"Huntress case data revealed a stunning surge in hypervisor ransomware: its role in malicious encryption rocketed from just three percent in the first half of the year to 25 percent so far in the second half,"
"This shift underscores a growing and uncomfortable trend: Attackers are targeting the infrastructure that controls all hosts, and with access to the hypervisor, adversaries dramatically amplify the impact of their intrusion,"
"We've seen it with attacks on VPN appliances: Threat actors realize that the host operating system is often proprietary or restricted, meaning defenders cannot install critical security controls like EDR [Endpoint Detection and Response]. This creates a significant blind spot."
Hypervisor-targeted ransomware incidents surged from 3% in the first half of the year to 25% in the second half to date. The primary actor driving this increase is the Akira ransomware group, with other actors also targeting hypervisors to circumvent endpoint and network security controls. Hypervisors often lack installable security controls like EDR, creating blind spots that allow attackers to deploy payloads directly through hypervisors and bypass traditional endpoint protections. In some cases attackers leverage built-in tools such as OpenSSL to encrypt virtual machine volumes without uploading external payloads. Organizations should harden hypervisor security and maintain reliable backups.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]