FEATURE
Subtle attackers may attempt to stay low-
and-slow by patiently exfiltrating data at
rates that are less likely to be noticed or
arouse suspicion. Efforts can also be made
to obscure data exfiltration in hidden
tunnels within normally allowed traffic,
such as HTTP, HTTPS or DNS traffic.
Blending physical and
virtual context
Data centres are unique to their own
organisations and vary based on
applications and how users interact with
them. The most common type of data
centre today is the private enterprise data
centre. Attacks against these data centres
are typically extensions of attacks against
the larger enterprise.
For example, attackers may have initially
compromised an employee laptop via
a phishing email or social engineering.
Next, attackers typically look to establish
persistence within the network by
spreading from the initial victim to other
hosts or devices. To control the ongoing
attack, attackers will plant backdoors
or hidden tunnels to communicate back
and forth from inside the network. Over
time, attackers will map out the internal
network, identify valuable resources and
compromise devices and user credentials
along the way.
The most coveted stolen asset for an
attacker is administrator credentials
because they ensure near autonomy
inside the victim’s network. Administrator
credentials are particularly essential for
data centre attacks, since administrators
REAL-WORLD
ATTACKERS ARE
INCREASINGLY
SUBVERTING
THE PHYSICAL
INFRASTRUCTURE
THAT THE
DATA CENTRE
DEPENDS ON.
38
Issue 14
are often the only individuals who can
access data en masse.
The key point is that an attack is typically
at a mature stage by the time it reaches a
private data centre. The hidden command-
and-control traffic, the reconnaissance,
the lateral movement and the compromise
of user and admin credentials are all
prerequisites that lead up to the intrusion
into the data centre.
Conclusion
While most data centre security has
focused on protecting the virtualised
layers of the data centre and micro-
segmentation, real-world attackers are
increasingly subverting the physical
infrastructure that the data centre
depends on.
The use of advanced attacker detection
models that expose hidden attacks
against application, data and virtualisation
layers in the data centre, as well as
the underlying physical infrastructure,
will enable security teams to address
critical vulnerabilities at every layer of
the virtualised data centre, even when
attackers use legitimate services and
protocols for their illegitimate actions. ◊
www.intelligentdatacentres.com