Here are the most common types of attack that bring down data centers.
The most common type of attack that can take down a data center is distributed denial of service, or DDoS.
In fact, according to the most recent Verizon Data Breach Investigations report, DDoS attacks were the second most common attack vector in last year’s security incidents, following privilege misuse. And, according to a report released in April by Neustar, the number of DDoS attacks 100 Gbps in size and larger increased by nearly 1,000 percent from the first quarter of 2018 to the first quarter of this year.
According to Adam Kujawa, director of Malwarebytes Labs at Malwarebytes Corp., a DDoS attack is a direct and immediate threat to data center uptime.
Plus, the proliferation of poorly secured connected devices such as routers and cameras creates a lot of opportunities for criminals to build botnets with which to launch these attacks.
“But technology has evolved so we have a better chance of protecting ourselves,” he added.
As the latest Verizon report showed, ransomware continues to be a major threat.
Unlike DDoS attacks, which are over when they’re over, the effects of ransomware can continue after the initial attack is stopped, said Dan Tuchler, CMO at SecurityFirst.
“If the data is corrupted or in an unknown state, it can take significant time to restore the data from backup,” he said. As a result, data centers might not be able to function for hours or even days after an attack.
It can take several days to do the forensics necessary to find out if the attackers were able to compromise any databases. “Services may be offline during that time,” he said, “at least until the method of exfiltration is understood and remediation is in place.”
These costs add up. In fact, according to Cybersecurity Ventures, the total global damages from ransomware are predicted to hit $11.5 billion in 2019, up from $8 billion last year.
External Access Services
When protecting against downtime, data center managers can often overlook some external services their computing sites depend on, such as cloud access security brokers or external DNS servers.
“Attackers target those dependent services to cause widespread harm,” said Darien Kindlund, VP of technology at Insight Engines. “In many cases, firms that protect data centers may overlook these external dependencies when threat-modeling, as they may not even be aware that such dependencies exist during architecture reviews.”
One of the biggest examples of this kind of attack was the 2016 cyberattack against DNS provider Dyn, which took down services around Europe and North America. Services affected included the Boston Globe, CNN, Comcast, GitHub, HBO, PayPal, and many others.
Attacks against individual web or server applications require a lot less bandwidth but can still effectively shut down services, said Alex Heid, chief research officer at SecurityScorecard.
For example, if a data center or hosting provider has a control panel application for its customers or users, an attack against that application that causes it to crash would impact availability.
Similarly, protocols can also be overwhelmed by a single, focused attack, he said. “Examples of these attacks include Dropbear SSH DoS and the Slowloris Apache HTTP attack.”
In fact, attackers are increasingly using lower-volume, more targeted attacks to take down their victims, according to the Neustar report.
These kinds of attacks will also morph over the course of an attack to make them harder to defend against. According to the company, in the first quarter of 2019, more than 77 percent of denial of service attacks used two or more vectors.