HOME

TheInfoList



OR:

Hyperjacking is an attack in which a
hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
takes malicious control over the
hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is calle ...
that creates the virtual environment within a
virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
(VM) host. The point of the attack is to target the operating system that is below that of the virtual machines so that the attacker's program can run and the applications on the VMs above it will be completely oblivious to its presence.


Overview

Hyperjacking involves installing a malicious, fake
hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is calle ...
that can manage the entire server system. Regular security measures are ineffective because the
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
will not be aware that the machine has been compromised. In hyperjacking, the hypervisor specifically operates in stealth mode and runs beneath the machine, it makes it more difficult to detect and more likely to gain access to computer servers where it can affect the operation of the entire institution or company. If the hacker gains access to the hypervisor, everything that is connected to that server can be manipulated. The hypervisor represents a single point of failure when it comes to the security and protection of sensitive information. For a hyperjacking attack to succeed, an attacker would have to take control of the hypervisor by the following methods: * Injecting a rogue hypervisor beneath the original hypervisor * Directly obtaining control of the original hypervisor * Running a rogue hypervisor on top of an existing hypervisor


Mitigation techniques

Some basic design features in a virtual environment can help mitigate the risks of hyperjacking: * Security management of the hypervisor must be kept separate from regular traffic. This is a more network related measure than hypervisor itself related. * Guest operating systems should never have access to the hypervisor. Management tools should not be installed or used from guest OS. * Regularly patching the hypervisor.


Known attacks

As of early 2015, there had not been any report of an actual demonstration of a successful hyperjacking besides "proof of concept" testing. The VENOM vulnerability () was revealed in May 2015 and had the potential to affect many datacenters. Hyperjackings are rare due to the difficulty of directly accessing hypervisors; however, hyperjacking is considered a real-world threat. On September 29, 2022,
Mandiant Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 bil ...
and
VMware VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...
jointly made public their findings that a hacker group has successfully executed
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
-based hyperjacking attacks in the wild, affecting multiple target systems in an apparent espionage campaign. In response, Mandiant released a security guide with recommendations for hardening the
VMware ESXi  VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers. As a type-1 hypervisor, ESXi is not a software application that is installed on an operating system (OS); i ...
hypervisor environment.


See also

* Blue Pill attack * Qubes OS * Virtual machine escape


References

{{Reflist, 30em Cloud computing Computer security exploits