SBN

Webhost hacked VM vulnerability blamed

According to the Register, a hacker attacked a Webhosting company’s virtual server infrastructure on Sunday and erased up to 100,000 sites.

Vaserv.com was hit by a calculated attack on its virtualization application which left roughly half of Vaserv’s customer without a website.

Rus Foster, a director at Vaserv, stated that LXLabs’s HyperVM had been compromised during a zero-day exploit. They are currently trying to reach LXLabs to find a solution.

Visiting Vaserv’s website show’s an organization in full triage/crisis mode.

At the time of this writing, Vaserv’s site is just a text document showing the status of their server recovery progress (or lack thereof).

vaserv

Pretty tough times as an administrator (both for a system and web admin).

A very thin but important silver lining is the encryption Vaserv implemented that allowed them to keep the actual data from being usable by the hacker(s).

Ultimately, this shows me two things:

1) How organizations’ reliances on VMs have created a keystone in the arch where a hacker can pinpoint their attacks to reach maximum destructiveness. If a hacker wants to access data for the sake of profit, they go after the database. Alternatively, if they want to go for destructiveness, they can vector in on the VM infrastructure.

VMs are a business reality for large organizations which must rely on fewer physical machines that hold far more virtual servers running many more services. Ultimately this allows enterprises to leverage their rack space more efficiently, but creates a more appealing and concentrated target for people bent on mayhem. Thus, as this VM-reality matures in the TecSec community, the strength and security of the VM infrastructure itself becomes exponentially more important.

In the past, we’ve had to worry about the OS and the applications within it but now we must be concerned with the layer that manages the operating systems themselves. No doubt all webhosting companies are going to re-evaluate their VM security posture as news of this spreads. As for the TecSec community at large, we will need to pay closer attention to what risks VMs pose from motivated individuals.

and 2) How incredibly malicious hackers can be. At one time, there was the idea that someone would deface a site to make a statement or to show a webmaster his site was vulnerable. Wiping out 100,000 websites, however, is beyond explanation.

Michael Mongold

*** This is a Security Bloggers Network syndicated blog from Michael Mongold's Technology Security authored by Michael Mongold. Read the original post at: https://securityblog.typepad.com/technology_security/2009/06/webhost-hacked-vm-vulnerability.html

Secure Coding Practices