Security News > 2022 > January > Over 20,000 data center management systems exposed to hackers
Researchers have found over 20,000 instances of publicly exposed data center infrastructure management software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks.
Data centers house costly systems that support business storage solutions, operational systems, website hosting, data processing, and more.
Investigators at Cyble have found over 20,000 instances of publicly exposed DCIM systems, including thermal and cooling management dashboards, humidity controllers, UPS controllers, rack monitors, and transfer switches.
The applications found by Cyble give full remote access to data center assets, provide status reports, and offer users the capacity to configure various system parameters.
Even if no physical harm is done, adversaries can use their access to DCIM systems to exfiltrate data or lock the real admins out and eventually extort the data center owner.
In addition to exposed DCIM instances, security researcher and ISC Handler Jan Kopriva found over 20,000 servers with exposed ILO management interfaces.