5 Myths of Virtualization Security: You May Be More Vulnerable Than You Think

  Myth No. 1: My Existing Endpoint Security Will Protect My Virtual Environment While most traditional endpoint security solutions are virtual-aware and provide some low levels of protection for virtual environments, this protection is too limited. It simply isn’t enough to cope with modern threats. Also, the performance brain, especially in large deployments, can cripple your virtual machines. Depending on the virtualization platform used — VMware, Citrix, Microsoft, etc. — your traditional endpoint security suite probably can recognize virtual endpoints. In many cases, however, this physical software can’t bring its full toolset of antimalware to the virtual world, and it can perform only basic tasks, like on-access scanning. Worse, traditional endpoint security software can create security gaps as a result of slowing down the network — like security being disabled altogether. Myth No. 2: My Existing Antimalware Doesn’t Interfere With My Virtual Environment Operations The truth is, it does. Performance issues actually can create security gaps that didn’t exist in your physical environment. Traditional endpoint security uses an agent-based model. Basically, each physical and virtual machine has a copy of the security program’s agent on it, and this agent communicates with the server while performing its security tasks. This works fine for physical machines, but if you have 100 virtual machines, then you have 100 instances of this security agent plus 100 instances of its malware signature database running on a single virtual host server. This high level of duplication causes massive performance degradation and wastes tons of storage capacity. In this model, if a dozen of your virtual machines simultaneously start running a normal security scan, all the...

Banking malware sniffs out data sent over HTTPS

Careful online banking users can sometimes spot that something is amiss when malware installed on their computer pops up phishing pages or adds fields to legitimate banking forms. But the Emotet banking malware doesn’t bother with that, and sniffs out data sent over secured connections instead. According to Trend Micro researchers, German users are particularly in danger from this malware family, although infections have also been spotted in the rest of the EMEA region, as well as in North America and the Asian-Pacific region. The variants targeting German users are delivered to the victims via fake bank transfer notifications and shipping invoices. Clicking on the embedded links triggers the download of the malware. The first thing that the malware then does when run is contact its C&C, from which it downloads additional files, including the configuration file that contains information about targeted banks. “Another downloaded file is a .DLL file that is also injected to all processes and is responsible for intercepting and logging outgoing network traffic. When injected to a browser, this malicious DLL compares the accessed site with the strings contained in the previously downloaded configuration file,” the researchers explained. “If strings match, the malware assembles the information by getting the URL accessed and the data sent. The malware saves the whole content of the website, meaning that any data can be stolen and saved.” The malware is also capable of hooking into a number of network APIs, which allow it to sniff out data sent over...