Types Of Software-Based Attacks That Can Physically Harm a Web Servers

Software-based attacks could put web hosting companies out business by causing damages to operating systems and important software platform, such as web servers and database. Unfortunately, unlike Stuxnet and other popular malware, software-based attack can be launched more easily. This is the stark warning of some security experts in the industry; some software attacks, such as PDoS (Permanent Denial of Services) can stop physical web servers from ever working again.

Certain PDoS attacks are actually quite easy to implement, in the same way you can brick a smartphone by flashing it with intentionally modified or corrupted firmware. Many web servers, routers and other network devices are vulnerable to modified firmware that can render them unusable through illegal flashing attempt. As a respond to this threat, some devices begin to require digitally-signed firmware update. “Phlashing” is a term for an attempt to make a device unusable by flashing it with a bad firmware.

Web servers, for example, can be “phlashed” effectively by injecting garbage BIOS or malicious microcode. Although it’s possible to reflash affected servers with healthy BIOS, the consequences of the attack can be devastating for a web host, such as the lost of loyal customers. Other server components, such as disk drives, graphics cards and NICs can be permanently disabled by phlashing, if hackers manage to bypass the operating system.

We are used to the idea of hackers using software-based attacks to damage other software, but many people forget that hardware is controlled by software. It means, by altering the way software works, hardware can eventually be damaged over time or even fail instantly. These are possible ways to physically cripple web servers with software-based attacks:

  • Overclocking: It is a popular way to release hidden performance from a computer component. Overclocking allows us to get a performance boost, but better cooling systems are often needed due to higher heat generation. Overclocking through BIOS attack or phlashing can permanently damage server’s processor when the cooling solution used can’t deal with the extra heat. Even if a new processor can be replaced quickly, it will fail again if web host administrator doesn’t restore the original chipset BIOS
  • Overvolting: It is a nasty cousin to overclocking. Gamers often need to overvolt their computers to amplify data stream that goes through computer components. Improper overvolting can zap and destroy a computer component instantly. A small increase in voltage can cause a component to heat up slightly and over time causing damages to pins and electronic circuits. Just like overclocking attack, overvolting can be caused by modified BIOS and web host administrators need to have backups of healthy BIOS for each server.
  • Mechanical overload: When used excessively, mechanical parts can overheat, wear out and eventually break. Hard drives and optical drives are two mechanical components often found on computers, although most web servers don’t have optical drive installed. Excessive read/write and head parking can quickly disable a hard drive. A software attack can cause hard drives in server to be trapped in an infinite read/write loop. The first symptom of this attack is a significantly degraded performance as the drive is badly overloaded, eventually excess heat can damage it. Hard drives can also be worn down if they spin and stop alternately in an infinite loop, they will begin to make strange noises and wear out rapidly.
  • Electronic overload: Unfortunately, just because SSDs don’t have moving parts, it doesn’t mean they can’t be attacked. Solid-state storage can be crippled when data is written continuously to it. This attack will cause degraded performance and eventually physical failure happens due to data corruption. A damaged solid-state storage can’t be repaired and must be replaced.

Some web hosting companies have been threatened by software-based attacks and forced into handing hackers a large sum of money. Some hacktivist groups also regularly use software-based attack to target specific organizations. Often there are few companies can do to defend themselves against software-based attacks beyond restoring the BIOS to its original form. It could be a matter of time before more hackers aim to damage servers physically by using software-based attacks.

About: This Article was Contributed by Raja. Read More on Reseller Hosting Reviews

Tags: , , , , ,

Comments are closed.