Hypervisor Compromised

Description

If the attacker has the control over the hypervisor, then the full access to VMs will be under threat. In order to overcome this situation, the following plans and ideas can be helpful. The document outcome is the ideas discussed among the SMEs.

Mitigation Ideas

Limit the access to admin
PEN Testing the accounts to evaluate the security. Example: Brute force test on password.
Having Backups of Hypervisor and nodes for Fallback/re-deployment
Performing Audits periodically

Response Plan

Updated backups that can be written over the compromised systems.
A Kill-switch to stop the process.

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of Contact: Rily and/or Robert

Second Responder Team

Point of Contact: Kyle and Haxhi

PreviousDDOS Attack NextPower and Backup Failure

Last updated 2 years ago