Techopedia Explains Virtual Machine Hyper Jumping (VM Jumping)
Virtual machine hyper jumping exploits are designed to compromise a VM, which is then used to access or launch attacks against other VMs or hosts. This is usually done by targeting and accessing a less secure VM on a host, which is then used as the launch point for further attacks on the system.
In some severe attacks, two or more VMs may be compromised and used to launch attacks against the more secured guests or hypervisor. A compromised guest can also exploit an insecure virtual environment and spread the attack across several networks.
These attacks can occur due to:
- Insecure operating systems like older versions of Windows, which do not have modern security features such as protection against poison cookies, memory address layout randomization and hardened stack
- VM traffic to and from an external network utilizes the two-layer bridge, where all traffic passes through the same set of network interface cards (NICs). An attacker may overload the switch, and in order to preserve its performance, the switch pushes all data packets out on its ports. This action makes it a dumb hub, with no security usually offered by a switch.
Virtual machine hyper jumping can be prevented using various methods, including:
- Grouping and separating the uplinks to separate the Web-facing traffic from the database traffic and prevent the database server from directly accessing the internal network
- Using private VLANs to hide the VMs from one another and only allow the guest machines to talk to the gateway
- Using the latest and most secure operating systems with up-to-date security patches