Why do hackers love to target backups?

Spread the love

Cybersecurity is experiencing a fierce conflict between hackers and security experts as a result of the exponential growth in technology. On the other hand, tech-savvy criminals are upskilling themselves and breaking into networks that aren’t properly secured and accessing private information and data. New risks emerge every day and current threats continue to advance at a rate that has never been witnessed before.

This year, India has become one of the most frequently targeted countries for ransomware attacks. According to a CloudSEK XVigil report, the number of attacks directed at India’s government sector increased by almost 95% in the second half of 2022. A reliable data backup and recovery strategy is a must, to be adapted to drive business needs and is the need of the hour for organisations.

Backups are copies of a company’s valuable digital assets and are the final line of defence against ransomware. Implementing secure backup policies is crucial to aiding disaster recovery procedures when unfavourable events threaten to interfere with operations. It demands a robust understanding of the various data types that must be safeguarded as well as the importance of the data crucial to an organisation. Companies need to keep a close eye on who has access to the backup system and what level of privilege they maintain.

Encryption and exfiltration are the two kinds of ransomware attacks that pose a threat to backup and recovery systems, and most on-premises backup servers are vulnerable to both. An important role backup servers play is providing the means to recover from a ransomware attack without paying the ransom. Ransomware groups attempt to encrypt the backups as well because they contain the information required to reconstruct the machines that have been compromised by the ransomware. The saddest line in any ransomware story is, “and the backups were also encrypted.” They are your last line of defence, and you must hold the line.

That’s the traditional ransomware attack, but data exfiltration is increasingly serving as the main driving force behind ransomware attacks on backup servers. Threat actors may intimidate a business with extortion by saying things like, “Pay up or your company’s most crucial secrets will become public knowledge,” if they can exfiltrate and decrypt the company’s secrets via the backup server. The organisations are left with no choice but to pay the ransom and cross their fingers that the attackers keep their word after granting access to a web page where you can view the data they possess.

According to CISA, unauthenticated users can often access internal API functions, which may result in the upload and execution of malicious code. Companies should be concerned about remote server access as long as the data protection and ransomware recovery strategy rely on conventional hardware and software-based methods (the 2 most popular attack vectors).

Here are a few of the security best practices that a data resiliency platform should incorporate into its system:

  1. Utilise infrastructure built on the cloud to use public cloud security standards
    A SaaS provider should incorporate the security of the underlying infrastructure by providing features like immutability, air gapping, and other capabilities beyond native data protection.
  2. Implement backup platform observability and alerting
    Systems should use observability tools to increase platform security, stop events like bulk deletions or configuration changes, or encryption from ransomware in progress, and accelerate response and forensics tasks with pertinent log and data change records.
  3. Backup data should be encrypted wherever it is kept
    For instance, to encrypt data at rest a business can use AES 256-bit encryption and data in flight using TLS.
  4. Make use of deduplication as part of a multi-layered security strategy
    Organisations should use block-level deduplication and separate the storage of data and metadata. The data’s structure should be concealed in this way, making it impossible for hackers to reconstruct it.
  5. Use role-based access controls
    A least-privilege strategy should be used to ensure that each user only has the access necessary to carry out their job

To summarise, hackers are constantly on guard, and these threat actors are evolving their attacks making themselves more potent over time. Attackers even understand that victims are likely to implement recovery systems and backups and recognise that these kinds of tactics are their best shot at a win.

It is a must that organisations implement the best practices that keep valuable data safe. Data resiliency is the best solution for businesses to safeguard themselves.

(This article is written by Curtis Preston, Chief Technical Evangelist, Druva. The views expressed in this article are of the author.)

Leave a Reply

Your email address will not be published. Required fields are marked *