Immutable Storage Subversion Attacks Present Severe Threat to Unprotected Backup Data
October 2020 by Asigra Inc.
Asigra Inc. emphasized the importance of cybersecurity-enabled backup and recovery with software integrated step-up multi-factor authentication. This is increasingly critical as immutability storage subversion attacks expose corporate backup repositories to hackers using stolen backup operator and administrator login credentials, leading to maliciously re-configured settings within the backup application and preventing successful data recovery operations.
“The ransomware protection market size is expected to grow to USD $17.36 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 16.3%,” noted analysts in a new report by MarketsandMarkets. “Ransomware is a predominant cyber threat that installs on the victim’s computer either encrypting the files or locking the entire system, until a ransom is paid. As result, organizations have increased investments in securing the data, network, and endpoints from crypto-malwares such as ransomware and other advanced cyber threats.”
In the infancy of ransomware, backup data provided a means to recover criminally encrypted or stolen data to maintain business operations. However, with the continuing evolution of these sinister cyber threats, backup data has become the target of choice as hackers prevent viable recoveries after such events. By obtaining backup administrator login credentials through keylogging, phishing and other means, more advanced ransomware attacks are circumventing multi-factor authentication, allowing easy access to some of the most sensitive and important organizational data.
“Too often enterprise organizations neglect backups as an attack vector for ransomware attackers. Data backup protection falls into the gap between cybersecurity and disaster recovery–and that gap can create unanticipated vulnerabilities. Protecting data backups is an essential component of any cybersecurity strategy,” says Johna Till Johnson, CEO and Founder of Nemertes Research.
Immutability subversion attacks often occur because application-specific MFA has not been applied to the organization’s backup software. The approach takes user authentication to a higher level, where the system requires user credentials for any critical function that could compromise a recovery. Also known as Deep MFA, it provides protection to secure policy settings and controls that prevent backup data deletions or malicious encryption resulting from ransomware detonation.
“The poor or no coordination between backup and security teams attracts threat actors who prey on backup environments that are not adequately protected,” said Eran Farajun, EVP, Asigra. “You win when you’re not worth hacking. Backup software with integrated Deep MFA enabled cybersecurity and Ransomware Attack-Loop mitigation helps managed service providers and their enterprise customers significantly raise the cost and effort for hackers who then move to easier opportunities.”