Four types of cyber-attack that could take down your data center
Scour the homepage of any company selling data center services, and you’ll probably find the phrase ‘security’ appears more than a few times.
As businesses embrace cloud-services, they entrust their data into these electronic vaults — and the key assumption is, naturally, that they will be heavily fortified against cyberattacks.
And for the most part, they are. The majority of cloud-related security incidents come down to misconfigurations on the side of the customer. For providers, there is too much to lose, and there are processes, protocols, failovers, tools, and even physical personnel on hand to ensure that if something does happen, the impact will be minimized.
But whether it’s those owned by public cloud giants like AWS or Azure, private managed-hosting arrangements, co-location facilities, or those on-site, data centers have their own vulnerabilities. Breaches and outages do happen. Beyond the hardware, there is still a single point of failure — services run on the same software and there is the chance of an update causing problems across multiple regions.
“It’s a universal truth in IT that everything eventually fails,” Databarracks’ managing director Peter Groucutt previously told TechHQ. With that in mind, as we place more trust in them than ever before, here are some of the most common cyber threats facing the data center.
Distributed Denial of Service (DDoS) attacks are the most common types of attacks. Antivirus software provider Norton calls these attacks — where hackers attempt to make a website or computer unavailable by flooding or crashing the website with too much traffic — “one of the most powerful weapons on the internet.” A report by Netscout in 2018 found that 92% of US businesses had experienced such an attack.
DDoS attacks are a direct and immediate threat to data center uptime. And with a continued rise in poorly-secured IoT connected devices, attackers have better opportunities to build vast botnets to launch them.
In June last year, “network congestion” led to a Google Cloud outage, which saw at least 16 of Google’s products out of action for the period — including the entire G-Suite, Gmail, Google Docs, Google Drive, Google Cloud, and YouTube.
Cybercriminals are now targeting enterprise infrastructure with ransomware, and the damage can be extensive and long-lasting. South Korean hosting firm Nayana, for example, was attacked by ransomware which led to thousands of hosted customer websites on its servers going offline for weeks. Not all were recovered even after a US$1 million ransom was paid.
In September, Equinix, one of the world’s largest providers of on-demand colocation data centers, disclosed its own internal systems had been victim to a ransomware breach, though, luckily, its core customer-facing services hadn’t been affected.
These types of attacks could not only threaten customer data on a provider’s servers but completely undermine trust in that service. Data isn’t just at risk of being published, but being changed permanently, threatening its integrity.
External services can often be overlooked when it comes to data center security management, such as cloud access security brokers or external DNS servers. Attackers can then target those external dependencies to cause harm.
Last year, NordVPN — whose leading virtual private network services are used by businesses to protect sensitive data — confirmed one of its data centers had been hacked in 2018 after it installed a third-party remote access system without informing a customer, which led to an insecure server.
In 2016, an attack against DNS provider Dyn took down services in Europe and North America, which affected services including Boston Globe, CNN, Comcast and PayPal among others.
While not affecting data center services directly, attacks on web or server applications — such as a customer dashboard or control panel — can still effectively shut down services by making it unavailable. These kind of breaches can be carried out through brute force attacks, stemming back to poor password security.
These attacks are more targeted, require less bandwidth, but can ultimately take services out of action.