Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Why hackers love backups – The Hindu BusinessLine | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The number of ransomware attacks on enterprises is growing by the day. After gaining access to a network, hackers inject malicious files and encrypt the data.

“The number of attacks directed at India’s government sector increased by almost 95 per cent in the second half of 2022,” Curtis Preston, Chief Technical Evangelist of Druva, an SaaS-based data resilience solutions company, said.

A reliable data backup and recovery strategy is a must for enterprises and organisations. But what if the backups are targeted? “Backups are copies of a company’s valuable digital assets and the final line of defence against ransomware. Implementing secure backup policies is crucial because it helps business continuity in the event of an attack,” Preston said.

Organisations must restrict access to backup data according to the needs and roles of employees. They must have visibility over who has access to the data and who is accessing it, he said.

Hackers know well that victims immediately fall back on backups to restore systems. So, the onus is on organisations to back up scientifically to insulate from hackers.

Encryption and exfiltration

Most on-premises backup servers are vulnerable to two kinds of ransomware attacks — encryption and exfiltration.

“Hackers attempt to encrypt the backups as well, because they contain the information required to reconstruct the machines after they were compromised by the ransomware attacks,” Preston observed.

“Remember that they (backups) are your last line of defence, and you must hold the line,” he cautioned

Besides the traditional ransomware attacks on backup servers, cyber fraudsters are also increasingly resorting to data exfiltration. They then attempt extortion, threatening to make sensitive data public in the dark web and elsewhere.

“The organisations are left with no choice but to pay the ransom and cross their fingers that the attackers keep their word,” he said

What companies should do to protect backups from ransomware attacks

Curtis Preston, Chief Technical Evangelist of Druva, an SaaS-based data resilience solutions company, lists the following ‘security best practices’ to ensure resiliency of data in an organisation.

Organisations should use observability tools to increase platform security, stop events like bulk deletions or configuration changes, or encryption from ransomware in progress, and accelerate response and forensics tasks with pertinent log and data change records.

Backup data should be encrypted wherever it is kept. Encrypt data at rest using AES 256-bit encryption and data in flight using TLS.

Organisations should use block-level de-duplication and separate the storage of data and metadata. The data’s structure should be concealed, making it impossible for hackers to reconstruct it.

Use role-based access controls to ensure each user has only the access needed to carry out their job.


Click Here For The Original Story From This Source.

National Cyber Security