'Venom' Security Bug Allows Network Intrusion via the Cloud
There’s a new poison seeping into the cloud and it could pose considerable harm to critical enterprise and personal data. It’s a virus called VENOM and it could potentially allow cybercriminals and hackers to infiltrate entire networks through virtual resources on the cloud, according to published reports.
May 20, 2015
There’s a new poison seeping into the cloud and it could pose considerable harm to critical enterprise and personal data. It’s a virus called VENOM and it could potentially allow cybercriminals and hackers to infiltrate entire networks through virtual resources on the cloud, according to published reports.
Initially these reports were predicting considerable doom and gloom from the virus that would be akin to the havoc the Heartbleed bug wreaked last year, but fortunately so far it isn’t proving as venomous as first feared. Moreover, for those who want to protect themselves, there already is a patch for the virus.
VENOM—which stands for Virtualized Environment Neglected Operations Manipulation—is a security vulnerability in the virtual floppy drive code used by numerous virtualization platforms, according to Crowdstrike, a California-based security firm that first discovered it.
“This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host,” the firm said on a website devoted to providing information about the virus. “Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”
Thus, exploitation of VENOM could expose access to sensitive corporate and personally identifiable information and intellectual property, with the potential to impact thousands of organizations and millions of end users that rely on virtualized data centers that share resources via an affected VM. These days, that could mean just about anyone who uses the Internet to store personal information or do business.
Not all virtualization products are affected, though, which makes the situation less dangerous than first feared. Virtualization products Xen, KVM, QEMU and VirtualBox can be exploited by VENOM; however, two of the most popular virtualization systems on the market—VMware (VMW) and Microsoft (MSFT)—are so far unaffected, which makes the situation considerably less dire.
Moreover, while Amazon Web Services, the largest cloud platform provider, runs on Xen, their deployment of the virtualization product is highly customized and so far unaffected by VENOM, reports said.
Still, security experts warn that the virus should be taken seriously even if it hasn’t had major or widespread effect, and protect themselves accordingly. To that end, Crowdstrike continues to update the VENOM information page with the latest on the virus so companies can take action if necessary.
About the Author
You May Also Like