Data centers are the lifeblood of the enterprise, allowing for scale never before imagined and access to critical information and applications.

Businesses are increasingly migrating to the cloud, making the role of the data center more and more valuable. In 2017 alone, companies and funds invested more than $18 billion in data centers, both a record and nearly double that of 2016. But as much growth as this unparalleled level of computing has given SMBs to the enterprise, a level of risk remains — and data center operators often aren’t looking in the right places when identifying security threats.

As these data centers evolve, so too do the tools and techniques used by hackers – both novice and pro. Securing the physical spaces that house these critical facilities is becoming more important by the day, and operators are doing themselves a disservice by solely focusing on IT as the only line of defense against attacks. Often, the physical operation of the building is the wide-open door for a hacker to exploit, and if done correctly, can cause as much devastation as an attack on software.

Even if data center operators think their security operation is lock-tight, there still are several important considerations to ensure a holistic plan is in place. The bottom line? If these important measures haven’t been incorporated as part of a data center’s security plan and ongoing upgrades, there is risk to the entire operation.

Your physical operation is more connected

Smoke detection, CCTV, power management systems and your cooling control are all becoming increasingly more connected. The Internet of Things (IoT) has allowed building management systems to become far more advanced than ever imagined when managing the more industrial side of your operation. But as these once-mechanical and manual systems start talking, there also are far more opportunities for malicious damage.

If they aren’t already, IT and building operations must be in constant contact, updating one another about the most recent changes to either one’s systems. Without this important dialogue, processes and standards change in a vacuum and can leave back doors open for hackers.

Threats are evolving

Your security plan should too. Many times, operators are solely worried about the data inside the servers, and don’t consider external threats. Gaining access to secure and encrypted servers takes an extremely experienced and skilled hacker. However, infrastructure like HVAC or fire control sprinkler systems are far less complicated to access for a less seasoned cyber-criminal.

While a DDoS attack or breach can be dangerous, a cooling operation taken offline or activated fire sprinklers can be downright devastating. Hackers consider this low-hanging fruit, and are almost always looking to do the most damage. Consider updating your security plan with a roadmap of every physical system in place, and sit down with building operations to address potential new areas of weakness.

Consider outside advice to ensure security

No single person can be expected to be an expert on the security of all physical assets. Consulting with a third-party that understands how facilities and IT should be working together within a data center can an extremely valuable investment.

Consider this: Gartner has estimated that a single minute of network downtime costs $5,600 on average. That’s certainly not a huge sum if the interruption is only 10 minutes due to a DDoS attack, but consider the damage if servers catch fire because of a cooling system shutdown. If a data center spends weeks cleaning up physical damage to a poorly secured physical operation, the results could be devastating.

To provide true security, data center operators have to stop assuming hackers can only do damage in the zeros and ones. In reality, as systems become more advanced, true security at data centers is reliant on a close relationship between IT and facilities, making sure they frequently and accurately communicate about changes, upgrades and observations at their operations. Not doing so risks a lot more than a little downtime.

from Help Net Security https://ift.tt/2wpnTrR

Trend Micro released its Midyear Security Roundup 2018, revealing that cybercriminals are moving away from attention-grabbing ransomware attacks to more covert methods intended to steal money and valuable computing resources.

Half-year comparison of cryptocurrency mining detections

Cryptojacking attempts are making the biggest impact so far this year. Trend Micro recorded a 96 percent increase in cryptocurrency mining detections in 1H 2018 compared to all of 2017, and a 956 percent increase in detections versus 1H 2017. This indicates cybercriminals are shifting away from the quick payout of ransomware in favor of the slower, behind-the-scenes approach of stealing computing power to mine digital currency.

“The recent change in the threat landscape mirrors what we’ve seen for years – cybercriminals will constantly shift their tools, tactics and procedures (TTPs) to improve their infection rates,” said Jon Clay, director of global threat communications for Trend Micro. “Standard spray and pray ransomware attacks and data breaches had become the norm, so attackers changed their tactics to be more covert, using entry vectors not previously seen or used extensively. This means once again, business leaders must evaluate their defenses to ensure sufficient protection is in place to stop the latest and most pressing threats.”

Another shift in the first half of the year is toward unusual malware types, such as fileless, macro and small file malware. Researchers recorded a 250 percent increase in detections of one particular small file malware, TinyPOS, compared to 2H 2017, which may be due to the increased ability of these malware types to circumvent defenses that employ only one type of security protection.

Half-year comparison of disclosed SCADA vulnerabilities

Additionally, the Trend Micro Zero Day Initiative (ZDI) published more than 600 advisories in the first six months of 2018. Based on this increase in advisories, the ZDI is able to predict what types of vulnerabilities will likely be used next in real-world attacks.

Among the advisories this year, the ZDI purchased and disclosed twice as many SCADA vulnerabilities compared to the same time last year. IT security managers running these environments must stay alert to this growing threat, especially as actors begin to perform destructive attacks rather than mere reconnaissance and testing.

from Help Net Security https://ift.tt/2wpWHZX