Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

The Verizon 2020 Data Breach Investigations Report, which you can find here, reveals that when it comes to breaches and cyberattacks, there are differences between SMBs (less than 1,000 employees) and larger enterprises (greater than 1,000 employees). The most notable difference is that malware attacks are twice as likely for SMBs.

Managed service providers should be concerned about this statistic because, in many cases, MSPs are small businesses serving other small businesses. MSPs must communicate the value of backup and continuity while ensuring the right practices to protect their backups are in place.

Backups are often a company’s last line of defense. If ransomware infects a server, a backup solution holds the key to restoring critical data. However, not all backups are created equally. For example, restore times can vary widely depending on the solution you have in place. Even worse, hackers often target backups themselves. In this article, we’ll explore four ways hackers might try to infiltrate your backups and proven methods to help ensure your backups are safe and readily available for fast restores.

The Verizon 2020 DBIR report uses the VERIS Framework to categorize threats into a variety of buckets. For this article, we will focus on hacking, which, according to the report, occurred in 45% of incidents. Let’s dive into this specific risk, its associated backup vulnerability and how you can mitigate risk to your backups.

The Risk

With regards to backup, hackers are increasingly looking at vulnerabilities in the following places:

• Backup software: Backup software solutions, by nature, require a high level of access. Hackers have been known to steal a backup administrator’s credentials as a backdoor to access systems and data.
• Backup files: Backup files can be targets simply because backup file extensions—for example, BAK–are easy to find. Hackers may gain access to the backup software and either turn off or delete the backup files.
• Remote access: Since many backup products must connect remotely to servers to back them up or to administer backups, password authentication can open up a path to attack protected systems simply because passwords are easy to steal.
• Backup encryption: It isn’t uncommon for backups to be encrypted. However, if attackers gain access to this key, they can read the backup and/or change the key to make the data inaccessible.

Methods to Protect Backup Solutions from Cyberattacks

Given the importance of a solid backup and business continuity strategy, you should follow several best practices to ensure your backups are secure.

• Use two-factor-authentication (2FA) to access your backup software admin portal.
• If you utilize a backup appliance, ensure you cannot connect directly via a simple LAN connection.
• For remote access, do not use passwords. Utilize key-based SSH authentication instead.
• If you are using a different product to administer backups, such as an RMM tool, make sure it also has 2FA.
• Ensure that you keep backup copies in a safe, secure location–preferably geographically separated from the primary data and backups.

When it comes to cyberattacks and security risks, the most common ways of compromising primary data also apply to backup data. Cunning attackers want to make sure companies cannot recover PC, servers or virtual machines, which is why backup solutions are now under attack.

Your backup files may be your absolute last line of defense, so how can you protect them? Datto Unified Continuity is a business continuity solution that spans the server to the desktop with the flexibility to backup locally, direct to the cloud or both. Learn about more ways your backup solution may be under attack and how Datto can protect your business and your clients in our eBook, Backup Under Attack: Protecting Your Last Line Of Defense.

Christopher Henderson is Director of Information Security, Datto.

This guest blog is part of a Channel Futures sponsorship.