Results 1 to 9 of 9

Thread: Critical Data Backups vs Cyberattacks

  1. #1
    Junior Member
    Join Date
    Dec 2017
    Posts
    1

    Critical Data Backups vs Cyberattacks

    I was participating in a discussion forum on cybersecurity and critical data protection. One of the points that were brought up during the discussion was on the security of backups and whether these backups could themselves be subject to a cyberattack and I’m really interested in getting more insight on the subject.

    How can someone ensure the sanity of their backups? How can they make sure they haven’t backed up a malware along with their data? Are there any tips or best practices for backup procedures?

  2. #2
    Junior Member
    Join Date
    Dec 2017
    Posts
    1
    Can backups be attacked?

  3. #3
    Junior Member
    Join Date
    Dec 2017
    Posts
    1
    Quote Originally Posted by sdawany View Post
    I was participating in a discussion forum on cybersecurity and critical data protection. One of the points that were brought up during the discussion was on the security of backups and whether these backups could themselves be subject to a cyberattack and I’m really interested in getting more insight on the subject.

    How can someone ensure the sanity of their backups? How can they make sure they haven’t backed up a malware along with their data? Are there any tips or best practices for backup procedures?
    Hi @sdaway, this is a very interesting point and a valid concern. It is very difficult to prevent backing up malware that is dormant and you don't yet know is on you disk yet. In my company we have found that the best way to mitigate the risk of losing your data backup to infection is to keep extensive copies of your backups. By this I mean that one should not overwrite backups on a weekly basis, keep longer cycles. For example, at one of our clients, we had to go back as far as 2 months to find a clean backup set once they were hit by ransomware.

    Also, we keep a local copy of the backup onsite and a second copy in a off-site location. This helped us when another client was hit by ransomware, they kept on restoring devices that we being encrypted from the local backup store. The result was that the backup server then got hit and all local backups were encrypted. The off-site copy saved the day eventually.

    I hope this helps with answering your question.

  4. #4
    Junior Member
    Join Date
    Dec 2017
    Posts
    1
    I am sure that backups can and have been hacked, the actor could have backdoors that you backup in your backup.

  5. #5
    Junior Member
    Join Date
    Jan 2018
    Posts
    1
    A couple of thoughts.
    It depends on where in the network the backup data resides. Is the network segmented?
    Are the same login credentials used for both systems, live and backup?

  6. #6
    Junior Member
    Join Date
    Jan 2018
    Posts
    1
    Hi @sdawany this is a great topic given the rapid change of IT and the massive cyber threats that are now everywhere and infecting all parts of the datacenter. Specifically as it relates to B/U's it is true that backups can be infected! Especially if your b/u strategy consists of replicating data that could already be unknowingly infected. Hopefully your organization has done a BIA (business impact analysis) that identified the critical systems, networks and data and their criticality to business operations (ie. mission critical, business critical etc..). Additionally you should integrate your cybersecurity strategy with the BIA and other processes like your backup strategy. The goal is to always ensure that your assets (data in this case) remains highly available, remains protected (confidential & secure) and intact (integrity). When architecting a backup strategy you need to have a tiered backup plan that incorporates RPO (recover point objectives), RTO (recover time objectives) and MTD (maximum tolerable downtime) objectives. Once you have that figured out you need to test and scan your plan & data on a regular basis. I have found the most successful plans are those that have been designed from both an IT business perspective and those designed from a hackers perspective trying to breach your data. Another interesting fact is that the "hated" tape backups are now coming back in popularity given their "air gapped" status as being an off-line/off-site data storage media making it very difficult for a hacker to breach.

  7. #7
    Junior Member
    Join Date
    Nov 2017
    Posts
    9
    i think Data Backups is easy to attacked , But it's still better than not doing anything

  8. #8
    Junior Member
    Join Date
    Apr 2018
    Posts
    12
    Let's take ransomware as an example. They usually delete shadow volume copies upon infiltration automatically. Windows uses VSS (volume shadow copy service) to create backups, which means that internal Windows backups can be affected by malware. The safest bet, in this situation, is to use online backups or external drives. That, however, does not guarantee complete success. For example, if you connect an external drive with your backups to the infected system, it could be affected also. Furthermore, if the infection copies itself to the external drive (unlikely to happen with ransomware, but could be true for other kinds of malware), it could be used to spread it to other computers/devices.

  9. #9
    Junior Member
    Join Date
    Apr 2018
    Posts
    5
    There are two things (well, there are more but in this case I mean). First, you can back up your data onto a removable drive regularly. You only need to make sure that when you plug this drive in, your PC is not infected. If you try to back up your files while your system is under attack, obviously, a malware infection like a ransomware program can easily encrypt all your backed up files while it is plugged in. Such a backup only makes sense if you keep it unplugged whenever not in use. However, I must also mention that these removable drives are not very reliable since after a few years it is quite possible that they simply start working. This has just happened to me, to be frank. I plugged my external HDD in and it simply stopped working after a few seconds and never did again. This means losing 5 years of data, Gigabytes of photos and so on.

    Second, even if you save your backup in cloud, there are certain ransomware programs and other infections that can steal your login details and destroy all your backup on top of all your files on your PC. So, I don't think that there is any 100% secure method yet to have a backup without the chance of losing it all.

Similar Threads

  1. loading critical patches for mission critical servers
    By mrlucifer in forum Microsoft Security Discussions
    Replies: 32
    Last Post: June 17th, 2006, 04:32 PM
  2. U.S. fears 'cyberattacks' by Chinese armed forces
    By Tedob1 in forum Miscellaneous Security Discussions
    Replies: 9
    Last Post: April 26th, 2002, 01:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •