Watch Your Backup’s Back: Cybercriminals Increasingly Targeting Backups

Security professionals universally recommend that companies have at least one (two is preferable) working backup solutions. However, properly securing those backups sometimes falls through the cracks as companies try to keep up with the security needs of their primary databases, web applications, and cloud platforms.

To effectively secure backups, data visibility and data governance are necessary. Just as you might use data visibility tools on your actively utilized and accessed data, so you should use them on the data stored on your backup servers. Governance policies can help you to be consistent with how you treat your data while also ensuring that all data, whether primary or backup, is high-quality and stored appropriately for maximum security.

cyber criminals

Backups are Critical Security Tools

As part of a standard disaster recovery plan to ensure business continuity, most organizations have functional, frequent backups. To reduce the painful consequences of a ransomware attack, backups are essential. For even basic computer use, backups are highly recommended. Essentially, any data that you create or store should have at least one backup, but it’s recommended that you have multiple redundant backup solutions that follow the 3-2-1 rule.

In short, backups are critical to your security and daily business operations. Any incident that causes data loss can be mitigated by having at least one extra copy of all of your data that you can easily upload or download. Ideally, you should have cloud backups and local backups to ensure that you are prepared for both online and environmental disasters.

Unfortunately, cybercriminals have picked up on the potential gains of attacking backups and are increasingly taking advantage, particularly when companies have cloud backups that are likely to contain vulnerabilities around access points.

Cybercriminals are Exploiting Vulnerable Veeam Backup Servers

Cloud backups have a crucial advantage for attackers: They require users to access them through online channels. If you can access your backups, there is theoretically a way for an attacker to access them, as opposed to a local hard drive or server that can be easily disconnected from the Internet following a scheduled backup.

Veeam backup servers have been under particular scrutiny recently due to an uptick in exploitations connected to a high-risk vulnerability discovered in March. The vulnerability allows unauthorized users to access encrypted credentials, which means that cybercriminals exploiting the vulnerability can use the exposed credentials to access Veeam users’ data. The vulnerability is in the backup infrastructure, which puts all of the backups stored on a Veeam server at risk until a fix is available and applied.

Although a patch was released on March 7, many companies who have not applied it remain at risk of malware infection, administrator credential compromise, and data theft. While ransomware has not been an issue, this is largely because no reported attacks have been completely successful. However, if there were to be a successful attack, it is possible that data extortion could occur once an attacker has possession of a company’s data from the backups.

Protecting Your Organization’s Backups

While it is challenging to protect your data when your cloud storage solution or virtual machine is compromised, there are things you can do to minimize the damage. Focusing on critical and high-risk vulnerabilities is crucial for security teams as once a vulnerability is known, an attacker can exploit it if you have not ensured that you’ve applied any available patch. Be sure every application that you use has the latest updates.

After you eliminate the obvious vulnerabilities, it’s necessary to ensure strong data security and governance for all sensitive and valuable data, including backups. Invest in solutions that classify your sensitive data and enforce proper data storage, so when a user saves a document, it should be saved in the correct folder with appropriate security based on the sensitivity of its contents. A program that classifies your data should run on both your primary database and on your backup.

Once all the data that you already have stored has been properly organized and secured, you should create a data governance policy for any data your organization creates in the future. Data governance provides you and your organization’s employees with a formal policy for managing data, ensuring that your data is accurate, usable, and secure. Having this policy in place will help your company keep high-quality, well-secured data.

Although cybercriminals are increasingly targeting backups, you can reduce your risk of a data breach by treating your backups, which are essential for your security and business continuity, the same way you treat your primary data. Apply patches and updates as soon as possible, especially after a vulnerability is reported. Ensure good data visibility, and enact data governance policies. These things can’t guarantee you won’t experience a security incident, but they can greatly reduce your risk and minimize damage to your company.

Robyn Matthews started writing about technology when she was far too young and hasn't stopped. She spends most of his time obsessing over computer software and hardware, and loves talking about herself in third person.