Data Center Vulnerabilities Can Be Mitigated By Knowledgeable Operators
We have repeatedly reported here in hackercombat.com about stories regarding email triggering malware intruding into the internal network and eventually leaking a considerable amount of personal information from data centers in many instances. Specifically, after grasping the name and business content of the recipient, an email disguised to misunderstand the business email sent from an external party is sent. The trick is to embed a link to download malware and invite false clicks. Devices that have been caught by this targeted attack and downloaded malware are connected to an external C&C (Command & Control) server.
It is difficult to implement thorough countermeasures such as “Do not open” and “Do not click”. In addition, firewalls and IDS / IPS, which are common network defense measures, can easily block external communications, but basic information is sent from the outside as a response to communications initiated from the inside. Another problem is that it is difficult to prevent individual email recipients from clicking on the malware download link. Even if it keeps saying “Be careful not to download malware” at the individual level, to err is human – something wrong may still happen. Therefore, it is necessary to take some measures on the system side, but the problem is that there is no effective method that can be said to be a magic bullet at this time. Nonetheless, the current cyber attack is not a technique that indiscriminately spreads malware, but it is becoming a full-fledged thing that is prepared after collecting information in advance and preparing carefully should be strongly conscious.
In the case of ransomware, there is no need for elaborate preparation like targeted attacks, and it can be implemented with attacks that exploit vulnerabilities in OS and software, so the scope is wide and indiscriminate attacks can be implemented in a sense become. With regard to ransomware, it can be said that the degree of damage will change depending on prior measures. In the case of a targeted attack, the target is basically a case of possessing valuable information such as a company or public organization, and it is housed in the data center rather than targeting the data center itself. Most examples will target data and systems of specific user companies. To make matters worse, there is no guarantee that it can be solved by paying a ransom, it is possible that the attack will not stop even if the requested amount is paid. If it is regarded as “responding”, the same attack can be repeated many times.
Damage is caused by attacks such as DDoS depends on the ratio of the line bandwidth of the attacker and defender. If you have many broadband connection terminals and you are attacking while amplifying packets, small and medium-sized data center operators may not be able to compete. On the other hand, if the bandwidth is sufficiently large, a few attacks may be overcome without much damage. It really depends on the balance. DDoS attacks are difficult to block because numerous terminals participate in the attack, but it is still possible to respond to some extent. As a proactive approach possible on the data center side, it can be considered to increase the redundancy of the line by peering or the like. For example, a load balancer with enhanced security functions can identify and block DDoS attack packets.
It would be beneficial to deploy such devices to avoid forwarding as many wasted packets as possible. Since the attackers are dispersed, the defenders need to consider dispersion. It seems to be important that ISPs and various network operators work together to block DDoS packets at each point where packets pass. For data centers, various sensor networks are likely to be ahead of cars, but still the awareness of operators are important. We recommend companies that host data in data centers never neglect cybersecurity user-education.