惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
Jina AI
Jina AI
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
C
Cybersecurity and Infrastructure Security Agency CISA
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
Securelist
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
L
LINUX DO - 热门话题
博客园 - 三生石上(FineUI控件)
T
Threatpost
T
The Blog of Author Tim Ferriss
C
CERT Recently Published Vulnerability Notes
IT之家
IT之家
P
Palo Alto Networks Blog
Microsoft Azure Blog
Microsoft Azure Blog
Spread Privacy
Spread Privacy
Cyberwarzone
Cyberwarzone
腾讯CDC
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CXSECURITY Database RSS Feed - CXSecurity.com
GbyAI
GbyAI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
T
Tor Project blog
AWS News Blog
AWS News Blog
T
Tenable Blog
NISL@THU
NISL@THU
Security Latest
Security Latest
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
MongoDB | Blog
MongoDB | Blog
MyScale Blog
MyScale Blog
D
DataBreaches.Net
Microsoft Security Blog
Microsoft Security Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
量子位
美团技术团队
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
罗磊的独立博客
The GitHub Blog
The GitHub Blog
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Stack Overflow Blog
Stack Overflow Blog

The Register - Software: Virtualization

NodeWeaver says its perpetual licensing beats VMware’s perpetual price hikes NodeWeaver: Perpetual licensing beats VMware nickel-and-dime Microsoft cuts cloudy desktop prices by 20 percent Nutanix to add KubeVirt support to run VM on K8s at the edge Western Union zaps VMware and moves to Nutanix Nutanix thinks some Azure cloud desktops belong on-prem Nutanix thinks some Azure cloud desktops belong on-prem Nutanix brings its K8s to bare metal Half of VMware users plan to reduce usage by 2028 Xen Project announces five years of support for all releases Xen Project announces five years of support for all releases Broadcom says AI companies can’t make their own silicon One vendor doesn't mind high RAM prices: VMware NUC, NUC! Who’s there? ASUS with a thin client for cloud PCs Why flexibility will define the future of functionality AWS adds nested virtualization option for handful for EC2 Cisco set to release hypervisor as VMware alternative Cisco set to release hypervisor as VMware alternative Contain your Windows apps inside Linux Windows VMware scores early win in Siemens software licensing case Broadcom 'bulldozes' VMware CSPs with March deadline Java devs want container security - not the hassle Microsoft to face questions over From SA program Dell wants £10m+ from VMware if Tesco case goes against it Lenovo has a hunch you’re about to try quitting VMware China crew abused ESXi zero-days a year before disclosure China crew abused ESXi zero-days a year before disclosure AWS adds hybrid cloud storage support for Nutanix Nutanix pushes sovereign cloud in another swipe at VMware Nutanix pushes sovereign cloud in another swipe at VMware VMware kills vSphere Foundation in parts of EMEA European cloud trade group says EU should have blocked VMware-Broadcom merger Researchers spot 700 percent increase in hypervisor attacks Proxmox delivers its software-defined datacenter contender Proxmox delivers its software-defined datacenter contender HPE positions Morpheus stack as alternative to VMware VMware re-states claim Siemens used unlicensed software VMware re-states claim Siemens used unlicensed software 70-hour work weeks no longer enough for Infosys founder Veeam bets on more VMware alternatives Veeam bets on more VMware alternatives Ford straps in as Xen Project drives toward automotive use Microsoft reveals new cloudy AI PC that’s not a Copilot+ PC VMware admits it over-specced storage servers for years Server virtualization market heats up to win VMware refugees Kubernetes overlords retire Ingress NGINX Broadcom creates a new Seal Of Approval for AI servers Broadcom creates a new Seal Of Approval for AI servers Rideshare giant dumps 200 cloudy Macs, saves $2.4 million IBM Cloud stops seeking new customers for its VMware service In Tesco vs. VMware, Computacenter warns, Dell, Broadcom VMware bungles cloud management portal upgrade, twice VMware bungles cloud management portal upgrade, twice Microsoft starts streaming cloudy apps instead of desktops Open source Cloud Hypervisor adds (futile) no-AI-code policy Proxmox delivers datacenter manager beta VMware to lose 35 percent of workloads in three years – some to its friends at ‘proper clouds’ VMware to lose 35 percent of workloads in three years Citrix products sold under old licenses to get glitchy Rethinking application delivery for the hybrid world VMware's in court again. Tesco latest in line Broadcom admits it’s sold a lot of VMware shelfware Supermarket giant Tesco sues VMware for breach of contract DOGE delayed deals, says Nutanix VirtualBox 7.2 fixes 3D guests, adds Arm-on-Arm support Cloudy PCs now often have lower TCO than laptops Platform9 pushes swing capacity workaround for VMware shifts Virtualization vet pushes out Proxmox VE 9, Backup Server 4 Oracle VirtualBox licensing tweak lies in wait for unwary EU cloud players want Europe to annul Broadcom’s VMWare buy How to host a Linux-powered local dev site in Windows VMware portal prevents some users from downloading patches VMware slows release cadence for flagship VCF suite Telefónica DE shifts VMware support to Spinnaker due to cost Citrix returns to hypervisor market without updating wares VMware’s rivals ramp efforts to create alternative stacks
Researchers spot 700 percent increase in hypervisor attacks
Simon Sharwood Simon Sharwood · 2025-12-09 · via The Register - Software: Virtualization

Virtualization

Get your Hyper-V and VMware ESXi setups in order, people

Researchers at security software vendor Huntress say they’ve noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they’re as secure as can be and properly backed up.

“Huntress case data revealed a stunning surge in hypervisor ransomware: its role in malicious encryption rocketed from just three percent in the first half of the year to 25 percent so far in the second half,” wrote Senior Hunt & Response Analyst Anna Pham, Technical Account Manager Ben Bernstein, and Senior Manager for Hunt & Response, Dray Agha in a Monday post.

“The primary actor driving this trend is the Akira ransomware group,” the trio warned, adding that the gang, and other attackers, are going after hypervisors “in an attempt to circumvent endpoint and network security controls.”

Huntress’s threat hunters think ransomware scum are going after hypervisors because they’re not well defended, and cracking them means attackers can mess with the virtual machines and networks they manage.

“This shift underscores a growing and uncomfortable trend: Attackers are targeting the infrastructure that controls all hosts, and with access to the hypervisor, adversaries dramatically amplify the impact of their intrusion,” the researchers wrote.

Attacks on hypervisors follow “a familiar playbook,” the trio wrote. “We've seen it with attacks on VPN appliances: Threat actors realize that the host operating system is often proprietary or restricted, meaning defenders cannot install critical security controls like EDR [Endpoint Detection and Response]. This creates a significant blind spot.”

Huntress has observed “multiple cases where ransomware operators deploy ransomware payloads directly through hypervisors, bypassing traditional endpoint protections entirely. In some instances, attackers leverage built-in tools such as OpenSSL to perform encryption of the virtual machine volumes, avoiding the need to upload custom ransomware binaries.”

The researchers also see attackers compromise a network, steal authentication credentials, and then target hypervisors. “We’ve seen misuse of Hyper-V management utilities to modify VM settings and undermine security features,” they add. “This includes disabling endpoint defenses, tampering with virtual switches, and preparing VMs for ransomware deployment at scale.”

Given the elevated level of attacks on hypervisors, the researchers recommend admins revisit some infosec basics like ensuring the use of multi-factor authentication and complex passwords, and staying up to date with patches. They also suggest adopting some hypervisor-specific defences, such as using settings that ensure only allow-listed binaries can run on a host.

Ensuring Security Information and Event Management systems ingest and analyze hypervisor logs is also on the researchers’ to-do list.

Infosec folks have known for decades that the hypervisor is a very tasty target, especially in the worst-case scenario of a successful VM escape in which an attack on a guest virtual machine allows takeover of the host and its hypervisor. Were such an attack to become possible, the consequences could be immense given that all hyperscale clouds rely on hypervisors to isolate tenants’ virtual machines. ®