How is this possible? All of our servers are well protected and accept management requests only from addresses known to us, and the authentication by username and password is generally prohibited, which makes it impossible to log on using brute force or a directory attack. However, this attack turned out to be successful. The reason is that the hackers were not trying to get access to our system, they got access to the hardware. They used vulnerabilities in the Supermicro software, a US manufacturer of server motherboards. It is a very large and well known manufacturer of server hardware with a good reputation. For the sake of convenience of remote server administration, the manufacturer has a hardware and software complex called “Supermicro IPMI”, which allows you to remotely connect to the I / O system of the motherboard and thus directly control the hardware. Naturally, it provides protection against unauthorized access. However, several critical vulnerabilities have been discovered in recent years. Access to this utility on all our servers is also restricted to addresses known to us. However, on one single server, due to uncoordinated actions of the technical support of the data center, no such restrictions were set. Due to this set of circumstances (lack of access restrictions and presence of vulnerabilities) intruders were able to get access to our equipment.
What were the consequences? As a result of malefactors’ actions all the information on one of the servers was destroyed. But it didn’t affect our clients in any way. The load of serving our customers was taken by neighboring nodes. No customer data was stolen (it was never there), no customer statistics or settings were lost, since they were copied on all other nodes. After a few days the situation was completely normalized: we examined the problem, restored the functionality of the node and ensured its further security.
But why were we attacked? Most likely, because we have some data to steal. Just like any other company, large or small, IT-related or not at all. Bear this in mind when you underestimate a hacker’s interest in your data.
In any case, the hackers did not manage to do any damage to our clients and no tangible damage to ourselves. However, it certainly added to our experience. Usually, everyone keeps a close eye on vulnerabilities in the OS, software code, libraries used, and so on. Rarely does anyone think about the fact that it is important to keep an eye on updating the motherboard firmware (BIOS) or its individual components (IPMI) for security in general. Especially since technically it is quite a complicated process. Hopefully, our story has reminded you to do both.
To prevent yourself & your company from similar cases, trust SafeDNS to provide you with DNS Security.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.