Doron Youngerwood

Backup Blog Bites #1: Is Your Immutable Backup Vulnerable to Time Spoofing Attacks?

  • February 13, 2024
  • 2 min read

About Continuity™

Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.

Read more

What this is about? 

This time-based attack happens when an attacker manipulates insufficiently-secure time sync configuration to trick the backup systems into thinking that “X” number of years have passed, and that the period for immutability has expired. This then allows them to delete, alter or encrypt the data. 

It’s not only immutable backups that are vulnerable, but also storage systems and operating systems relying on snapshots for quick data recovery. Time manipulation can force the systems to discard all “clean” point-in-time copies taken prior to an attack.

8 Urgent Things To Do 

  1. Ensure your Backup software and storage are configured with a trusted time source.  
  1. Validate the authenticity of the time source.  
  1. Restrict administrative access in general and specifically for time synchronization administration.  
  1. Employ a two-person rule (dual authorization) for sensitive changes.   
  1. Carefully monitor any configuration changes that can directly or indirectly impact time settings. 
  1. Upgrade and patch your Backup Software and Backup storage to prevent attackers from exploiting vulnerabilities. 
  1. Restrict consecutive attempts to change the system time. 
  1. Make sure you’re using at least NTPv4, and prefer NTPv5 where and when feasible. 

In less than 1 hour, assess the security of your backup environment: 

Check out Backup Blog Post #2 in the series: To AD Or Not To AD Your Backup System? That Is The Question.

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree