Cyble: Over 20,000 DCIM tools exposed to cyber threats
New data from cybersecurity firm Cyble has uncovered more than 20,000 Data Centre Infrastructure Management (DCIM) tools, including heating ventilation and cooling systems (HVAC), and Uninterruptible power supply (UPS) systems, that are exposed to the internet making them vulnerable to cyber-attacks.
The organisation warns that it is therefore likely that there will be an increase in cyber attacks on data centres worldwide if the issue is not resolved, with many of the DCIM tools investigated using default password details.
What could a cybercriminal potentially do if they gain access to default passwords and DCIM software?
The report stated that “Cyble researchers were able to find several web instances of Liebert CRV iCOM that are still using the default passwords to secure these critical assets of the data centre. As a result, hackers and other malicious threat groups can quickly access cooling units of the data centre and overheat the data units.”
Due to the lack of security of default passcodes, hackers who have solved them will have access to everything that is managed by the admin dashboard of a data centre company’s DCIM software, such as assets, connectivity, power, reports and settings.
In addition, cybercriminals who gain access to the dcTrack dashboard can reset the applications and software, as well as compromise the complete data centre site by uploading malicious backup files, removing current backups, and disrupting the current backup time interval. Also, user credentials can be altered and retrieved from the dashboard, Cyble said in the report.
The motive of the attack depends on the hacker
Cyble says that the reason or motive for an attack is dependent on the hacker carrying it out. For example:
- Hacktivists can launch a cyberattack on a specific data centre site’s heating ventilation cooling systems (HVAC) in retaliation towards the organisation or a party connected to the data centre.
- Ransomware groups can lock administrators out of the DCIM application and demand ransomware amounts in return for data access.
- State-sponsored hackers might disrupt the power supply of critical components of the data centre that can cause a complete shutdown of plant operations, resulting in chaos among the data centre stakeholders.
- Hackers can also steal the sensitive details of the data centre and its components and sell them to bidders at dark web markets and forums.
The overall impact
Data centres are the most important critical infrastructure for the nation and the organisation using the data centre facilities. A successful attack on this vital sector can lead to the loss of a considerable amount of money and the data stored- and processed in the data centres can be corrupted and destroyed, which can cause a severe impact on the organisation’s brand reputation. Hackers can even delete the traces of their attack by deleting the logs from the web consoles found above.
In addition, the company says that data centres are “critical infrastructures with high security, yet the use of multiple vendors and products increases the scope of attack for Threat Actors (TA).” The report lists some other outcomes, including:
Many sensitive details like sensors information, network details, user details, firmware details, backup files, logs, etc., can be used by malicious groups to plan a more threatening and strategic attack towards the complete data centre environment.
A data centre of the financial sector processes a lot of critical data. A cyber-attack on the data centre’s cooling system can result in the loss of this data or even stop the time-sensitive processes connected with the data processed from the data centres.
Suppose a hacker manipulates the controlled parameters of power systems present in the data centre. In that case, the maintenance or repair costs can be huge as there are many devices dependent on the smooth functioning of power systems.
Hackers can sell sensitive information like user credentials, data centre blueprints, and component details on dark web markets and forums to bidders of an enemy nation.
In short, a cyber-attack on data centres can cause chaos among the organisations involved, as confidential data might be stored at that centre. So, it is important for data centre organisations to ensure their DCIM tools and software is as well protected as possible by using strong passwords and using cyber security awareness programmes for employees.