All about Virtualization and Cloud Security | Recent Articles:

• All attacks include malicious activity, but not all attacks include writing malware to disk 
• Anti-exploit technology prevents attackers from gaining a foothold 
• What to look for in anti-exploit technology 

Attacks, exploits and vulnerabilities 

Any complete cloud workload security stack must feature robust anti-exploit technology for both end-user and server systems. Cloud workloads run on servers, either on-premises or in the cloud, and end-user systems access those workloads. End-user systems can give attackers indirect access to workload data, while servers can provide more direct access if attackers achieve a foothold.  

• Bitdefender contributes unique technology to the open-source community 
• Hypervisor-based Memory Introspection (HVMI) is a sub-project of Xen Project 
• We continue commercial support of GravityZone Hypervisor Introspection  

Bitdefender Hypervisor Introspection has been in a class of its own since the solution was launched. The gist of it is this – get ahead of the results of an attack (malware in general; ransomware being a timely example) by using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks. 

WannaCry is still fresh in our memory, reminding organizations of how distractive an unpatched vulnerability can be especially if weaponized as a wormable threat that delivers ransomware. BlueKeep has been estimated to have the same disruptive potential as EternalBlue (the exploit responsible for WannaCry) if sporting worm-like behavior, especially since RDP is a commonly used service in organizations, allowing IT and security teams to remotely dial into machines.

A look back on 2018 shows the financial services industry turned out to be the most at risk, with security incidents and breaches skyrocketing. Top threats to the financial services industry include cloud security and third-party risks, while the most prevalent techniques are DDoS, social engineering, spear-phishing, ransomware and insider threats, according to a Bitdefender white paper.

While we’ve just passed the halfway mark of 2018, data breaches and new threats have been plaguing businesses and organizations, exposing the data of millions of users worldwide. Apart from known and increasingly sophisticated threats, such as ransomware, the hype around cryptocurrency has led to the emergence of cryptojackers, a new problem organizations need to deal with.

After years of hype, 2018 may finally see the start of the mainstream adoption of software-defined networking (SDN). And with it, network virtualization and software defined data centers (SDDC) could be on the cusp of big breakthroughs. So say the results of the new research from Enterprise Management Associates (EMA).

Bitdefender telemetry revealed that from September 2017 until February 2018, ransomware reports have followed a descending curve, while coin miner reports have increased by 130 percent by January 2018. Interestingly, cryptojacking is currently one of the fastest spreading cyber threats, already outranking ransomware’s exposure by a factor of 1 to 100 according to Bitdefender’s intelligence, and is recently displaying targeted behavior, by leveraging fileless techniques and exploits to infiltrate organizations and spread laterally.

Attributing cyberattacks and advanced malware to a particular country or entity is usually troublesome. Forensic artefacts can sometimes be planted or forged to point to a specific country or cybercriminal group.

The global software defined data center (SDDC) market is estimated to reach US$90.416 billion by 2022, from US$36.517 billion in 2017, meaning that companies will continue on the path of software defined everything. While the immediate benefits of SDDCs revolve around less CapEx, OpEx, centralized management, and the deployment of cloud in a box, organizations need to prepare for challenges facing when adhering to SDDCs.

A recent cyberattack on India’s City Union Bank abused the SWIFT global payments platform to transfer $2 million into accounts in Dubai, Turkey and China. While details of the cyberattack were not made public as the incident is still under investigation, officials claim hackers disabled the bank’s SWIFT-connected printer on Feb. 6, preventing City Union Bank from receiving any acknowledgement messages for the three fraudulent transactions.

While modern technology makes possible new business models to drive growth and profitability, digital transformation opens your business to more cybersecurity risks, according to a survey by Thales and 451 Research.

Bitdefender Hypervisor Introspection recently won the SCMagazine Innovator Award, marking the fact that truly groundbreaking security technologies have started to receive validation from the market, as traditional security solutions fail to cope with the ever-increasing complexity of advanced threats.