\u201cGlobally data centers are becoming faster, smarter, and highly scalable but this development comes at a price, as with great power comes significant responsibilities and greater risks of cyberattacks,\u201d they wrote. \u201cAs data centers work with the collaboration of multiple technologies and software, vulnerabilities and loopholes can be easily found by malicious hackers. Moreover, data centers are rapidly upgrading. Hence hackers are exploring new vectors to bypass the security parameters.\u201d<\/p>\n
See also: Top Vulnerability Management Tools<\/a><\/p>\n DCIM is becoming an increasingly important part of data center management. The software tools address both IT and facilities operations, managing and controlling such data center components as servers, storage, routers and switches, along with heating, ventilation and cooling (HVAC) systems, uninterruptible power supply (UPS) systems, sensors, transfer switches \u2013 used to redirect a power load to an alternate source \u2013 and server rack monitoring solutions.<\/p>\n According to market research firm KVB Research, the global DCIM market is expected to grow an average of 21.7 percent a year through 2026, when it will hit $4.4 billion<\/a>. The analysts wrote that the rising demand for data center virtualization, the ongoing migration of business into private clouds and the drive to improve cost efficiencies within the data center are helping to fuel the market growth.<\/p>\n Because of the reach DCIM software has in data centers, it is getting the attention of threat actors, according to the Cyble researchers. For example, hacktivists could launch an attack on a specific data center\u2019s HVAC system in retaliation for some actions by a person or group connected to the facility. Ransomware gangs<\/a> could block IT and facilities managers from DCIM applications and demand money to regain access, and hackers could get access to highly sensitive data.<\/p>\n State-sponsored groups could disrupt power to critical data center components and cause a shutdown of the site, they wrote.<\/p>\n \u201cData centers are the most important critical infrastructure for the nation and the organization using the data center facilities,\u201d the researchers wrote. \u201cA successful attack on this vital sector can lead to the loss of a considerable amount of money. The data stored and processed in the data centers can be corrupted and destroyed, which can cause a severe impact on the organization\u2019s brand reputation. Hackers can even delete the traces of their attack by deleting the logs from … web consoles.\u201d<\/p>\n Also read: Critical Infrastructure Protection: Physical and Cyber Security Both Matter<\/a><\/p>\n Data centers also use many products from various vendors, which increases the scope of attack for cybercriminals. Security professionals told eSecurity Planet<\/em> that allowing these applications to be exposed to the internet is a dangerous move by data center operators and vendors alike.<\/p>\n \u201cThere can be no real security if physical security of a system is compromised,\u201d said John Bambenek, principal threat hunter for cybersecurity company Netenrich. \u201cThese systems provide attackers a good deal of insight into the physical layer of data center operations and, in some cases, allow them to make changes that can compromise the underlying systems. It\u2019s been a best practice not to put things on the Internet, accessible to the world and protected by default credentials since the \u201990s. This is laziness at its worst.\u201d<\/p>\n ‘Exposing that to the public internet is like allowing terrorists to direct air traffic control’<\/p><\/blockquote>\n Sounil Yu, CISO for cybersecurity vendor JupiterOne, said that \u201cIt\u2019s easy to lose sight of these applications without a good asset management program. It\u2019s worse with\u00a0DCIM tools, since they are part of one\u2019s control plane. Exposing that to the public internet is like allowing terrorists to direct air traffic control.\u201d<\/p>\n See also: Top IT Asset Management Tools for Security<\/a><\/p>\n Cyble\u2019s researchers said they detected instances of software from Sunbird, Liebert, APC by Schneider, Vertiv and Device42 that could be accessed by threat actors on the outside. APC by Schneider accounted for more than half the public-facing instances found by the researchers.<\/p>\n They also found instances of public-facing software from Device42, Liebert\u2019s CRV-iCOM cooling solution and smart UPS still running factory default passwords. They were \u201cable to find several instances exposed over the internet while investigating the scope of attacks on data centers all over the globe. Default passwords protected these data centers. Some of the products found were outdated, allowing hackers or malicious groups to exploit the data center\u2019s systems further.\u201d<\/p>\n In addition to building and room security, monitoring server racks are critical as data storage, and processing equipment are installed in racks, the researchers noted. \u201cA change in external parameters could cause severe damage,” they said. “For example, an increase in temperature might cause the chips inside to melt and bring the entire system to a halt. Furthermore, the chips\u2019 processing power slows down and loses efficiency if they run too cold.”<\/p>\n They found multiple exposed web interfaces used for rack monitoring, with the interfaces using default passwords, \u201cmaking it easy for a hacker to gain insights into a data center. As there are multiple sensors, power units, networking devices, CCTV cameras connected to these portals, there is a lot of scope for a hacker to gain sensitive information about the components within the data center and their working.\u201d<\/p>\n The Cyble researchers noted that even organizations that are already spending millions of dollars to protect their data centers and ensure there are no downtimes or security breaches need to take a holistic view of their facilities and look for openings that threat actors could exploit.<\/p>\n Enterprises need to adopt a risk management<\/a> framework, such as the RMF framework from NIST, as well as embrace security awareness programs<\/a>, path vulnerabilities, implement access controls<\/a> on connected systems, launch network segmentation<\/a> efforts and run regular audits. The researchers also urged strong password<\/a> policies, vulnerability assessment<\/a> programs and using threat intelligence<\/a>.<\/p>\n And reconsider using applications and instances exposed to the internet.<\/p>\n \u201cPublic-facing web instances are a significant threat for the critical sectors which go unaddressed by the security teams,\u201d they wrote. \u201cDoing so puts the complete environment at risk of cyber-attack. Checking assets exposure is very important in these sectors.\u201d<\/p>\n Read next: How to Use MITRE ATT&CK to Understand Attacker Behavior<\/a><\/p>\n\n\nGrowing Presence of DCIM Software<\/strong><\/h2>\n
Public-Facing Software a Threat<\/strong><\/h2>\n
APC by Schneider, Sunbird, Liebert on List<\/strong><\/h2>\n
Reconsider Web Exposure<\/strong><\/h2>\n
![\"NIST](\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2022\/02\/Cyble-framework.png\")
<\/p>\n