When hackers target your hypervisor

Ever heard of hyperjacking?

Hyperjacking occurs when hackers attack your hypervisor and attempt to take control over your virtual machines. Also called hyperjumping, some believe it is a theoretical threat while others believe it is a diabolic plan to compromise the hypervisor itself.


Hypervisor is the software layer of virtual machines (VM) that creates the virtualized layer of inputs, outputs, and behavior akin to physical hardware. Decoupled from the hardware state but enabling rapid provisioning and decommissioning of servers, virtualization such as this forms the core component of cloud computing.


However the sheer power of the hypervisor also makes it the target of hacker attacks such as a hyperjacking attack. Because the hypervisor runs underneath the operating system, it becomes all the more attractive as a target for attacks. The invisible nature allows persistence – a rogue hypervisor once established, gains controls over just about all of the virtualized machines.


When hackers target your hypervisor


But fear not, hyperjacking is still not a common feature. It would demand a highly skilled hacker with hardware assisted virtualization processor and physical access to a server. Virtual machine based root-kits are a particular type of malware that are rare but typical examples of a hacker tool.


While an actual hyperjacking incident has yet to be reported, it is hypothetically possible. To best protect yourself against it, and fend off such attacks it is best to invest in security practices.

  • Separate regular traffic on the hypervisor from the security management operations
  • Manage hypervisor to disallow access from guest operating system
  • Schedule hypervisor management to include regular monitoring and patching.