Hypervisor-targeted ransomware incidents surge

Ransomware attacks against hypervisors have increased from 3% to 25% between the first and second half of this year, with the increase mainly driven by the Akira ransomware operation that targeted hypervisors for more covert compromise, The Register reports.

Intrusions involved either the direct delivery of ransomware payloads via hypervisors or the exploitation of OpenSSL and other tools for virtual machine volume encryption, according to a Huntress report. Threat actors have also targeted hypervisors following a network breach and authentication credential compromise. Hyper-V management utilities have also been abused to tamper with VM security defenses ahead of ransomware distribution.

"This shift underscores a growing and uncomfortable trend: Attackers are targeting the infrastructure that controls all hosts, and with access to the hypervisor, adversaries dramatically amplify the impact of their intrusion," said researchers, who recommended the implementation of more stringent hypervisor-specific controls on top of multi-factor authentication and other basic cybersecurity practices.