Virtualized environments are prime targets for cyberattacks due to their centralized nature and the potential vulnerabilities inherent in remote access protocols. Common Security Risks in Virtualization include credential-based attacks and exposure of RDP ports.
For anyone who still has doubts about MFA: just ask Snowflake CISO Brad Jones, who last year saw more than 160 of his customers' accounts compromised using stolen credentials. None of these had MFA enabled, and this safeguard likely would have prevented the intruders from accessing the customers' databases.