Category: backup

Ransomware attacks have become one of the most menacing threats to businesses, governments, and individuals alike. These malicious software programs encrypt vital data and demand a ransom, often in cryptocurrency, to restore access. With the growing sophistication and frequency of ransomware attacks, the need for robust cybersecurity measures has never been more pressing. One of the most effective defenses against ransomware is having reliable, up-to-date data backups. In this article, we will explore why data backups are crucial in ransomware scenarios and how they can significantly minimize the damage caused by such attacks.

The Growing Threat of Ransomware

Ransomware attacks have surged in recent years, both in scale and impact. Cybercriminals of-ten target high-profile organizations, including hospitals, government agencies, and critical infrastructure providers, with the aim of crippling operations and demanding large sums of money. However, no one is immune; small businesses and individuals are also at risk. According to recent statistics, the global cost of ransomware attacks is projected to reach $23 billion by 2027, a significant rise from the $3.6 billion in 2022.

The consequences of a successful ransomware attack can be catastrophic. Aside from the immediate financial demands, there are also the potential long-term impacts, such as reputational damage, legal liabilities, loss of intellectual property, and operational downtime. As a result, businesses must adopt proactive measures to defend against these attacks, and one of the most critical strategies is maintaining regular and secure data backups.

The Role of Data Backups in Ransomware Defense

In the event of a ransomware attack, data backups serve as the last line of defense. Here’s how having reliable backups can make all the difference:

1.Prevention of Data Loss- Ransomware’s primary function is to lock files and make them inaccessible unless the victim pays the demanded ransom. Without proper backups, organizations may face complete data loss if they refuse to pay the ransom. By maintaining up-to-date backups, organizations ensure that they have copies of their critical data that can be restored quickly, without the need to negotiate with cybercriminals.

2. Minimizing Downtime- Downtime is one of the most costly aspects of a ransomware attack. The longer it takes to recover, the greater the impact on business operations. With a reliable backup strategy, organizations can recover their systems in a fraction of the time. Backups, especial-ly those stored offline or in the cloud, can be restored quickly, allowing businesses to continue operations with minimal disruption. This swift recovery can be the difference between a temporary inconvenience and a prolonged operational halt.

3. Avoiding Ransom Payments- Paying the ransom does not guarantee that the cybercriminals will provide the decryption keys to unlock the data. Even if the ransom is paid, there is no assurance that the at-tackers will honor their end of the bargain. Additionally, paying the ransom encourages further criminal activity and can potentially make an organization a target for future at-tacks. With a solid backup system in place, businesses can avoid falling into this trap al-together. Instead of paying the ransom, they can restore their files from backups and resume operations.

4. Enhancing Cyber Resilience- Data backups are a cornerstone of a comprehensive cybersecurity strategy. In addition to protecting against ransomware, backups also safeguard against other types of data loss, such as hardware failure, human error, or natural disasters. A well-designed back-up plan is essential for overall data protection and cyber resilience, enabling organizations to withstand a variety of threats and recover quickly.

Best Practices for Data Backups in Ransomware Scenarios

While having data backups is essential, it’s equally important to ensure that those backups are reliable and secure. Below are some best practices for creating an effective backup strategy to defend against ransomware:

1.  Follow the 3-2-1 Rule- The 3-2-1 backup strategy is a widely recommended approach for ensuring data redundancy and protection. It involves maintaining:

o    3 copies of your data (the original and two backups),

o    2 different storage types (e.g., local and offsite/cloud storage), and

o    1 copy offsite (for instance, in the cloud or on a remote server) to protect against local disasters or attacks.

2. Regular Backups- Backups should be performed regularly to ensure that data is up to date. For critical systems, daily or even hourly backups may be necessary. The more frequently data is backed up, the less data you stand to lose in the event of an attack.

3.  Air-Gapped Backups- An air-gapped backup is one that is completely disconnected from the network, ensuring that ransomware cannot access or encrypt it. These backups are stored offline or on dedicated hardware that is not continuously connected to the internet. Air-gapping provides an extra layer of protection against ransomware that spreads across networks.

4. Test Backup Integrity- It’s not enough to simply create backups; they must also be tested regularly to ensure that they are functional and can be restored when needed. Regular testing can identify any issues with the backup process before a disaster occurs, ensuring that you can re-store your systems quickly if needed.

5. Implement Strong Access Controls- Ensure that backups are secured with encryption and stored in protected environments. Restrict access to backup data to authorized personnel only and implement multi-factor authentication (MFA) for backup systems. This prevents attackers from compromising your backups during an attack.

6. Automate Backup Processes- Automating the backup process reduces the risk of human error and ensures consistency. Backup schedules can be set up so that new files and changes are automatically backed up according to predetermined intervals, minimizing the chances of missing critical data.

Conclusion

Data backups are not just a precautionary measure—they are an essential part of a comprehensive cybersecurity strategy, especially in the face of rising ransomware threats. By maintaining secure, up-to-date backups, organizations can recover their critical data quickly, avoid paying ransom, and minimize downtime and financial loss. In the ever-evolving landscape of cyber threats, data backups provide peace of mind, knowing that even if a ransomware attack occurs, the business can bounce back swiftly and effectively.

In today’s digital age, where cyber-attacks are increasingly sophisticated, a solid backup strategy isn’t just a good idea—it’s a necessity.

The post How Data Backups Turn Vital in Ransomware Scenarios appeared first on Cybersecurity Insiders.

In today’s digital landscape, Software as a Service (SaaS) applications have become vital for businesses of all sizes. However, with the increasing reliance on cloud-based solutions comes the heightened need for robust data security. While production data is often fortified with various security measures, backups can sometimes be overlooked, making them vulnerable to breaches and data loss. This article outlines effective strategies to enhance the security of SaaS backups, ensuring they remain more secure than the production data they protect.

1. Implement Strong Encryption- One of the primary defenses for backup security is encryption. Backups should be encrypted both in transit and at rest. This means that data is protected while being transferred to backup locations and while stored on backup servers. Use strong encryption standards, such as AES-256, to ensure that even if unauthorized access occurs, the data remains unreadable without the appropriate decryption keys.

2. Utilize Access Controls and Authentication- Access to backup systems should be strictly controlled. Implement role-based access control (RBAC) to limit who can access backups and what actions they can perform. Use multi-factor authentication (MFA) for an additional layer of security. This ensures that even if an attacker compromises user credentials, they cannot access backup data without the second factor of authentication.

3. Regularly Update and Patch Systems- Keeping your backup systems up to date is crucial in defending against vulnerabilities. Regularly update software, operating systems, and applications to patch security holes that could be exploited. Automate this process where possible to ensure timely updates and minimize the risk of human error.

4. Create Immutable Backups- Immutable backups are a powerful way to protect against data tampering or ransomware attacks. These backups cannot be altered or deleted for a specified period, ensuring that if production data is compromised, an unaltered backup remains available. Many cloud providers offer immutable storage solutions that can be easily integrated into your backup strategy.

5. Conduct Regular Security Audits- Performing regular security audits on your backup systems is essential to identify potential vulnerabilities and areas for improvement. These audits should include evaluating access logs, testing recovery processes, and reviewing encryption protocols. Engaging third-party security experts can provide an objective assessment of your security posture.

6. Ensure Geographic Redundancy- Storing backups in multiple geographic locations can protect against data loss due to natural disasters, outages, or localized attacks. Use a multi-region approach with cloud providers that offer data centers in various locations. This redundancy ensures that if one site is compromised, backups remain accessible elsewhere.

7. Implement Regular Backup Testing- A backup is only as good as its ability to restore data effectively. Regularly test your backup restoration process to ensure that you can recover data quickly and completely in the event of a data loss incident. This practice not only verifies the integrity of the backups but also helps staff familiarize themselves with the recovery process.

8. Monitor and Log Backup Activity- Continuous monitoring of backup activity can help detect unauthorized access or suspicious behavior early. Set up logging mechanisms to track who accessed backup systems and when. Use automated alerts to notify the IT team of unusual activities, such as failed access attempts or unexpected data transfers.

9. Educate Employees on Security Practices- Employee awareness is critical in maintaining data security. Regularly train staff on best practices for data handling, recognizing phishing attempts, and adhering to security protocols. A well-informed team is your first line of defense against potential threats.

Conclusion

As organizations increasingly rely on SaaS applications, securing backups must be a priority. By implementing these strategies, businesses can ensure that their backups are not only secure but also more fortified than the production data they are designed to protect. In doing so, organizations can safeguard their critical data against loss and breaches, ultimately maintaining trust and operational continuity in an ever-evolving threat landscape.

The post How to Make SaaS Backups More Secure than Production Data appeared first on Cybersecurity Insiders.

As ransomware attacks become increasingly sophisticated, hackers are now targeting not just application servers but also their backup systems. This strategy is designed to prevent victims from recovering their data without paying a ransom, maximizing the attackers’ leverage.

In response to these evolving threats, Google is bolstering its cloud services with a new backup storage solution that promises to protect against ransomware. This innovative feature will ensure that backed-up data remains secure and immutable, effectively preventing unauthorized changes or deletions that could otherwise result in significant losses.

Google Cloud Backup and Disaster Recovery (DR) is set to introduce this advanced feature, which not only helps users combat ransomware but also offers substantial financial protection. This development is crucial for businesses that need to safeguard their information from potential extortion and data breaches.

Backup systems are essential when production servers fail for any reason, providing data continuity to keep operations running smoothly. However, if ransomware spreads to backup systems and corrupts them, it can render them useless.

Google’s new Backup Vault feature addresses this issue by offering robust protection against malware. This feature ensures that ransomware cannot alter or delete the stored data, nor can it copy the data to external resources.

Reports indicate that the Backup Vault has been developed as a separate tool by Alphabet Inc.’s subsidiary, Google Cloud, and operates independently from the main Google Cloud Project. This tool provides layered protection through backup immutability and indelibility, safeguarding critical assets including Compute Engine Virtual Machines, VMware Engine VMs, Oracle Databases, and SQL Server databases.

The post Google Enhances Cloud Security with New Ransomware resistant Backup Vault appeared first on Cybersecurity Insiders.

In recent times, the importance of maintaining efficient data backups as a defense against ransomware attacks has been repeatedly emphasized by security experts and law enforcement agencies. However, what happens when even these backups fall victim to encryption or deletion?

According to a report by Sophos, a prominent cybersecurity firm, a staggering 94% of organizations affected by ransomware in 2023 experienced compromise of their backup systems. This alarming trend indicates that cyber-criminals behind file-encrypting malware are now targeting the very data intended for continuity or recovery purposes, maximizing their potential gains.

This raises the question: what’s the point of backups if they can also be compromised?

While the risk is evident, data backups remain essential for maintaining operations during unforeseen incidents. To mitigate the impact of backup compromise, it’s advisable to maintain multiple backup copies stored across different geographical locations. This ensures redundancy, allowing for continuity even if one backup location is compromised. Leveraging the services of a reputable cloud service provider or similar firm can facilitate this process, offering added security and reliability.

So, should businesses consider outsourcing backup services to a cloud provider capable of maintaining multiple copies at various locations?

Indeed, for those with the budgetary flexibility, investing in offsite and onsite backups concurrently can offer enhanced protection. However, for cost-conscious organizations, outsourcing to a reputable service provider can provide both security and cost savings, albeit to a certain extent.

In conclusion, while the threat of backup compromise is real, strategic measures such as maintaining redundant backups and leveraging professional services can help mitigate risks and ensure business continuity in the face of ransomware attacks.

The post Ransomware criminals target backups for assured ransom appeared first on Cybersecurity Insiders.

Finland’s National Cyber Security Centre (NCSC) has issued a warning concerning a new wave of cyber threats, with hackers now deploying ransomware on Network Attached Storage (NAS) appliances and tape storage media, aiming to obliterate stored information. The Akira Ransomware group is suspected to be behind these attacks, having targeted approximately seven companies in December 2023.

Traditionally, file-encrypting malware has affected data on networked computers’ hard disk drives. However, this malicious software has evolved to impact backup storage media such as NAS devices and tape appliances.

In the event of a ransomware attack, victims are typically advised to rely on backup storage for a swift recovery. However, the recent trend of cybercriminals targeting these backup appliances leaves victimized companies with limited options, often compelling them to pay the ransom.

To mitigate this risk, NCSC-FI recommends users store critical information on offline backups or media that is not frequently connected to the internet. Security experts also advise maintaining backups in at least 2-3 geographically diverse locations, such as cloud storage and off-site backups, providing a reliable failover capability.

Another cybersecurity development involves a Turkish hacking group targeting Microsoft SQL servers globally. The Mimic Ransomware-spreading hackers specifically focus on MSSQL computers in the EU, the USA, and Latin America, employing brute force attacks for compromise.

The Securonix Threat Research team identified this new malware variant, active since November of the previous year, targeting unsecured open-source database management systems. Similar motives were observed in the Phobos Ransomware and Crysis Ransomware groups, linked to a Russian cybercrime gang offering ransomware-as-a-service.

For protection against MSSQL server compromises, experts recommend regular server patching, using a VPN when exposing servers to the internet, and implementing security measures such as blocking excessive access to the xp_cmdshell procedure. Deploying Powershell logging and monitoring new user connections at endpoints are also suggested strategies to prevent intrusive cyber attacks.

The post Ransomware wiping out data on tape backups and malware hitting MYSQL Servers appeared first on Cybersecurity Insiders.

By Doron Pinhas, Chief Technology Officer, Continuity

2022 clearly demonstrated that attacks on data represent the greatest cyber-threat organizations face. The attack pace not only continued, it accelerated. Notable data breaches took place at Microsoft, News Corp., the Red Cross, FlexBooker, Cash App, GiveSendGo, and several crypto firms.

Many of these attacks took advantage of known vulnerabilities and security misconfigurations in storage and backup systems. Continuity exposed the extent of the problem two years ago: on average, enterprise storage devices have 16 security misconfigurations, of which three are critical. And backup and storage systems are rife with unpatched CVEs.

To make matters worse, the political climate is likely to breed more nation-state sponsored cyberattacks. Job dissatisfaction and surging unemployment across the technology sector is likely to spur more insider threats. Organizations are being confronted on all sides by cyber-danger.

Here are our top 4 predictions on how this will play out in 2023:

  1. More Data Attacks, Greater Sophistication, Bigger Monetary Losses

There is an old saying that generals tend to fight the last battle or the last war i.e., they use tactics that would have been best suited to an earlier conflict. The U.S, for example, used World War II and Korean War tactics in Vietnam and came off poorly to the guerilla approach used by the Vietcong.

Similarly in cybersecurity, enterprises typically proof themselves up against last year’s strategies and attack vectors. By the time they adjust their processes, beef up their defenses, and add new layers of security, they find themselves battling more virulent ransomware strains and cyber-scams. That is why it has been clear for a couple of years that organizations are always playing catchup to cybercriminal gangs. Hence the coming year will inevitably see more data attacks with greater sophistication resulting in ever higher monetary and business losses.

This brings about a vicious circle. As criminals enjoy more success, they reinvest some of the profits in better technology, more powerful systems, and better organized gangs. Thus, we are seeing the appearance of developments such as ransomware-as-a-service and the evolution of a cybercrime supply chain composed of distinct elements, each performing specialized functions that dovetail together into the eventual heist.

  1. Slow Gains on Storage and Backup Security

Awareness about the perils of backup, storage, and data recovery is rising – but nowhere near quickly enough to catch up with the cyber-attack innovation. Only a couple of years ago, the prevailing view was that storage and backup systems were largely immune to attack as they were backend systems. That fallacy is dawning on more and more IT and security personnel. As more backups are infected with ransomware and more storage and backup vulnerabilities are used to infiltrate other enterprise systems, the word is getting out – slowly.

But for every enterprise that takes action to shore up the many storage and backup vulnerabilities and misconfigurations that exist, there is another that is wide open to attack. In 2023, therefore, we will see well-known storage CVEs being exploited for criminal gain as organizations failed to implement available patches. Similarly, we will see cybergangs continuing to exploit gaping holes in organizational security that can be traced back to well-publicized storage and backup misconfigurations.

To lessen the damage, organizations are advised to focus on the protection of their data. Add new layers of protection across their backup and storage infrastructure to thwart efforts that bypass networking and endpoint security. Make it extremely difficult to tamper with backups and exfiltrate data.

  1. Insurance Refusals and Rate Hikes

Many organizations remain unaware of the threat posed to their data by insecure storage and backup systems. But not insurance companies. Those offering cyber-insurance are putting pressure on organizations to up their data protection game. They are demanding more thorough assessments of IT, storage, and backup infrastructure before they offer a policy. Those performing poorly in these assessments face much higher rates or even complete refusal to insure. On the other hand, those organizations that demonstrate excellence in storage and backup security could save money.

  1. The Rise of Automated Storage and Backup Validation

Organizations typically house a LOT of data. Whether it is on-premises or in the cloud, there are numerous repositories of storage and backup data spread all over the place. Most organizations do a poor job assessing where all their data is resides. And an even poorer job of understanding where potential weaknesses may lie.

Automation is needed to inventory the enterprise to find any and all storage and backup resources. Once inventoried, that data needs to be scanned to isolate unpatched vulnerabilities, security misconfigurations, and other weak points. Unfortunately, traditional vulnerability scanners and patch management systems focus on application, network and OS insecurity. They do well at scanning these systems, but are found badly wanting when it comes to scanning storage and backup systems for vulnerabilities.

With growing pressure to improve security and increase compliance efforts, 2023 will see organizations start to invest in automated storage and backup security validation, reporting, and compliance evidence generation. That, in turn, will lead to security professionals becoming more educated in data storage in general. Currently, they are insufficiently versed in data storage and backup technologies and their associated security requirements. We will begin to see that shifting in 2023.

The post 2023 Predictions for Storage and Backup Ransomware appeared first on Cybersecurity Insiders.

 Most backup and security vendors overlook this vital communication channel

  • 70% of respondents exchange more direct messages with colleagues via User Chats than Group Channel Conversations
  • 45% send confidential and sensitive information frequently via Teams
  • This rises to 51% often sharing business-critical information
  • 48% of all respondents have accidentally sent Teams messages that should not have been sent 

Leading cybersecurity software provider Hornetsecurity has found an urgent need for greater backup for Microsoft Teams with more than half of users (45%) sending confidential and critical information frequently via the platform. Research commissioned by the company highlights the often-overlooked need for Teams backup and security, as internal business communications over chat are on the rise, reaching the same levels as communication via email.  The research was conducted by techconsult, an established German IT research and analyst firm.

 

User behaviors on Teams are ripe for data loss

Teams User Chat (direct) messaging is the preferred form of business communication over Teams Channel Conversations for 90% of respondents, and more than 41% of people send a minimum of 10 User Chat messages a day. Just over a quarter of all messages (26%) are written in Teams Group Channel Conversations, showing communication is unevenly spread across the platform. 

 

Nearly half (45%) of respondents frequently share confidential and sensitive information via Teams with 51% often sending business-critical documents and data. Users tend to send such information more when they use personal devices; 51% of those on a personal device send restricted and confidential data, compared to 29% of people on a work device.

 

It’s easy to make mistakes

The survey also found that 48% of all respondents sent messages on Teams they should not have. Of this group, 88% had been trained in the use of collaboration solutions, highlighting the need for increased and improved training on how to use Teams and the risks of sending sensitive data.

 

Urgent need for companies to scrutinise Teams backup, security and training

Over half of respondents (56%) see employee training and awareness as the primary approach to reducing cybersecurity risks. However, with 89% of respondents writing more User Chat messages than Group Channel Conversations, it is important to use a backup solution that protects all collaborative features on Teams.

 

Hornetsecurity’s CEO Daniel Hofmann said, “The increasing use of chat services has changed the way many now conduct work. With this change, the risk of data loss has unfortunately increased. Companies must have adequate safeguards in place to protect and secure business data. Otherwise, they run the risk of productivity, financial and data loss.

 

This is because Microsoft does not provide robust protection of data shared via Teams – so beyond the cybersecurity vulnerabilities, organisations must ensure information and files shared across the platform are backed up in a secure, responsible way. This is why we’re proud to offer Hornetsecurity’s 365 Total Backup, the only major third-party backup provider to protect the full range of Teams communications, from User Chats to Group Channel Conversations.”

 

For further information and a full copy of the survey: https://www.hornetsecurity.com/us/services/365-total-backup/teams-backup/

 

Notes to editors:

The Teams Backup survey by techconsult for Hornetsecurity was the result of:

        Quantitative online survey in August 2022

        Questionnaire with 19 questions

        540 participants from companies with at least 50 employees from all industries

 About Hornetsecurity

Hornetsecurity is the leading security and backup solution provider for Microsoft 365. Its flagship product is the most extensive cloud security solution for Microsoft 365 on the market, providing robust, comprehensive, award-winning protection: Spam and virus filtering, protection against phishing and ransomware, legally compliant archiving and encryption, advanced threat protection, email continuity, signatures and disclaimers. It’s an all-in-one security package that even includes backup and recovery for all data in Microsoft 365 and users’ endpoints.

Hornetsecurity Inc. is based in Pittsburgh, PA with other North America offices in Washington D.C. and Montreal, Canada. Globally, Hornetsecurity operates in more than 30 countries through its international distribution network. Its premium services are used by 50,000+ customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, and CLAAS.

The post Hornetsecurity Research Reveals Microsoft Teams Security and Backup Flaws With Nearly Half of Users Sharing Business-Critical Information on the Platform appeared first on Cybersecurity Insiders.