Datacentre operators in Asia have become the latest targets of cyber attacks as threat actors seek to capitalise on a crucial part of the enterprise supply chain.
As early as September 2021, Resecurity, a cyber security firm specialising in threat intelligence and endpoint detection, notified several datacentre operators about malicious cyber activity targeting them and their customers.
More recently, datacentre related credentials were published in underground forums, some of which were used by some of the world’s largest companies to log on to customer support websites of datacentre operators in the region.
While the networks of administrative systems related to business functions like customer support tend to be separated from those that host customer systems, the stolen credentials could well be used to compromise datacentre operations, warned David Rajoo, Palo Alto Network’s head of systems engineering in Southeast Asia for its Cortex security platform.
“Threat actors could potentially gain access to the operational aspects or infrastructure of the datacentre itself, but maybe not customer data. But I think it’s a matter of time before they figure out that the systems are interconnected or intertwined,” he told Computer Weekly.
Against this backdrop, Rajoo called for datacentre operators to secure customer identities, starting with implementing multifactor authentication which is being deployed by more organisations today. “Any system that they deploy into their infrastructure, whether it’s for allowing remote access, server administration or for their customers, will need strong authentication,” he said.
Beyond authentication, Rajoo said many breaches happen due to the lack of network segmentation, noting that some organisations still operate with the mindset that segmentation is not necessary as long as they can identify servers on a network.
“The use of segmentation to isolate assets, including services, networks and even applications, is key, because once you’re able to segment them, you can apply more granular controls to secure them,” he added.
Additionally, network segmentation could help to stop threat actors from making lateral movements across a network in what constitutes east-west traffic, denying access to systems on another network segment even if the perpetrators have managed to compromise customer identities.
That’s where applying zero-trust principles can help to verify users, including contractors, suppliers and partners that datacentre operators frequently work with, on a network and providing them with access to only the applications they need to do their jobs, Rajoo said.
Rajoo acknowledged the confusion around zero trust in the market, adding that Palo Alto Networks has taken a more comprehensive approach that is aligned with the original zero-trust model conceived by Forrester, a technology research firm.
“Zero trust is not about any technology product and we are not saying that you should overhaul entire systems. It’s really a mindset that organisations need to have when they’re deploying new initiatives like remote work and cloud which are good starting points to apply zero-trust principles,” he said.
While zero trust is now top of mind for most organisations as a strategy to reduce risk, a Gartner study found that just one in 10 large enterprises globally are expected to have mature implementations of zero trust by 2026.
For organisations to complete the scope of their zero-trust implementations, Gartner said it is critical that chief information security officers and risk management leaders develop an effective zero-trust strategy that balances the need for security with the need to run the business.