It is bad enough that cyber criminals relentlessly breach organizations’ networks with malware and ransomware to hold their data hostage.
Now they are going a step further … targeting the data backup systems themselves [ZDNet]. Once they compromise your last line of defense, it’s game over.
New encryption ransomware modifications and families with NAS-exploit capabilities have grown from 5,195 to 13,138 in the past 12 months. [ThreatsHub]
We asked Zach Cameron, Magna5’s Backup and Disaster Recovery Services Manager, to share with us how managed service providers are making a difference in battle-hardening data backup systems and storage to prevent organizations from being paralyzed with unprotected data backups.
It looks like data back-up systems are no longer a guaranteed insurance policy in recovering lost data. How are cyber criminals infiltrating backup systems?
“A typical scenario might be a hacker entering a primary environment from an endpoint and hijacking every server in the environment. Then they will head straight for the backups – deleting or compromising everything before taking over the production environment with their own secret encryption. The reason they infiltrated the network in the first place is that the organization didn’t have a multi-layered defense.”
As a managed service provider, what is Magna5’s approach in building a strong defense to protect data backups?
“We safeguard our customers data backups using a multi-tier approach.”
- Backups are disconnected offsite from the network. “Many organizations make the mistake of having their primary and replicated data in two data centers but shared on the same network. So, if a primary site is hit with ransomware, the second site on the shared network will also get hit. At Magna5, we replicate data backups offsite disconnected from the network. This way, if the local backup is compromised, the secondary backup is safe and can quickly be recovered.”
- Backup storage must have strong permissions. “It is important to lock down which users and service accounts have access to the backup storage. Ideally, the storage is locked down to a single account that is not used for accessing any other systems where the credentials could get compromised. A lot of times companies will create a file share on a NAS or file system that is accessible by everyone or a large group of user accounts. When they get hit with an attack, the attackers have unimpeded access to delete or encrypt the backup data.”
- All backup data is encrypted. “Organizations handling their own cloud or on-premises data backup normally encrypt their cloud infrastructure data but not their data backup. Magna5 leverages Advanced Encryption Standard (AES) encryption ensuring data is encrypted before it leaves client machines, in transit and at rest of disk. Local backup appliances do not store their encryption keys locally; they are stored offsite disconnected from the network. In the event someone was to pull the backup data of an appliance, they would have a very difficult time decrypting the data.”
- All backup data has read-only permission. “At Magna5, only our software administrator has permission to change or alter data backups. This is another layer of protection to control who has permission to modify or change data backups.”
- NAS devices are vulnerable. “Magna5 can write backups to NAS devices; however, we do not deploy NAS devices due to a number of vulnerabilities we have seen over the years. NAS devices connected to integrated software with vulnerabilities are common entry points for attackers to install Trojan-using exploits. At Magna5, we leverage Windows OS-based appliances equipped with agent-based endpoint detection and response software. Appliances are placed on automated OS and software patching schedules maintained by our in-house monitoring and management team.”
- Honeypot files to detect and deflect attacks. “Magna5 sets up decoy honeypot files to alert on ransomware attacks. If this decoy file is encrypted by ransomware, backups are immediately put on hold and administrators are notified to investigate the incident.”
- Backups should never be your first line of defense – “Of course, the best defense is to prevent attackers from breaching your data in the first place. Magna5 can deploy a multi-layered defense strategy combining intrusion detection, next-generation firewall protection, endpoint security, anti-virus and vulnerability management to keep you protected from attacks.”
Are you prepared for cyber criminals targeting your data backup systems? Let us help. Download our free Managed Security mini-booklet to learn more. Or contact us to schedule consultation with one of our experts.
Mike Penn joined Magna5 as Senior Content Developer. His role is to bring to life stories that inspire or inject clarity in how managed services and emerging trends can be applied to help organizations operate better and more efficiently.