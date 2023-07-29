An increasing number of connected devices, proliferation of IoT resources, the many independent systems, software and applications could make data centers an opportunity for IT criminals. Emanuele Temi, Technical Sales Engineer di Nozomi Networksexplains the reason for this potential danger.

Modern data centers use a large variety of cyber-physical systems to monitor and manage day-to-day operations affecting the whole infrastructure. From heating to ventilation, from cooling systems to uninterrupted power supply systems. All of which can somehow be exploited by threat actors to cause major failures and a complete shutdown of the data center.

Too much exposure and vulnerability

In fact, IP-connected equipment installed in and around the data center infrastructure is vulnerable to cyberattacks. Energy supply systems that are often remote controlled. If compromised, they could lead to no backup power for the data center itself. Also, the control systems of these same devices may have outdated firmware because the update operation is too complex or takes too long. A recent research revealed that more than 20,000 data center management tools and applications were exposed on the internet increasing the threat of a cyber attack. Many of these tools were still password protected by default making them easy targets for malicious actors.

The risks of IoT resources

Furthermore, the rapid proliferation of integrated IoT systems in the data center ecosystem has indirectly exacerbated the situation. IoT assets come with risks of their own, as many don’t support basic security features, such as strong passwords and self-patching. Even in this case it is quite common to find them protected with default passwords, making them a target for attackers seeking access to the corporate network aimed at stealing confidential data.

Becoming an opportunity for cybercrime

Today, the IoT infrastructure includes CCTV, access control, fire protection and extinguishing systems. These are areas apparently far from traditional cyber infrastructure. This is why it is possible that they are not considered at risk of violation, and consequently, that they have a low priority in terms of maintenance and updates. In fact, one of the largest DDoS attacks, which recorded 1.1Tbps, involved 150,000 CCTV cameras being used as part of an army of botnets to attack the infrastructure of a French web hosting company.

The role of third-party vendors

Within the data center ecosystem, there are a multitude of third-party vendors offering OT/IoT systems with their own software and applications. The introduction of different products and technologies increase the scale of attacks for cybercriminals. As third parties they can gain access to the network for maintenance and technical assistance, adding an extra layer of complexity for administrators looking to control entry and secure their data centers. All of these factors – the growing number of connected devices, the proliferation of IoT resources lacking basic security features, and the abundance of independent systems, software and applications – make data centers a potential haven for cybercriminals.

Violations bring far-reaching damage

Cyberattacks are becoming more sophisticated and their impact more serious. A successful attack on these infrastructures can easily paralyze hundreds or thousands of systems and services. In 2021, two of the largest data centers in Asia fell victim to attacks in which bad actors accessed the credentials of more than 2,000 companies, including tech giants like Apple, Uber and Microsoft. The data included personal information, such as emails, passwords and phone numbers, which was leaked on a cybercriminal forum with far-reaching consequences.

Are data centers an opportunity for cybercrime?

With login credentials, cybercriminals gain access to sensitive customer information, payment data, and other personally identifiable information. All of this could be used to commit financial fraud and identity theft, to gain access to the corporate network and steal intellectual property and trade secrets, or to launch other attacks against third-party companies.

There are many reasons for the attacks

Financial gain is just one reason for data center attacks. Different categories of cybercriminals might have a lot of motives different. For example, they could launch a cyberattack on a data center’s heating, ventilation, and cooling (HVAC) systems in retaliation against an associated organization. Or parastatal groups could cut power to servers to wreak havoc or disrupt operations. Or steal sensitive data and sell it to the highest bidder or to an enemy state of the victim.

Proteggere i sistemi OT/IoT

Several cybersecurity solutions are available to help administrators overcome the security challenges of OT/IoT systems in data centers, and here are some of the considerations when purchasing such a system:

Asset visibility. One of the biggest challenges in securing complex data center environments is understanding what’s on the network and anticipating risk. Asset visibility is an indispensable aspect of industrial cybersecurity and is one of the most underestimated in the OT space. According to the Ponemon Institute, only 45% of organizations are able to locate and maintain an inventory of all connected devices anywhere on the OT network throughout their asset lifecycle. Administrators need visibility into all industrial, building automation and virtual assets on the network to diagnose threats and identify vulnerabilities before they impact operations.

Fragility to be exploited

Threat detection. Cybercriminals are constantly looking for vulnerabilities. Indeed, there are bots that continuously scan the Internet for elements of fragility to exploit. OT networks are more complex than IT networks and include many assets from different manufacturers. This large number increases the attack surface, giving attackers more attack vectors. Why data centers could be an opportunity for cybercrime For example, a new wave of threats called wipers often focuses on data center servers and computers. However, the latter also have many other types of devices that could be compromised, such as HVAC controls, CCTV or uninterruptible power systems. UPSs are among the systems at the highest risk of cyber attack. Having a solution that provides the most up-to-date information on emerging threats, such as zero-day attacks, malware, botnets and device vulnerabilities, helps IT keep one step ahead of the bad guys.

Know how to manage the large number of OT and IoT systems

Scalability. Today’s data centers use smart, connected devices to manage day-to-day operations. As they grow to meet business demands, there will be more OT/IoT resources for site security. Like badge access for all doors, biometric scanners, CCTV. All elements necessary to protect the physical perimeter of the data center. Furthermore, the number of critical infrastructures required to ensure effective and efficient operation of the data center itself grows as the size of the data center increases which, in turn, expands the attack surface. Scalability brings increased risk of cyberattack. An ideal solution must be able to scale to handle the large number of OT and IoT systems present today and in the future.

