More than 20,000 occurrences of publicly accessible data center infrastructure management (DCIM) software that monitors devices, HVAC control systems, and power distribution units have been discovered by researchers. They may be exploited for a number of catastrophic attacks.
Costly systems that support company storage solutions, data processing, internet hosting, operational systems, and more are kept in data centers. Years of striving for operational efficiency have resulted in the introduction of “lights-out” data centers, which are wholly automated facilities maintained remotely and run without human intervention.
However, these systems are not usually configured correctly. Thus, while the servers themselves may be sufficiently protected from physical access, the systems that assure physical security and maximum performance are not always.
Over 20,000 instances of publicly accessible DCIM systems were discovered by Cyble investigators, including temperature and cooling management dashboards, UPS controllers, humidity controllers, transfer switches, and rack monitors. Analysts were also able to obtain passwords from dashboards, which they used for accessing actual database instances hosted on the data center.
Cyble discovered programs that enable full remote access to data center assets, status reports, and the ability to adjust different system parameters. Most applications employed default passwords or were substantially outdated, making it easy for threat actors to breach them or bypass security levels. Exposing DCIM systems without sufficient protection can result in physical damage, data loss, system destruction, and a substantial financial effect on the targeted businesses and their clientele.
In addition to vulnerable DCIM instances, ISC Handler and security researcher Jan Kopriva discovered more than 20,000 servers with exposed ILO management interfaces.
HPE Integrated Lights-Out (iLO) management interfaces are used to give remote low-level access to servers. They allow administrators to power on, reboot, power off, and control servers as if they were physically there. However, if not properly secured, threat actors will now have total access to servers at a pre-boot level, allowing them to manipulate the operating system or even hardware settings.
To protect ILO interfaces against remote exploitation of vulnerabilities and password brute force attacks, they must be adequately secured and not exposed directly to the Internet, just as DCIM interfaces.
