Cyber Attack On Data Center Cooling Systems Leads To Disruption

Critical operational elements such as data storage, processing, backups, and recovery heavily rely on Australian industrial organizations’ data centers.

These facilities support various business functions, including productivity tools, transaction-intensive applications, big-data processing systems, and artificial intelligence (AI).

The importance of data centers is manifest in the fact that the SOCI Act 2018 identifies them as critical infrastructure sectors for data storage and processing.

Cybersecurity analysts at Dragos recently affirmed that although cloud adoption provides numerous advantages in terms of efficiency, redundancy, and operating costs to many industrial outfits in Australia, it equally has some risks.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The core operational risks relate to interruptions in data center cooling systems.

Cyber Attack On Data Center Cooling Systems

To achieve this, data centers use building automation and management systems (BAS/BMS) that control important aspects like temperature. 

For instance, such places may use sophisticated cooling techniques, including air conditioning systems, chilled water, and liquid cooling, to maintain the desired operating temperatures for network, storage, and computational infrastructure. 

However, if cooling systems fail with no backup in less than a minute, there is a likelihood of overheating or shutting down.

There are recent cases of data center operational problems that have resulted from cooling system failures. 

It was on 30th August 2023 when chiller shutdowns emerged in several Microsoft data centers, resulting in infrastructure shutdowns and service outages for customers such as Bank of Queensland and Jetstar, which lasted for up to four days.

At the same time, on the 14th of October, 2023, DBS and Citibank had their banking services disrupted by a cooling problem experienced at a Singapore Equinix facility, which led to millions of unsuccessful transactions and digital link attempts during the period until the next day.

Data center cooling failures can be extremely damaging, as demonstrated by these incidents.

In this age of information technology, cooling systems are critical for data center operations. Failure could result in equipment shutdowns and affect the industrial clients that depend on cloud services. 

Recent indications show some hackers have become interested in building management systems that can direct their attention to infrastructure parts like coolers. 

The CHERNOVITE malware can theoretically alter protocols widely used within data centers.

When cooling systems fail and overheat by infrastructures, it causes reputational harm, service denial or unavailability, operational impact, and even loss of situational awareness among industrial organizations that rely on data centers.

Recommendations

Here below we have mentioned all the recommendations:-

• Identify business-critical applications/services relying on data centers and the cloud.
• Include data center outage scenarios in disaster and incident response plans.
• Engage cloud providers on risks of failover and cooling system failures
• Ensure providers have backup and redundancy plans for such incidents.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide