Data centers are expected to be at the forefront of the firing line as cyber hostilities cross Ukraine. Cybersecurity firm ESET has wondered how prepared data center administrators are for the growing risk of cyber-attacks.

Cyber ​​attacks on data centers are becoming a problem that affects everyone. Data centers are expected to be at the forefront of the firing line as cyber hostilities cross Ukraine. Cybersecurity firm ESET has wondered how prepared data center administrators are for the growing risk of cyber-attacks.

The shift to the distracted workforce in cybersecurity with the pandemic and ensuing telecommuting. The threats of the spike in work-from-home endpoints and the growing attack surface of enterprises remain. However, this should not overshadow data center security, as strategically important compute and data centers are among the most attractive targets for advanced threat actors. Data centers are an important link in the digital supply chain, whether owned by a single organization or hosted by multiple customers in centers whose managed service providers are colocation companies and cloud service providers (CSPs). Depending on the data center, an attack can affect many critical sectors, from healthcare and finance to energy and transportation. Data centers are nominally more protected than many on-premises enterprise IT assets, but are a bigger target and thus offer greater profit to attackers.

What are the main threats?

Despite spending $12 billion globally on security in 2020, data center owners should also be aware that the threat landscape is constantly evolving. In a cyber attack, the ultimate goal is service interruption or data damage. Accordingly, some of the main threats are:

malware: ESET has so far detected three types of destructive malware aimed at deleting files used just before and during the conflict in Ukraine: HermeticWiper, IsaacWiper and CaddyWiper. The first of these was distributed a few hours before the start of the invasion. IsaacWiper hit the Ukrainian branches the day after the invasion, but both were planned months in advance. While the initial access vector is unknown, these pieces of malware are written to destroy critical files. None of this software was aimed at removing files, nor did the fourth malware targeting Ukrainian assets, WhisperGate, specifically targeting data centers. However, the previous attack on Ukraine in 2017 caused collateral damage to data centers outside the country. NotPetya was disguised as a financially motivated piece of ransomware, but in reality it worked as HermeticWiper, targeting the Master Boot Record (MBR) of machines so that they could not be rebooted.

Distributed denial of service (DDoS) attacks: We have seen serious DDoS campaigns against Ukrainian state banks and government websites. Officials in Kiev said government sites have been attacked almost constantly since the invasion began, with attacks reaching 100 Gbps in some cases. DDoS can also be used to distract data center security personnel as more stealthy and destructive malware attempts are launched.

physical threats: This may sound like an action movie, but data center sabotage attacks as part of the growing war in Ukraine cannot be ignored. In addition, reports show that a Swiss data center of the interbank service SWIFT has recently been placed under armed guard.

Planning and consolidation time

The fact that there have been no attacks on third countries yet does not mean that data center owners are far from over. Advanced threat groups have historically shown their skills, sophistication and determination in campaigns such as the SolarWinds attacks that compromised the networks of at least nine US government agencies. Attackers can spend months preparing their equipment and reconnaissance. In fact, some groups have already achieved persistence in some data center IT environments.

It is stated that data center owners should focus on the following six main areas:

• The physical environment, including all data center buildings.
• Data room with a special focus on access control in shared data centers.
• meeting rooms (meet-me rooms); access control and scanning must be secured with intrusion detection, such as CCTV, entry and exit searches, rack security, anonymization and asset destruction.
• Folks, this means maintaining a good safety culture supported by education and awareness.
• A supply chain with risk assessments that cover physical, human and cybersecurity risks.
• Data center owners must optimize preventive measures and take compromising measures to quickly detect and respond to threats to minimize their impact.

Source: (BHA) – Beyaz News Agency