Cyber Attack On Data Center Cooling Systems Leads To Disruption

Critical operational elements such as data storage, processing, backups, and recovery heavily rely on Australian industrial organizations’ data centers.

These facilities support various business functions, including productivity tools, transaction-intensive applications, big-data processing systems, and artificial intelligence (AI).

The importance of data centers is manifest in the fact that the SOCI Act 2018 identifies them as critical infrastructure sectors for data storage and processing.

Cybersecurity analysts at Dragos recently affirmed that although cloud adoption provides numerous advantages in terms of efficiency, redundancy, and operating costs to many industrial outfits in Australia, it equally has some risks.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The core operational risks relate to interruptions in data center cooling systems.

Cyber Attack On Data Center Cooling Systems

To achieve this, data centers use building automation and management systems (BAS/BMS) that control important aspects like temperature. 

For instance, such places may use sophisticated cooling techniques, including air conditioning systems, chilled water, and liquid cooling, to maintain the desired operating temperatures for network, storage, and computational infrastructure. 

However, if cooling systems fail with no backup in less than a minute, there is a likelihood of overheating or shutting down.

There are recent cases of data center operational problems that have resulted from cooling system failures. 

It was on 30th August 2023 when chiller shutdowns emerged in several Microsoft data centers, resulting in infrastructure shutdowns and service outages for customers such as Bank of Queensland and Jetstar, which lasted for up to four days.

At the same time, on the 14th of October, 2023, DBS and Citibank had their banking services disrupted by a cooling problem experienced at a Singapore Equinix facility, which led to millions of unsuccessful transactions and digital link attempts during the period until the next day.

Data center cooling failures can be extremely damaging, as demonstrated by these incidents.

In this age of information technology, cooling systems are critical for data center operations. Failure could result in equipment shutdowns and affect the industrial clients that depend on cloud services. 

Recent indications show some hackers have become interested in building management systems that can direct their attention to infrastructure parts like coolers. 

The CHERNOVITE malware can theoretically alter protocols widely used within data centers.

When cooling systems fail and overheat by infrastructures, it causes reputational harm, service denial or unavailability, operational impact, and even loss of situational awareness among industrial organizations that rely on data centers.

Recommendations

Here below we have mentioned all the recommendations:-

  • Identify business-critical applications/services relying on data centers and the cloud.
  • Include data center outage scenarios in disaster and incident response plans.
  • Engage cloud providers on risks of failover and cooling system failures
  • Ensure providers have backup and redundancy plans for such incidents.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

1 hour ago

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

2 hours ago

CISA Details Red Team Assessment Including TTPs & Network Defense

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…

2 hours ago

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…

2 hours ago

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

2 hours ago

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

18 hours ago