CPI - Venom

Should You be Worried About Venom?

You’ve probably heard the news about the latest big security scare called Venom. The name Venom is an acronym for Virtualized Environment Neglected Operations Manipulation and there are a few things to consider about whether your business could be at risk.

First, what exactly is Venom? It is a virtualized system-to-host vulnerability, and this particular bug is a security flaw in the QEMU virtual machine hypervisor and any hypervisors based on it. This allows an attacker the ability to take advantage of the virtual Floppy Disk Controller, giving them access to a virtual machine. The fear is that once an attacker gains entry to one VM within a data center, the attacker can then move laterally to other machines and gain control of any VM within that data center.

So, who can be affected? Since Venom is a data center vulnerability, only companies using virtual computing environments can be impacted. If your business currently does not do any computing in the cloud, you’re safe from this particular issue. As for the companies who do have some or all of their data in the cloud, not even all of them are vulnerable. If your company is running on virtualized platforms supported by QEMU, your data is at risk. However, while these hypervisors are vulnerable, those not based on QEMU, like Microsoft and VMware, are not.

This means that there are less VM’s that are susceptible to attackers through this vulnerability than originally thought. It would also be very difficult to gain access to a whole network; some experts have agreed that a hacker would need to access a VM with high-level or “root” privileges in order to do any damage. To top this all off, this vulnerability seems to have not yet been exploited in the wild, meaning that no hackers have successfully gained control of virtual machines through this method. That is highly lucky considering this security hole has been around since 2004.

The danger of this vulnerability is being debated by IT and security professionals who wonder whether it has the potential to cause a great deal of harm or give rise to hackers that focus on finding vulnerabilities like this one, allowing them to gain control of vast amounts of data. As of right now, Red Hat has issued a code fix for QEMU, and manufacturers, including Xen and Oracle, have been working on and releasing patches.

Here’s what we recommend – if your company is running any sort of virtualization system, check with your provider, IT department, or data center to make sure they have a plan for taking advantage of these patches. Don’t wait to make sure that your data is safe! Just because this security flaw has not yet been exploited doesn’t mean it couldn’t happen to you when you least expect it. If your business does not have a security plan in place for these issues, give us a call. Having the right Managed Services provider can set your mind at ease when these issues inevitably arise.