Think Information. Think Security.
The security holes in virtual environments open up enterprises to threats that may result in business disruption, data theft, and financial loss. Cybercriminals leverage web server and web applications’ vulnerabilities to access parts of a company’s servers that they should not be able to. These vulnerabilities can be used to access company assets ranging from customer databases to trade secrets. The stolen information can be sold in underground forums or used to launch a far more damaging attack.

However, despite the obvious risk to the company’s data and the cost of data breaches, system administrators keep their servers unpatched. For systems requiring 100% uptime, the delay of patch deployment of system administrators could mean significant business loss. Just recently, Microsoft announced about zero-day attacks on the vulnerability in Microsoft XML Core Services. Once exploited, it could control an infected system via web-based browser attack but there is no patch available yet at the time of announcement. In 2011 alone, 1822 critical ‘software flaw’ vulnerabilities  were reported, which more or less put organizations at risk. 

The infographic “Into the Abyss” shows virtualization-specific issues that can introduce threats to the corporate network such as legacy exploits, PoCs (proof-of-concept) and zero-day attacks. Once enterprises slip through security holes, these may potentially damage a brand name/image or worse lead to the loss of company “crown jewels.”

Cross-posted from: Malware Blog

Leave a Reply.