View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 16, 2009

Virtual cloud threats left exposed

Will hackers turn their attention skywards?

By Jason Stamper

Virtualisation platforms like Windows Virtual PC or VMWare and cloud-based applications that store information offsite such as GoogleDocs are certain to become new targets for hackers this year, a security expert has predicted.

There are many virtualisation security products on the market and virtually no reports of major security breaches. The largest virtualisation vendor, VMware Inc, has gone as far as saying it considers its software more secure than physical machines.

“Many companies are moving towards virtualisation in order to revert back to a clean state if infection does occur, or roll back in the case of a bad patch”, Fred Touchette of AppRiver has said in the company’s Threat & Spamscape Forecast for 2009. But the analyst also cautioned that virus writers will work overtime to find new and as yet unknown virtualisation vulnerabilities over the coming year.

It is possible that security measures are embedded within virtualisation technologies to bring anti-virus or intrusion protection processes into the environment. But in the rush to adopt virtualisation for server consolidation, many security issues are being overlooked.

The message security managed service provider also reckons that malware attacks perpetrated by cybercriminals will increasingly rely on hard to prevent drive-by downloads or from hidden iframe attacks.

Hidden iframe elements continue to be a popular way for targeting website visitors. After breaking into a server, the attacker modifies its HTML code, using a hidden iframe tag to retrieve exploit code from another system.

Systems administrators typically don’t know that a website has been compromised and is infecting users. Some in-line frames have been detected that are as small as one pixel by one pixel, making them all but invisible unless the source code is scrutinised.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

Concerns over cloud computing security continue to linger, and the issue can only get more complicated.

Experts in information security and risk management are now suggesting that data is stored in at least two places and should be encrypted at all phases.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU