Malware increasingly targeting virtual machines, study says

Posted by Manny Veiga on Aug 15, 2014 12:53:21 PM

Find me on:

It's an issue that doesn't get as much attention, but a new analysis from security researchers at Symantec sheds some light on the increasing presence of malware that specifically targets virtual machines.

In the whitepaper "Threats to Virtual Environments", Symantec threat researcher Candid Wuesst described an analysis of malware samples submitted by more than 200,000 consumers since 2012. According to the report, around 18 percent of the samples studied tried to detect the presence of VMware virtual machines.

This samples spiked to 28 percent in January 2014 before dropping back down to about 20 percent a month later. Wuesst writes that, once detecting the presence of a VM, only 20 percent of the samples stopped running completely.VM_icon

"This means the majority of malware will happily continue to run in virtual machines," said the report.

This represents a threat to companies running VMs, because some malware may try to infiltrate the host servers on which the VM sits. It's a particularly sticky problem given the emerging popularity of VMs over the past several years - Symatenc cites Forrester research that says 70 percent of businesses plan to implement server virtualization by next year.

Some malware is also designed to cleverly evade detection, the report explains, which may allow some bad code to infiltrate a VM and then infect its host server.

This isn't the first study to demonstrate the increasing security threat to virtual machines. Last year we addressed findings that 40 percent of businesses experienced data loss after storing their data in virtual environments.

What's the solution for IT services providers who manage SMBs' virtual environments? To start, IT managers need to acknowledge the threat to VMs and approach this layer of IT with the same security focus as they apply to physical hardware.

"Along with applying traditional security practices, administrators need to pay particular attention to virtual connections between guest virtual machines themselves," Wuesst recommends. "These connections might be invisible to traditional network security devices as they are not aware of them."

The upshot is: protect your clients' virtual machines the same way you do their physical machines. On top of that, develop a virtual data protection strategy to ensure that if a VM is compromised, you have a clean backup to recover your SMBs' virtual data.

VMware backup is particularly important given that it's the market's leader in virtualization platforms and Symantec's findings that malware exists that specifically seeks to sniff out VMware VMs.

Topics: VMware backup