Which of the following has MOST likely occurred?

A company provides on-demand virtual computing for a sensitive project. The company
implements a fully virtualized datacenter and terminal server access with two-factor authentication
for access to sensitive data. The security administrator at the company has uncovered a breach in
data confidentiality. Sensitive data was found on a hidden directory within the hypervisor. Which of
the following has MOST likely occurred?

A company provides on-demand virtual computing for a sensitive project. The company
implements a fully virtualized datacenter and terminal server access with two-factor authentication
for access to sensitive data. The security administrator at the company has uncovered a breach in
data confidentiality. Sensitive data was found on a hidden directory within the hypervisor. Which of
the following has MOST likely occurred?

A.
A stolen two factor token and a memory mapping RAM exploit were used to move data from
one virtual guest to an unauthorized similar token.

B.
An employee with administrative access to the virtual guests was able to dump the guest
memory onto their mapped disk.

C.
A host server was left un-patched and an attacker was able to use a VMEscape attack to gain
unauthorized access.

D.
A virtual guest was left un-patched and an attacker was able to use a privilege escalation attack
to gain unauthorized access.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


TWB

TWB

VM Escape simply means the attacker is able to run malware or code on a virtual machine that allows an operating system running within it to break out and interact with the hypervisor.