CCSK Exam - Question 35

Virtual machine hyper jumping (VM jumping) is an attack method that exploits the hypervisor’s weakness that allows a virtual machine (VM) to be accessed from another.

ENISA (page 54) "‘VM hopping’: in which an attacker hacks a VM using some standard method and then – exploiting some hypervisor vulnerability – takes control of other VMs running on the same hypervisor"

ENISA page 54: Another scenario is ‘VM hopping’: in which an attacker hacks a VM using some standard method and then – exploiting some hypervisor vulnerability – takes control of other VMs running on the same hypervisor.

The correct description of VM hopping according to ENISA (European Union Agency for Cybersecurity) is: D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs. VM hopping refers to a scenario where a compromised virtual machine (VM) is used as a stepping stone to exploit vulnerabilities in the hypervisor or virtualization layer. The attacker aims to gain control over the hypervisor, which manages and oversees the execution of multiple VMs, and subsequently take control of other VMs hosted on the same hypervisor. By compromising one VM, the attacker attempts to "hop" from that initial foothold to gain unauthorized access to other VMs or critical resources within the virtualized environment. This type of attack can have severe consequences as it allows the attacker to move laterally across VMs and potentially compromise the entire virtualized infrastructure.

The closest answer is B - looping within the same hypervisor/physical host. D is closest to the ENISA wording but it foundationally wrong as it claims "Using a compromised VM to exploit a hypervisor". VM hopping normally does not involve exploiting the hypervisor but using an existing vulnerability that allows traffic to go where it is not supposed to go. That passive use, rather than active exploit makes D foundationally wrong