More than 20,000 data centers and ILO are exposed to threat actors

Security researchers at Cyble have identified more than 20,000 instances of data centers that are exposed publicly and could cause catastrophic results if breached by hackers. These data centers are monitoring power distribution centers, HVAC control units, devices and more, which why the breach will be devastating.

These data centers should have strong safety regulations to manage fire breakout, storms, physical security and electric failure. Since most of these data centers aren’t managed staff hence their configurations aren’t up-to-date which is why optimal physical protection and performance aren’t enough to keep them secured.

Unprotected data centers is concerning

Cyble researchers have managed to find 20,000 instances of publicly exposed data centers including the ones that has thermal and cooling dashboards, rack monitors, UPS controllers, humidity controllers and transfer switches. Also, the Cyble team were able to crack and extract passwords of the dashboards which they later used to breach the actual database instances.

It also provides full remote access to the data center with status reports, and also the ability to configure various system parameters. Default passwords which are even easier to breach and can be overridden by hackers without any challenges is also a major concern.

Effects of unsecured data centers

After proper investigation the Cyble team figured out that anybody will be able to modify the temperature and humidity settings, alter the voltage parameters to unbearable levels, change or disable cooling units configurations, shutdown UPS devices, alter backup schedules and create fake alarms.

These modifications or privileges can cause data loss, system breakage, economic impact, financial loss and reputation damage for organizations associated with those data centers.

It is also to be noted that hackers can compromise these data centers, extract data and use it for their own benefits in complete stealth thus keeping the breach absolute silent. A similar incident was seen in March 2021 at Strasbourg when a power failure interrupted the data centers operation and caused security concerns.

Not just data centers the ILO also needs proper protection

Furthermore, security researcher and a ISC Handler Jan Kopriva have found around 20,000 servers with ILO management interfaces that are exposed to public. The integrated Lights-Out (ILO) management interfaces are used by administration for remote access, manage power settings, shutdown or reboot the systems as if they are present before them in real time.

When these ILO’s aren’t secured properly, it will allow threat actors to take complete access of the servers and modify the configurations as per their need. Thus it is important for these data centers to secured both DCIM and their ILO before threat actors take advantage of the same.

The Cyble team has reported the same to CERT and shared the list of publicly exposed DCIM.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.