Storage & Backups Under Attack. This Is What To Do About It

Over the past few months there has been a significant increase in publicized attacks on storage & backup systems, e.g.

• Akira Ransomware has become one of the most successful gangs in wiping NAS and Backup devices. In fact, 6 out of the 7 ransomware attacks in Finland in December contained the Akira malware
• Norton Healthcare disclosed a breach of their storage systems
• In November last year, Allen & Overy, one of the largest law firms, announced a ransomware attack, which impacted a number of their storage systems
• And before that, In September, Johnson Controls disclosed a massive ransomware attack. The ransom note sent by Dark Angels, the ransomware group, included the following details: “Files are encrypted. Backups are deleted”. While this wasn’t the first-time ransomware groups had successfully breached backup environments, it is one of the most publicized attacks.

You can read more about these attacks at: https://www.continuitysoftware.com/resources/?resources_category=headlines

So, how should Storage and Security teams deal with this problem? Here are 6 solutions to secure your mission-critical systems.

1. Immutability

Immutable storage ensures your data cannot be altered or tampered with. Once backed up, it is stored in that same format and can’t be changed. It can be implemented on tape, disk, SSDs, or in the cloud as a defense against ransomware. Some tools even incorporate machine learning features that can detect any signs of interference from ransomware.

2. Snapshots and Replication 

Replication is about sharing data between redundant resources, such as software or hardware components or between servers or data centers to provide fault tolerance and business continuity. If one server goes down, the other holds the same data, for example. Snapshots are typically used in replication to provide near-instantaneous data protection. Point-in-time copies are replicated to other systems. If data is lost, they can be used to rapidly restore it. Backups, too, can be transmitted to an offsite location using replication.

3. Network Segmentation

Network segmentation is a tactic that can greatly reduce the impact of a ransomware attack. By separating the network into smaller, distinct areas, the spread of malware is minimized if one area is compromised.

4. Data Vaulting and Air-Gapped Solutions

Data vaulting is a good way to avoid the possibility of ransomware infecting backup files. Cybercriminals increasingly target backup environments with ransomware as a way to guarantee the success of their extortion attempts. Vaulting addresses this via air gapping i.e., a copy of the backup is kept offline, separated from other systems. This is best achieved via tape backups that are retained offline. As there is no physical connection to the internet, ransomware has no chance of infecting it.

5. Data Security

Data security is about protecting valuable data. There are different procedures, standards, and technologies to choose from. These include encryption (in transit and at rest), file scanning, malware detection and prevention, network security such as firewalls, intrusion detection, data privilege, access management, and more. Their goal is to ensure that only authorized parties can access and use the data and that its integrity is maintained at any given moment. 

6. Security Posture Management for Storage and Backups

There are a great many patch management and vulnerability management tools out there. They continually scan networks, databases, applications, and operating systems (OSes) for security risks. However, they completely miss security misconfigurations and vulnerabilities in storage and backup systems.

There are currently thousands of active CVEs out there that relate to storage and backup systems. They can be used to exfiltrate files, initiate denial-of-service attacks, take ownership of systems, block devices, and delete data. Overall, about 20% of storage and backup systems are exposed and can be exploited by cyber criminals.

In fact, most storage and backup systems include ransomware detection and prevention capabilities. Some include the capability to lock retained copies, protect critical data from tampering and deletion, and air gap data. However, in breach after breach, such features were found to either be misconfigured or not implemented at all – leaving the organization exposed.

Misconfigured backup and storage systems impacts cybersecurity in other ways. Zoning and masking mistakes may leave LUNs accessible to unintended hosts. Replicated copies and snapshots may not be properly secured. Audit logging misconfigurations make it more difficult for the organization to detect brute force attacks and spot anomalous behavior patterns. They can also impede forensic investigation and curtail recovery efforts. And a surprising number of storage and backup systems still operate with their original default administrative passwords. These factory settings can be easily exploited by unauthorized employees and malicious actors to inflict serious damage.

These are just a few of the many security challenges that are present within enterprise infrastructure. There are many other areas to check. The bottom line is that storage and backup systems generally have a significantly weaker security posture than the compute and network infrastructure layers. It is a ticking time bomb ripe for exploitation by criminal gangs.

Continuity’s StorageGuard was designed to comprehensively scan all data storage, storage management, storage networking, and backup systems to look for security misconfigurations and vulnerabilities. It provides complete visibility into storage and backup security blind-spots, automatically prioritizing the most urgent risks, and providing remediation commands & guidance. As the industry’s only security posture management solution for storage and backup systems, it provides:

• Visibility. For the first time, detect all security misconfigurations and vulnerabilities in your storage & backup systems
• Prioritization. Act upon your most urgent security misconfigurations and vulnerabilities, where you’re most at risk 
• Protection. Ensure all your storage & backup systems can withstand ransomware and other attacks, to prevent data loss
• Compliance. Guarantee storage & backup systems are compliant with security regulations and standards 

StorageGuard also complements data security and anomaly detection tools. Files eventually are stored within storage and backup systems. If you break into a storage or backup device, you can still delete, alter or block all files stored within the device – even if those files are encrypted.

In less than 1 hour, assess the security of your storage & backup environment: https://www.continuitysoftware.com/assess-the-security-of-your-backup-storage-environment/