Image source: Pixabay.com
The recently-uncovered Venom security vulnerability can be a nightmare for virtual administrators and cloud service providers. This zero-day flaw is a threat to the multi-tenant nature of the cloud. As the vulnerability resides in one of the most critical components in widely used virtualization software, it allows an outsider to gain access over potentially every machine connected in the datacenter network.
But how big is the threat? Some say it “shatters cloud security.” Others say, “Keep your shorts on.” The truth is that the Venom flaw only affects some systems. Here’s the real story behind the Venom zero-day vulnerability and what it really means for cloud security
The Venom Vulnerability
Venom, which stands for “virtualized environment neglected operations manipulation,” is a bug that affects the hypervisor, which controls and manages all virtual machines running on a system. In this age of cloud computing and virtualization, most data centers condense their customers on virtual machines running on a single server. However, these machines are designed in such a way that they can share resources without impacting other machines connected within that network. They function as separate entities within the host hypervisor. This is an efficient way of managing huge amounts of data by keeping the machines secure and isolated. Due to the strong protective boundaries separating the virtual machines residing in the hypervisor, security was never a concern before. However, with the detection of Venom, the confidentiality and integrity of data present in a cloud network is now at risk.
Jason Geffner, the senior security researcher at CrowdStrike who uncovered the flaw, says “This destroys the isolation myth that you can have something run a virtual machine and have it be isolated from everything else. This bug lets you escape a container and get into all other containers.” It totally contradicts the idea of having protective boundaries between the virtual machines for better security. This security flaw not only allows a potential intruder to gain control over a virtual machine, it also affects whatever is running adjacent to it.
The vulnerability is the result of a bug in virtual floppy-disk controllers used in various virtualization products and appliances. Venom uses this bug to take control of major portions of the datacenter. Apparently, this bug has existed since 2004, but since not much work is done with the floppy-disk controller, this bug has gone unnoticed for 11 years. According to the findings of security researchers at CrowdStrike, “The vulnerability specifically affects the decade-old free and open source hypervisor called Quick Emulator (QEMU), which is used in a number of common virtualization products including Xen hypervisors, KVM (or ‘kernel-based virtual machine’), Oracle VM VirtualBox, and the native QEMU client. The popular products of EMC-owned VMWare VMW 0.49% and Microsoft Hyper-V, on the other hand, are not affected.” So, those running modern virtual systems have less to worry about.
In order to exploit this vulnerability, an attacker needs to gain access to the virtual machine with “root” privileges, which allows the attacker to access the entire system. This loophole can be easily exploited by an attacker with minimal effort.
Since Venom has the potential to affect a variety of virtual appliances, system administrators and datacenter operators need to be aware of it and take required security measures to protect their customers. According to the findings of the security research team at CrowdStrike, “Even if you don’t use these services directly, chances are that accounts which store your personal data run these products.” After the revelation of this critical bug, many well-known cloud service providers tested their network for Venom and issued patches. Companies like Amazon and Linode have provided assurance that the vulnerability does not affect their customers and their data is safe in the cloud. On the other hand, some companies have acknowledged that parts of their servers are affected by this bug and have released patches to protect their customer data.
This will likely be a bigger problem for smaller hosts and datacenters, because while larger cloud companies and hosts work to patch their servers, these smaller organizations will feel less of an immediate need to update against the vulnerability. And as Robert Graham of Errata Security noted, “I’m not sure how data centers are going to fix this, since they have to reboot the host systems to patch. Customers hate reboots — many would rather suffer the danger rather than have their instance reboot.”
Most Will Be Unaffected
This bug was discovered over a year after the notorious HeartBleed bug, which exposed the passwords, private cryptographic keys, and personal data of thousands of services that used OpenSSL. The truth is that Venom is not as catastrophic as HeartBleed. First off, it doesn’t affect the most commonly used cloud service providers. Secondly, a majority of hosts and datacenter operators are aware of this bug and have released patches to protect customer data.
So while this may sound like a potential nightmare scenario that will validate those companies who have expressed hesitation over the cloud, given the lame duck nature of Venom and the enormous benefits of cloud computing, vulnerability worries about virtualization are needless – as long as you have the right tools.
HyTrust Can Keep You Safe in the Cloud
Whether or not the Venom security bug is a direct threat to your business, it’s important for cloud service providers to implement strong security controls in order to protect customer data. Security is still one of the biggest concerns for the cloud platform. Many IT managers hesitate to move their sensitive information to the cloud because of security issues.
HyTrust tools focus on providing a high level of control, protecting both data and access. Like Venom, many security flaws allow cybercriminals to take advantage of privileged administrator accounts. These accounts are lucrative targets for cybercriminals because they allow access to sensitive data and permit the hackers to bypass normal access control restrictions.
In order to ensure the security of privileged accounts in the cloud network, HyTrust implements two-factor authentication. Two-factor authentication provides an extra layer of security and protects against unauthorized access. HyTrust’s CloudControl and DataControl provide high-level data security and comply with data security requirements. They also offer strong encryption and key management methods to protect sensitive information in the cloud. Contact us to find out more.