Cybercriminals are increasingly targeting hypervisors—core to most modern data centres—rather than individual virtual machines. Recent Huntress research reveals attackers are exploiting security gaps and weak visibility at the hypervisor level, putting entire virtual estates at risk. Traditional security tools often overlook hypervisors, making them vulnerable to ransomware, especially given broad attack surfaces and frequent patch neglect.
Organisations running technologies such as VMware, Hyper-V, or KVM must enhance hypervisor monitoring, enforce robust credential controls, automate patching yet maintain oversight, and conduct regular configuration audits. Strengthening incident response plans is essential, as a breach could disrupt all managed machines. Integrating hypervisor security into defence strategies is now imperative for mitigating major operational risks.
Hypervisors Under Siege: Ransomware Operators Set Sights on Virtualisation Infrastructure
