Backups are Sexy Even to Ransomware
Reading thus far, you might be thinking, “Wait we already have a backup and recovery plan.” Maybe restoration speeds and frequency of backups were considered when implementing – and it’s likely out of all of the organizations out there, some of them have considered this. However, remember, backups are attractive to more than just disaster recover/business continuity planners, historically take the authors of:
SamSam: which gained access through remote desktop protocol (RDP), exploited other vulnerabilities identified to gain further network access, deleted backup files, and then started encrypting files.
WannaCry, Locky, and Cryptolocker: which searched for and deleted Microsoft built-in Windows Volume Shadow Copy, often used by home users and/or SMEs.
Must know: NOC data center
DoppelPaymer: initially compromising a target through things such as Phishing or insecure remote desktop services, then traversed the network to identify privileged user accounts. Specifically, they were looking for domain administrative credentials to gain administrative access to cloud backup deployments and to delete an organization’s final option for non-payment recovery.
How can organizations protect themselves? For one, proper configuration of backups is a must, along with the principle of least privilege, i.e. all access required to do a job but absolutely no more. What about the backups themselves, can they limit what DoppelPaymer authors did?
You may have read about immutable backups, i.e. configured to protect against change or deletion, but what if the domain administrator account is used? FlashBlade has something called SafeMode snapshots to address this. Where DoppelPaymer used administrative credentials to delete the backup, SafeMode snapshots do not allow for deletion. Protecting both the data within the backup and its metadata.
Leave a comment
- Internet Cable vs LAN Cable
- Network vs. security
- Backups are Sexy Even to Ransomware
- HP DeskJet 3835 All-in-One Ink Advantage Wireless Printer
- Advantages of Networking students
- how a typical MPLS network looks?
- Cloud-first SD-WAN solutions.
- Types of Computer Businesses
- IoT Device Vulnerabilities
- Cisco Certified Networking Professional
- AWS JOBS YOU CAN GET WITH AN AWS CERTIFICATION
- Cybersecurity Problems and Solutions
- Data Scientist roles and responsibilities
- 5G Technology Drawbacks and Dangers
- Contingent Workforce Management
- Which IT certifications will increase my salary?
- Why Cybersecurity is important ?
- 5 lakh Zoom accounts hacked
- contingent workforce for specialised skills
- What Are Contingent Workers?