Virtualisation platforms like Windows Virtual PC or VMWare and cloud-based applications that store information offsite such as GoogleDocs are certain to become new targets for hackers this year, a security expert has predicted.
There are many virtualisation security products on the market and virtually no reports of major security breaches. The largest virtualisation vendor, VMware Inc, has gone as far as saying it considers its software more secure than physical machines.
“Many companies are moving towards virtualisation in order to revert back to a clean state if infection does occur, or roll back in the case of a bad patch”, Fred Touchette of AppRiver has said in the company’s Threat & Spamscape Forecast for 2009. But the analyst also cautioned that virus writers will work overtime to find new and as yet unknown virtualisation vulnerabilities over the coming year.
It is possible that security measures are embedded within virtualisation technologies to bring anti-virus or intrusion protection processes into the environment. But in the rush to adopt virtualisation for server consolidation, many security issues are being overlooked.
The message security managed service provider also reckons that malware attacks perpetrated by cybercriminals will increasingly rely on hard to prevent drive-by downloads or from hidden iframe attacks.
Hidden iframe elements continue to be a popular way for targeting website visitors. After breaking into a server, the attacker modifies its HTML code, using a hidden iframe tag to retrieve exploit code from another system.
Systems administrators typically don’t know that a website has been compromised and is infecting users. Some in-line frames have been detected that are as small as one pixel by one pixel, making them all but invisible unless the source code is scrutinised.
Concerns over cloud computing security continue to linger, and the issue can only get more complicated.
Experts in information security and risk management are now suggesting that data is stored in at least two places and should be encrypted at all phases.