Tens of thousands of publicly accessible data center infrastructure management (DCIM) applications are exposed on the internet, many with default passwords.
Researchers from the cyble research lab warned that they found over 20,000 cases of publicly exposed data center infrastructure management (DCIM), uninterruptible power supply (UPS) systems, heating, ventilation and cooling systems (HVAC), transfer switches, and power distribution units online which hackers could easily access. They also warned that hackers could monitor and manipulate systems, resulting in failures and outages.
Data centers house high-cost systems supporting business storage solutions, data processing, operational systems, website hosting, and many more.
Cyble stated that sunbird dc-Track’s DCIM solution’s dashboard allows hackers with access to the admin console to access everything managed by the dashboard. Hackers can easily manipulate the racks’ real-time humidity and temperature, which can overheat and damage devices.
Cyble also discovered that Device 42’s DCIM tool runs on default admin passwords. An attacker who has access can easily find storage and network switching, chasis and blades, IP subnets, bare metal servers, and cloud services. This access also allows hackers to monitor the IP addresses and collect database details.
Additionally, Cyble discovered that Liebert CRV-ICOM solutions that provide temperature and humidity control run on default passwords, allowing hackers to access the facility’s cooling units.
Potential impact
Systems are exposed without adequate protection. This means that anyone could alter temperature and humidity thresholds, deactivate cooling units, turn off consoles, or create false alarms. They could even put UPS devices to sleep, or change backup time intervals. This is dangerous as it may result in physical damage, system destruction, data loss, and many more.
Stored and processed data in the data centers can be corrupted or destroyed. Also, hackers can sell sensitive information on dark web markets and forums.
The following recommendations were made by cyble to administrators:
- Cyber awareness programs are a must for employers to understand new risks and threats emerging in the cyber world.
- A risk management framework should be applied to the critical infrastructure.
- Security vulnerabilities must be patched quickly before hackers exploit them.
- Administrators should implement proper access control on all the connected assets as a first step towards ensuring security.
- A strong password policy within the organization is vital as data leaks happen daily.
- Vulnerability assessment and penetration testing exercises should be conducted to understand the current system’s flaws.
