{"id":123094,"date":"2021-06-10T08:21:43","date_gmt":"2021-06-10T15:21:43","guid":{"rendered":"\/blogs\/?p=123094"},"modified":"2024-07-07T22:38:48","modified_gmt":"2024-07-08T05:38:48","slug":"are-virtual-machines-the-new-gold-for-cyber-criminals","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/","title":{"rendered":"Are Virtual Machines the New Gold for Cyber Criminals?"},"content":{"rendered":"

Introduction<\/h2>\n

Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT systems in a heartbeat, allowing then to be more agile as opposed to investing into dedicated \u201cbare-metal\u201d hardware. To the outside untrained eye, it might seem that there are different machines on the network, while in fact all the \u201cseparate\u201d machines are controlled by a hypervisor server. Virtualization plays such a big role nowadays that it isn\u2019t only used to spin up servers but also anything from virtual applications to virtual user desktops.<\/p>\n

This is something cyber criminals have been noticing too and we have seen an increased interest in hypervisors. After all, why attack the single virtual machine when you can go after the hypervisor and control all the machines at once?<\/p>\n

In recent months several high impact CVEs regarding virtualization software have been released which allowed for Remote Code Execution (RCE); initial access brokers are offering compromised VMware vCenter servers online, as well as ransomware groups developing specific ransomware binaries for encrypting ESXi servers.<\/p>\n

VMware CVE-2021-21985 & CVE-2021-21986<\/h2>\n

On the 25th<\/sup> of May VMware disclosed<\/a> a vulnerability impacting VMware vCenter servers allowing for Remote Code Execution on internet accessible vCenter servers, version 6.5,6.7 and 7.0. VMware vCenter is a management tool, used to manage virtual machines and ESXi servers.<\/p>\n

CVE-2021-21985 is a remote code execution (RCE) vulnerability in the vSphere Client via the Virtual SAN (vSAN) Health Check plugin. This plugin is enabled by default. The combination of RCE and default enablement of the plugin resulted in this being scored as a critical flaw with a CVSSv3 score of 9.8.<\/p>\n

An attacker needs to be able to access vCenter over TCP port 443 to exploit this vulnerability. It doesn\u2019t matter if the vCenter is remotely exposed or when the attacker has internal access.<\/p>\n

The same exploit vector is applicable for CVE-2021-21986, which is an authentication mechanism issue in several vCenter Server Plug-ins. It would allow an attacker to run plugin functions without authentication. This leads to the CVE being scored as a \u2018moderate severity\u2019, with a CVSSv3 score of 6.5.<\/p>\n

While writing this blog, a Proof-of-Concept was discovered that will test if the vulnerability exists; it will not execute the remote-code. The Nmap plugin can be downloaded from this location: https:\/\/github.com\/alt3kx\/CVE-2021-21985_PoC<\/a>.<\/p>\n

Searching with\u00a0<\/span>the\u00a0<\/span>Shodan<\/span>\u00a0search engine<\/span>, narrowing it down to the TCP 443 port, we observe that close to 82<\/span>,<\/span>000<\/span>\u00a0<\/span>internet<\/span>\u00a0accessible<\/span>\u00a0<\/span>ESXi<\/span>\u00a0servers<\/span>\u00a0are exposed<\/span>.\u00a0<\/span>Zooming in further on the versions that are affected by these vulnerabilities,\u00a0<\/span><\/span>\u00a0<\/span><\/span><\/span>almost 55<\/span>,<\/span>000<\/span>\u00a0<\/span>publicly<\/span>\u00a0accessible\u00a0<\/span>ESXi<\/span>\u00a0servers are potentially v<\/span>ulnerable to CVE-2021-21985 and CVE-2021-21986<\/span>, providing remote access to them and\u00a0<\/span>making them\u00a0<\/span>potential candidates for ransomware attacks<\/span>,<\/span>\u00a0as we will read about in the next paragraphs.<\/span><\/span><\/p>\n

Ransomware Actors Going After Virtual Environments<\/h2>\n

Ransomware groups are always trying to find ways to hit their victims where it hurts. So, it is only logical that they are adapting to attacking virtualization environments and the native Unix\/Linux machines running the hypervisors. In the past, ransomware groups were quick to abuse<\/a> earlier CVEs affecting VMware. But aside from the disclosed CVEs, ransomware groups have also adapted their binaries specifically to encrypt virtual machines and their management environment. Below are some of the ransomware groups we have observed.<\/p>\n

DarkSide Ransomware<\/h3>\n

\n

McAfee Advanced Threat Research (ATR) analyzed the DarkSide Linux binary in our recent blog<\/a> and we can confirm that a specific routine aimed at virtual machines is present in it.<\/p>\n

\n

From the configuration file of the DarkSide Linux variant, it becomes clear that this variant is solely designed to encrypt virtual machines hosted on an ESXi server. It searches for the disk-files of the VMs, the memory files of the VMs (vmem), swap, logs, etc. \u2013 all files that are needed to start a VMware virtual machine.<\/p>\n

Demo of Darkside encrypting an ESXi server: https:\/\/youtu.be\/SMWIckvLMoE<\/a><\/p>\n

Babuk Ransomware<\/h3>\n

Babuk announced on an underground forum that it was developing a cross-platform binary aimed at Linux\/UNIX and ESXi or VMware systems:<\/p>\n

The malware is written in the open-source programming language Golang, most likely because it allows developers to have a single codebase to be compiled into all major operating systems. This means that, thanks to static linking, code written in Golang on a Linux system can run on a Windows or Mac system. That presents a large advantage to ransomware gangs looking to encrypt a whole infrastructure comprised of different systems architecture.<\/p>\n

 <\/p>\n

After being dropped on the ESXi server, the malware encrypts all the files on the system:<\/p>\n

 <\/p>\n

The malware was designed to target ESXi environments as we guessed, and it was confirmed when the Babuk team returned the decryptor named d_esxi.out<\/strong>. Unfortunately, the decryptor has been developed with some errors, which cause corruption in victim\u2019s files:<\/p>\n

Overall, the decryptor is poor as it only checks for the extension “.babyk” which will miss any files the victim has renamed to recover them. Also, the decryptor checks if the file is more than 32 bytes in length as the last 32 bytes are the key that will be calculated later with other hardcoded values to get the final key. This is bad design as those 32 bytes could be trash, instead of the key, as the customer could make things, etc. It does not operate efficiently by checking the paths that are checked in the malware, instead it analyzes everything. Another error we noticed was that the decryptor tries to remove a ransom note name that is NOT<\/strong> the same that the malware creates in each folder. This does not make any sense unless, perhaps, the Babuk developers\/operators are delivering a decryptor that works for a different version and\/or sample.<\/p>\n

The problems with the Babuk decryptor left victims in horrible situations with permanently damaged data. The probability of getting a faulty decryptor isn\u2019t persuading victims to pay up and this might be one of the main reasons that Babuk\u00a0 announced that it will stop encrypting data and only exfiltrate and extort from now on.<\/p>\n

Initial-Access-Brokers Offering VMware vCenter Machines<\/h2>\n

It is not only ransomware groups that show an interest in virtual systems; several initial access brokers are also trading access to compromised vCenter\/ESXi servers on underground cybercriminal forums. The date and time of the specific offering below overlaps with the disclosure of CVE-2021-21985, but McAfee ATR hasn\u2019t determined if this specific CVE was used to gain access to ESXi servers.<\/p>\n

Patching and Detection Advice<\/h2>\n

VMware urges users running VMware vCenter and VMware Cloud Foundation affected by CVE-2021-21985 and CVE-2021-21986 to apply its patch<\/a> immediately. According to VMware, a malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. The disclosed vulnerabilities have a critical CVSS base score of 9.8.<\/p>\n

However, we do understand that VMware infrastructure is often installed on business-critical systems, so any type of patching activity usually has a high degree of impact on IT operations. Hence, the gap between vulnerability disclosure and patching is typically high. With the operating systems on VMware being a closed system they lack the ability to natively install workload protection\/detection solutions. Therefore, the defenses should be based on standard cyber hygiene\/risk mitigation practices and should be applied in the following order where possible.<\/p>\n

    \n
  1. Ensure an accurate inventory of vCenter assets and their corresponding software versions.<\/li>\n
  2. Secure the management plane of the vCenter infrastructure by applying strict network access control policies to allow access only from special management networks.<\/li>\n
  3. Disable all internet access to vCenter\/VMware Infrastructure.<\/li>\n
  4. Apply the released VMware patches.<\/li>\n
  5. McAfee Network Security Platform (NSP) offers signature sets for detection of CVE-2021-21985 and CVE-2021-21986.<\/li>\n<\/ol>\n

    Conclusion<\/h2>\n

    Virtualization and its underlying technologies are key in today\u2019s infrastructures. With the release of recently discovered vulnerabilities and an understanding of their criticality, threat actors are shifting focus. Proof can be seen in underground forums where affiliates recruit pentesters with knowledge of specific virtual technologies to develop custom ransomware that is designed to cripple these technologies. Remote Desktop access is the number one access vector in many ransomware cases, followed by edge-devices lacking the latest security updates, making them vulnerable to exploitation. With the latest VMware CVEs mentioned in this blog, we urge you to take the right steps to secure not only internet exposed systems, but also internal systems, to minimize the risk of your organization losing its precious VMs, or gold, to cyber criminals.<\/p>\n

     <\/p>\n

    Special thanks to Thibault Seret, Mo Cashman, Roy Arnab and Christiaan Beek for their contributions.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale…<\/p>\n","protected":false},"author":1170,"featured_media":121867,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[6327],"class_list":["post-123094","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nAre Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-10T15:21:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-08T05:38:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"614\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ATR Operational Intelligence Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ATR Operational Intelligence Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/\"},\"author\":{\"name\":\"ATR Operational Intelligence Team\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/668134594f276e8743322ec163337c6f\"},\"headline\":\"Are Virtual Machines the New Gold for Cyber Criminals?\",\"datePublished\":\"2021-06-10T15:21:43+00:00\",\"dateModified\":\"2024-07-08T05:38:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/\"},\"wordCount\":1450,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/\",\"name\":\"Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg\",\"datePublished\":\"2021-06-10T15:21:43+00:00\",\"dateModified\":\"2024-07-08T05:38:48+00:00\",\"description\":\"Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg\",\"width\":614,\"height\":300,\"caption\":\"AI Cyber Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Are Virtual Machines the New Gold for Cyber Criminals?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/668134594f276e8743322ec163337c6f\",\"name\":\"ATR Operational Intelligence Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/a7a29f6cfb004e05c7ac7a98652288d8\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee-Advanced-Threat-Research-CTF-docx-1-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee-Advanced-Threat-Research-CTF-docx-1-96x96.png\",\"caption\":\"ATR Operational Intelligence Team\"},\"description\":\"McAfee\u2019s Advanced Threat Research Operational Intelligence team operates globally around the clock, keeping watch of the latest cyber campaigns and actively tracking the most impactful cyber threats.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/atr-operational-intelligence-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog","description":"Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog","og_description":"Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2021-06-10T15:21:43+00:00","article_modified_time":"2024-07-08T05:38:48+00:00","og_image":[{"width":614,"height":300,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg","type":"image\/jpeg"}],"author":"ATR Operational Intelligence Team","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"ATR Operational Intelligence Team","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/"},"author":{"name":"ATR Operational Intelligence Team","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/668134594f276e8743322ec163337c6f"},"headline":"Are Virtual Machines the New Gold for Cyber Criminals?","datePublished":"2021-06-10T15:21:43+00:00","dateModified":"2024-07-08T05:38:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/"},"wordCount":1450,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/","name":"Are Virtual Machines the New Gold for Cyber Criminals? | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg","datePublished":"2021-06-10T15:21:43+00:00","dateModified":"2024-07-08T05:38:48+00:00","description":"Introduction Virtualization technology has been an IT cornerstone for organization for years now. It revolutionized the way organizations can scale up IT","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/05\/AdobeStock_315095274_614x300-1.jpg","width":614,"height":300,"caption":"AI Cyber Security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/are-virtual-machines-the-new-gold-for-cyber-criminals\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Are Virtual Machines the New Gold for Cyber Criminals?"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/668134594f276e8743322ec163337c6f","name":"ATR Operational Intelligence Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/a7a29f6cfb004e05c7ac7a98652288d8","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee-Advanced-Threat-Research-CTF-docx-1-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee-Advanced-Threat-Research-CTF-docx-1-96x96.png","caption":"ATR Operational Intelligence Team"},"description":"McAfee\u2019s Advanced Threat Research Operational Intelligence team operates globally around the clock, keeping watch of the latest cyber campaigns and actively tracking the most impactful cyber threats.","url":"https:\/\/www.mcafee.com\/blogs\/author\/atr-operational-intelligence-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/123094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1170"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=123094"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/123094\/revisions"}],"predecessor-version":[{"id":196093,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/123094\/revisions\/196093"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/121867"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=123094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=123094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=123094"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=123094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}