Information centers are the target of cyber attacks. How can they be protected? –

ESET experts note the growing threat of cyber attacks on data centers, which, among others, means the loss of access to a number of key services. What are the main risks? How can data centers be protected from attacks?

Also read:

Cybersecurity: What cyber attacks threaten us in 2022?

Why can data centers be the main target of attacks?

With the COVID-19 pandemic and the resulting increase in the number of remote workers on duty, the focus on cybersecurity has shifted to a scattered workforce. The risks of having multiple endpoints and the increasing attack surface area remain important issues to be monitored.

However, this should not detract from the importance of data center security, which is one of the most attractive targets for advanced cybercriminals. They are of great interest because they are a key link in the global supply chain. Kamil Sadkovsky, a senior cybersecurity expert, said that depending on the target, the attack could affect any number of key industries, from healthcare to finance, energy and transportation. – Data centers are nominally better protected than many local corporate IT assets, but due to their size, a successful attack can be more beneficial. Such a calculation, of course, motivates us to commit acts of hostility – he adds.


How to protect data centers?

Meeting rooms should be provided with access control, intrusion detection, for example, with the help of CCTV, search database of entrances and exits, protection of cabinets, anonymization and destruction of resources.

What are the main risks?

Despite the huge global security spending in 2020, data center owners need to understand that the threat landscape is constantly changing. In the case of cyberattacks, one of the probable goals is to disrupt the provision of services or destroy strategic information. This means that malware, distributed DDoS attacks and even physical threats will be among the biggest threats.


To date, ESET has already detected three types of destructive malware in Ukraine before and during the conflict. HermeticWiper, IsaacWiper and CaddyWiper are ransomware threats, the first of which was used a few hours before the invasion. The next day, IsaacWiper hit Ukrainian organizations. In both cases, these are attacks that have been planned for months, with the main goal of destroying strategic information and disrupting key systems.

Although none of the malicious ransomware programs targeting Ukrainian institutions are aimed at data centers, the example of 2017 shows what the consequences of such an attack could be. NotPetya, a series of cyberattacks using masked software such as a ransom program, actually worked on a principle similar to HermeticWiper. Eighty percent of the attacks targeted systems located in Ukraine, including strategic elements of Ukraine’s infrastructure, such as ministries, banks, metro systems and state-owned enterprises, Kamil Sadkovsky added.

Service denial attacks

We have also witnessed major DDoS campaigns against Ukrainian state-owned banks and government parties. Kyiv officials confirm that government forces have been under constant attack since the occupation began. Keep in mind that DDoS attacks can be used to distract data center security personnel when attempting to install more covert, destructive malware.

Physical attacks on data centers

Although this is the least likely scenario, provocative attacks on information centers cannot be ruled out as the war intensifies in Ukraine. Current reports indicate that the Swiss information center of the SWIFT interbank service has recently been placed under the protection of an armed guard. This comes with the risks highlighted in the UK’s new National Security Center (NCSC) guidelines.

Leading cybercriminal groups have demonstrated their skills and determination in the past with campaigns such as the SolarWinds attacks, which violate the network security of at least nine US government agencies. Attackers can spend months preparing tools and conducting reconnaissance before launching enemy operations. Therefore, strengthening security is something that data center operators must take into account – warns ESET expert.

Data center operators need to focus on six key areas:

  • Physical perimeter of the data center, including all buildings.

  • Information hall with special attention to access control in shared data centers.

  • Meeting rooms should be provided with access control, intrusion detection, for example, with the help of CCTV, search database of entrances and exits, protection of cabinets, anonymization and destruction of resources.

  • Managing an appropriate safety culture supported by people, ie training and awareness.

  • Supply chain with risk assessments covering physical, personnel and cybersecurity threats.

  • Data center owners should optimize their preventive measures, not rule out compromises, and, above all, take steps to identify threats and respond to them quickly to minimize their impact.

Leave a Comment