'Hack-free' data center physical infrastructure attack could feed on rack power over-provisioning
New academic paper explains how a malicious customer could wreak havoc in the data center by simply maximizing power consumption of the racks they have paid for.
Max Smolaks at DatacenterDynamics has filed a report on how US-based researchers have described a type of cyber-attack that could bring down data center physical infrastructure without the knowledge of undisclosed vulnerabilities or the need for clever software tools.
According to the report, "A team from College of William and Mary in Virginia, together with colleagues from Ohio State University, has published a paper which explains how a malicious customer could wreak havoc in the data center by simply maximizing power consumption of the racks they have paid for. Since cloud-scale data centers frequently overprovision their power, very high consumption could trip the circuit breakers and take the whole facility offline. Researchers have called this method the ‘power attack’ and successfully carried it out against virtual models of real-world data centers, including one of Google’s facilities in North Carolina."
Several experts reportedly confirmed to DatacenterDynamics that such attacks are indeed possible -- "but only in cases where there’s no policy-based power capping in place."
Full story:Academics describe new 'power attack' on data centers (datacenterdynamics.com)