Top threats to digital infrastructure environments
Advanced persistent threat (APT) groups
Digital infrastructures are in the crosshairs of threat actors, whether state-backed and motivated by geopolitical aims or crooks motivated by fortune. Attacks carried out by state-backed or nation-state adversaries are called advanced persistent threats (APTs). APT campaigns are significantly about intelligence gathering and cyber-espionage.
As the name suggests, once an APT group has a target in its sights, it will single-mindedly pursue access to the network. They’re in it for the long con, spending years understanding an organization’s structure while harnessing their nation’s resources to gain a foothold. Their techniques may vary—from highly targeted phishing campaigns and public-facing application exploits to strategic web compromises and taking advantage of weaknesses in the software supply chain—so long as an attack is successful. A recurring theme among these adversaries is targeting an organization’s applications and infrastructures as jumping-off points to downstream targets: the organization’s customers. Once the perimeter has been breached, they’ll maintain persistence and lateral movement through networks.
As a critical infrastructure industry, it’s important to have timely and actionable threat intelligence that will inform how adversaries are looking to impact operations. This includes conducting proactive threat hunting, penetration testing and awareness communications to keep up with the landscape that is in a constant state of flux.
Distributed denial-of-service (DDoS) attacks
Distributed denial-of-service (DDoS) attacks have become an increasing threat to the internet and interconnected networks. These flood a network or server with overwhelming traffic, sometimes lasting longer than an hour. A traffic overload can take down communications and infrastructure, rendering users unable to connect or access desired services or applications. Losses due to attack recovery and outages can be costly. Cybercriminals have also begun using DDoS attacks to demand ransom payments to stop them.
Basic cyber hygiene like changing default credentials and timely patching can help prevent DDoS botnets from propagating. Having distributed servers also makes it harder for threat actors to attack multiple servers at the same time. The load from volumetric DDoS attacks can be shared by unaffected servers in the meantime, avoiding network bottlenecks or single points of failure.
A threat as profitable as ransomware isn’t going away in the foreseeable future, barring concerted international efforts to shut down cybercrime businesses. In the past, ransomware actors favored “spray and pray” methods—sending mass emails with links that contain malware in the hope of recipients clicking. Now they’re about highly targeted attacks against “bigger catches” that have a greater quantity of valuable information. A 2022 advisory released by the Cybersecurity & Infrastructure Security Agency (CISA) noted an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations across the world.
Ransomware has advanced from merely encrypting data to exfiltrating it as well and threatening to leak it. In some cases, threat actors scan critical systems in networks and carry out a DDoS attack that would affect operations, while others reach out to customers to put further pressure on paying the ransom.
It has become profitable enough to encourage financially motivated threat groups to turn to launching ransomware attacks. Cybercrime organized groups operate with a high degree of technical and business acumen. Think of ransomware as a proper business (no matter how criminal it is). Cybercriminals who are, for instance, skilled at initially infiltrating networks and remaining undetected could sell that access to other threat actors.
Cryptojacking happens when a hacker illicitly mines for cryptocurrency on computers, internet of things (IoT) devices and network infrastructures, usually in the anonymous cryptocurrency Monero that makes mining viable with a standard CPU. It arrives just like your average cyberthreat: either by a user clicking on a phishing email or visiting a website with an embedded malicious code. Since it doesn’t cause direct harm, it’s tricky to detect and may go undetected for months without anyone noticing or setting off alerts.
Cryptominers may not be as damaging as other malware—save for the degradation of a device’s performance—but they can alert criminals to an unsecure network if undetected. The best defense against it is awareness. If something is changing unexpectedly, be it that computers are suddenly acting up or getting slower, make sure that employees report unusual activities. If a miner stays undetected, criminals could then plant other malware on the network or larger-scale environments like servers.
Border gateway protocol (BGP) hijacking
If there’s an attack that thrives on exploiting the interconnected nature of the internet, look no further than border gateway protocol (BGP) hijacking. Malicious actors can interrupt an existing data transfer and redirect it to a system they control. They could capture potentially vast amounts of sensitive info and surreptitiously analyze or modify it before forwarding it to the intended destination, without ringing any alarms on what had occurred.
BGP hijacking can be difficult to defend against due to exploiting the inherent design of the internet, but organizations can benefit from active monitoring of how traffic is routed.
How Equinix is securing systems and customers
By 2023, 55% of organizations will allot half of their security budgets to cross-technology platforms designed for unified security capabilities to drive agile innovation. Take the time to vet your service providers. How are they doing their security? Will a potential interruption to their service have a severe impact on your assets?
We expect to see the same threats in the industry for years to come—more of them, delivered faster and in different ways. Preventing attacks requires a multipronged approach. The best-case scenario is identifying and stopping threat actors at the initial access stage. This means bolstering email security to prevent phishing from even reaching users’ inboxes, reinforcing endpoint security to detect malware, proactively hunting for signs of malicious activity, and reviewing threat actor tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) against your system. Such safeguards make it harder for threat actors to be successful in their attempts.
Equinix adheres to industry standards and best practices, including patching systems, strict access controls, enabling multifactor authentication, and having successful incident response capability and backup systems. All these work in conjunction with cyberthreat intelligence and analysis being shared with customers, peers and third parties to foster security collaboration, enhance security and thwart attacks.
Equinix data center networks are built to be resilient and redundant against various threats and hazards. Services continue to be operational even in the event of a disruption or security incident. As part of our Business Continuity Program (BCP), we can direct traffic over alternate routes and take network elements “out of service” if needed. All tools and platforms used in Platform Equinix® are designed and embedded with industry-leading security.
Learn more about how technology trends are changing the future of digital infrastructures and how these are creating business advantages by heading over to the Platform Equinix Vision Paper.
Be on the lookout for our next blog in this security series. We’ll explore more cyber and more security.
We’d like to extend our special thanks to the Equinix Threat Analysis Center (ETAC) for its findings and insights on the data center threat landscape.