malware to conduct attacks on virtualization environments – and that could potentially have implications for the cloud as data moves laterally.

In a blog post, researchers at Positive Technologies said some of the bad actors are aggressively exploiting vulnerabilities already found in software for deploying virtual infrastructure. At the beginning of 2021, engineers at Positive Technologies helped to eliminate critical vulnerabilities in VMware products; the researchers strongly recommend installing the VWware security updates as soon as possible.

Robert Boudreaux, Field CTO at Deep Instinct, said the cloud implications are that bad actors are compromising the endpoints that primarily access the virtualized environments. So once the endpoints are compromised, Boudreaux said lateral movement from that device into the cloud workflows or storage environments becomes the natural progression.

“The best approach right now to cloud security and storage is securing the workflows themselves by inspecting the code as it is published and again as it is started,” Boudreaux explained. “For the cloud and local storage, having a scanner for the storage itself as files are written and retrieved from these environments will provide an added layer of security for your enterprise no matter what the size, vertical or type of business you are conducting.”

Dirk Schrader, global vice president, security research at New Net Technologies, said the Positive Technologies report highlights a growing focus on multipliers, targets that give attackers easy access to a large number of victims, whether by supply-chain attacks or by attacking cloud service providers.

“Other attack vectors remain on a high level by itself, but it’s bad news for telecom operators and cloud providers that they will be in the crosshair even more in the future,” Schrader said. “That shift should not lead to a lowered guard for other organizations, as the attackers will continue to use all their arsenal. It will be necessary and vital to monitor infrastructure for unexpected changes, maintain diligence on accounts and associated user rights.”

In April, Positive Technologies was one of six Russian companies and 32 individuals and entities that had sanctions placed on them by the Biden administration. Positive Technologies has had the Russian government as a client for the 20 years of its operation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.