Since the popularity and usage of data centre facilities have scaled up so significantly with the continued and widespread adoption of digital technologies around the world, these massive facilities – acting as collection points for the information of hundreds if not thousands of organisations – make lucrative targets for cyber criminals.

Hackers can sell the information they steal from data centres on the dark web for enormous amounts of money. A Bloomberg report from earlier this year, covering a group of cyber criminals that stole login credentials from data centres in Asia, found that they could sell these credentials for $175 000 on untrackable websites.

The centres that were hacked held information from some of the world’s largest firms, including Amazon, Huawei, Alibaba, BMW, Walmart, Apple, Microsoft and others.

Vulnerabilities in data centre DCIM

Vulnerabilities exist and companies know it. But what they might not be aware of, is that some of the largest holes where threat actors can squeeze through are present in the most innocuous, daily software.

A new blog post from researchers at cybersecurity firm Trellix found that criminals can string together small vulnerabilities in the data centre infrastructure management software (DCIM) that companies use to breach securities and steal information.

The Trellix team investigated several data centres in the United States, as well as the hardware and software that these firms use, and found loopholes ready to be exploited.

“We found four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and five vulnerabilities in Dataprobe’s iBoot Power Distribution Unit (PDU),” the team explained in a statement sent to Hypertext.

CyberPower and Dataprobe both offer popular energy regulation solutions to data centres in the US and other nations, and are often employed in data centres that leverage technology from major cloud providers such as AWS, Google Cloud and Microsoft Azure.

“An attacker could chain these vulnerabilities together to gain full access to these systems – which alone could be leveraged to commit substantial damage. Furthermore, both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data centre devices and enterprise systems,” the researchers continued.

Malware “at scale”

The Trellix team says that by exploiting the vulnerabilities in the solutions of these providers, threat actors can access backdoors where they can unleash “malware at scale” in order to compromise a “huge number of systems and devices. Some data centres host thousands of servers and connect to hundreds of various business applications. Malicious attackers could slowly compromise both the data centre and the business networks connected to it.”

Because these solutions regulate the power of data centres – an incredibly important function for these facilities, that use massive amounts of electricity and water to stay active – criminals could manipulate the energy feed to centres. This could shut down certain parts of facilities, which means the shutting down of websites, business applications, consumer technologies and critical infrastructure that require the centre to operate.

Shutting down power remotely using these vulnerabilities can also lead to actual damage to hardware at facilities. Trellix says that today, 25 percent of power outages of data centres cost more than $1 million to operators.

“This translates to thousands or tens of thousands of dollars lost for every minute an organization’s data centre doesn’t have power,” they say.

Update early, update often

“We are fortunate enough to have caught these vulnerabilities early – without having discovered any malicious uses in the wild of these exploits. However, data centres are attractive targets for cybercriminals due to the number of attack vectors and the ability to scale their attacks once a foothold has been achieved. Thus, we consider it imperative to continue this research and coordinate with data centre software and hardware vendors to address and disclose potential threats to such a core part of our IT infrastructure,” the team says, adding that luckily both CyberPower and Dataprobe have fixed the vulnerabilities since they were discovered.

Finally, the team shares a few recommendations for operators to ensure that their power DCIM are not exploited. Including:

• “Ensure that your PowerPanel Enterprise or iBoot PDU are not exposed to the wider Internet. Each should be reachable only from within your organization’s secure intranet,
• Modify the passwords associated with all user accounts and revoke any sensitive information stored on both appliances that may have been leaked and,
• Update and patch your software as often as possible.”

“It isn’t wrong to say today that proper cybersecurity posture and defences for data centres are essential to the basic functioning of our economy and society,” the researchers warn.

“This level of importance makes them a target for threat actors looking to implement attacks on nation-states, ransom critical infrastructure, or conduct espionage for foreign nations,” they concluded.

[Image – CC 0 Pixabay]