Why is it important to protect Data Centers?
Ransomware, COVID-19, and nation-state attacks made 2020 a banner year for cybercrime. Many organizations were caught off guard and it doesn't look like this year is going to be any better on the cybersecurity front. Next we will see certain points that make us more vulnerable.
1. Attacks on the company from home
The pandemic has caused a global change in the way employees access corporate systems. Although there has been a total shift towards remote working, we have yet to see any large-scale attacks using less protected home networks. That may be about to change.
According to many professionals in the cybersecurity world, they believe that this is the next wave, because home environments are not as secure as corporate networks.
If attackers target company or data center employees working from home, they can enter through the weakest points.
Family members log into their company or school networks or use the Internet for entertainment. There are no enterprise-grade firewalls, and there are many connected consumer devices that can be much less secure than working directly from the enterprise itself implies.
2. Attackers will start using AI
For a couple of years, the potential of Artificial Intelligence for malicious purposes has been seen. Attackers use deep forgeries to impersonate company executives and steal money, for example. Researchers have shown that AI can be used to create new malware, improve phishing emails, or find new ways to penetrate corporate networks.
However, as companies beef up their defenses and improve backup systems, attackers are already investing and innovating. AI promises the ability to create highly scalable, fully automated, and personalized attacks for each victim.
AI is used to generate denial of service attacks that can shut down data centers or make ransomware more aggressive.
Even more worrisome, artificial intelligence is being integrated into exploit kits and software development kits. For example, attackers are using AI-powered user behavior analytics to create better phishing attacks and find open firewall ports.
3. More attacks on the management layer
They are entering the management layer, which is the most dangerous part of any attack. Once they enter the management layer, they can enter anywhere. Before, they can target a weakness of the server or an end user, but when they enter the management layer, they have access to anything and can go anywhere. It is really dangerous for any company. An example of this is the attack on SolarWinds, which went behind the network management layer.
4. Attacks on SNMP traffic
SNMP (Simple Network Management Protocol) is used to manage devices such as modems, printers, routers, switches, and servers. It is a fundamental communication medium within a data center.
Virtually no firewall can stop SNMP traffic. Cybercriminals who compromise these communications can target any component of the data center environment, including air conditioning and uninterruptible power supplies.
5. Attacks that originate from the cloud
Credentials are exposed and attackers break into a company's cloud infrastructure to, for example, steal computing resources for crypto mining. Cloud storage repositories are accidentally exposed, allowing attackers to steal data. Stolen credentials can also be used to gain access to online systems, such as Office 365, as was the case in some of the SolarWinds attacks.
But in 2021, we could start to see more attacks starting in a company's outsourced cloud infrastructure used as a starting point for attacks on local systems.
Traffic that comes from a company's own cloud instances is generally considered more secure than traffic that comes from the general public Internet. Connections between a company's cloud applications and local data stores, for example, could be considered reliable communications.
6. The 5G threat
Once 5G is widely available, the floodgates will open and both cybercriminals and cyberprotectors around the world will experience a rapid learning curve. Deep speed and reach will connect businesses more than ever, that means a successful attack can have a massive ripple effect.
Data center security managers should work closely with their service providers when new technology is implemented to ensure that security is prioritized and not left as an afterthought.
7. Copycat attacks on the supply chain
With the high-profile success of the SolarWinds attack, data center administrators should expect to see many more attacks against their technology vendors. Successful publicly known attacks generally lead to a significant increase in similar attacks.
Data centers can expect to see attacks against software vendors, technology providers, contractors, managed service providers, and other third parties.
8. Even more ransomware
The ransomware is so profitable that there is little chance of its going away except for concerted international action to shut down bitcoin payments and extradite criminals from Russia and other safe havens from cybercrime.
A new type of ransomware that data centers may face this year is that attacking converged IT and OT networks, as industrial control systems and OT devices often monitor critical processes.
They cannot be replaced or turned off for updates, without severe service disruption. That means that if they are attacked by ransomware or other extortion-type attacks, data centers will not be able to recover as quickly as from traditional ransomware attacks.
Authors: Oriol Lalaguna & Jan Fité
Add new comment