fbpx
Stefan Renner & Yaniv Valik

Backups Under Attack. 6 Things To Do About It

  • February 3, 2025
  • 6 min read

About Continuity™

StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.

Read more

Throughout 2024, there was a significant increase in well-publicized attacks on backups…

  • Akira Ransomware has become one of the most successful gangs in wiping Backup and NAS devices. In fact, 6 out of the 7 ransomware attacks in Finland in December contained the Akira malware
  • In a ransomware attack on National Health Laboratory Service (NHLS), hackers deleted their backup servers
  • The FBI and Cybersecurity and Infrastructure Security Agency (CISA) released a joint CSA about Phobos Ransomware, which hunts for backups after the exfiltration phase
  • Johnson Controls disclosed a massive ransomware attack. The ransom note sent by Dark Angels, the ransomware group, included the following details: “Files are encrypted. Backups are deleted”. While this wasn’t the first-time ransomware groups had successfully breached backup environments, it is one of the most publicized attacks.

You can read more about these attacks at: https://www.continuitysoftware.com/resources/?resources_category=headlines

So, how should you deal with this problem? Here are 6 solutions to secure your mission-critical systems.

Backup immutability ensures your data cannot be altered or tampered with. Once backed up, it is stored in that same format and can’t be changed. It can be implemented on tape, disk, SSDs, or in the cloud as a defense against ransomware.

Implementing immutability can vary based on the technology that you want to leverage. This can range from on-premises solutions, cloud options and multi-layered immutability with encryption that depends on your technology vendor. This is where Veeam can help, since we have over 30 different immutable storage partners that can provide flexibility to our customers[SR1] [DY2] . This breakdown is as simple as following the 3-2-1-1-0 rule and highlighting the areas where you can add a layer of immutability and encryption to have an ultra-resilient data copy.

Replication is about sharing data between redundant resources, such as software or hardware components or between servers or data centers to provide fault tolerance and business continuity. If one server goes down, the other holds the same data, for example.

Snapshots are typically used in replication to provide near-instantaneous data protection. Point-in-time copies are replicated to other systems. If data is lost, they can be used to rapidly restore it. Backups, too, can be transmitted to an offsite location using replication.

Veeam provides built-in replication to help you reliably replicate backup data and VM replicas from any storage to any storage.

Veeam regularly takes snapshots of your data and securely stores them in an isolated environment. In the event of a ransomware attack, you can quickly restore your systems and data, minimizing downtime and financial loss. 

Network segmentation is a tactic that can greatly reduce the impact of a ransomware attack. By separating the network into smaller, distinct areas, the spread of malware is minimized if one area is compromised.

To secure the communication channel for backup traffic, you should create network segmentation policies to define network boundaries, control traffic between subnets and limit access to security-sensitive backup infrastructure components. Also, ensure that only ports used by backup infrastructure components are opened.

Data vaulting is a good way to avoid the possibility of ransomware infecting backup files. Cybercriminals increasingly target backup environments with ransomware as a way to guarantee the success of their extortion attempts. Vaulting addresses this via air gapping i.e., a copy of the backup is kept offline, separated from other systems. This is best achieved via tape backups that are retained offline. As there is no physical connection to the internet, ransomware has no chance of infecting it.

Data security is about protecting valuable data. There are different procedures, standards, and technologies to choose from. These include encryption (in transit and at rest), file scanning, malware detection and prevention, network security such as firewalls, intrusion detection, data privilege, access management, and more. Their goal is to ensure that only authorized parties can access and use the data and that its integrity is maintained at any given moment. 

Veeam’s built-in, AI-powered Malware Detection Engine performs low-impact scans during backup to detect suspicious activities and anomalies.

There are a great many patch management and vulnerability management tools out there. They continually scan networks, databases, applications, and operating systems (OSes) for security risks. However, they completely miss security misconfigurations and vulnerabilities in backups.

There are currently thousands of active CVEs out there that relate to backups. They can be used to exfiltrate files, initiate denial-of-service attacks, take ownership of systems, block devices, and delete data.

While Veeam includes built-in ransomware detection and prevention capabilities, it is up to the user to ensure these features are implemented and configured correctly. However, in breach after breach, such features were found to either be misconfigured or not implemented at all – leaving the organization exposed.

Veeam provides a comprehensive set of ransomware detection and prevention features to keep data secure. It may be configured correctly on day 1, however on day 2 systems often suffer from configuration drifts that generate non-compliance and vulnerabilities that can be exploited by cybercriminals.

How do you ensure that your Veeam and backup destination infrastructure, are configured according to security best practices, and are not vulnerable?

Misconfigured backups impact cybersecurity in other ways. Zoning and masking mistakes may leave LUNs accessible to unintended hosts. Replicated copies and snapshots may not be properly secured. Audit logging misconfigurations make it more difficult for the organization to detect brute force attacks and spot anomalous behavior patterns. They can also impede forensic investigation and curtail recovery efforts. And a surprising number of backup systems still operate with their original default administrative passwords. These factory settings can be easily exploited by unauthorized employees and malicious actors to inflict serious damage.

These are just a few of the many security challenges that are present within backups. There are many other areas to check.

On November 5th, Continuity announced its partnership with Veeam. Together, the two companies are dedicated to securing customers’ data protection environment to withstand ransomware and other attacks as part of an overall Data Resilience strategy.

The partnership is based on Continuity’s StorageGuard, which provides automatic security hardening for Veeam environments, to improve customers’ security posture, comply with industry and security standards, and meet IT audit requirements.

Continuity’s StorageGuard was designed to comprehensively scan all backup, data storage, storage management, and storage networking, to look for security misconfigurations and vulnerabilities. It provides complete visibility into backup and storage security blind-spots, automatically prioritizing the most urgent risks, and providing remediation commands & guidance.

  • Ensure your Veeam and backup storage systems are continuously hardened to withstand cyberattacks
  • Validate whether they adhere to security & industry best practices
  • Easily remediate security misconfigurations and vulnerabilities
  • Prove audit compliance with ISO, NIST, PCI, CIS Controls, etc.
  • Ensure they adhere to ransomware protection best practices

Download The Dummies Guide to Backup Ransomware Resiliency

In this Dummies Guide, discover the new threat tactics, and get a list of practical tips and solutions to secure your backups, protect your data, and ensure recoverability.

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

On March 11, join Dell-Continuity Webinar: Securing Storage & Backup; the Forgotten Threat Vector

Register
We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree