Daily Bulletin

Men's Weekly

.

  • Written by Ryan Weeks, CISO, Datto

In the last twelve months, we’ve seen ransomware continue to wreak havoc on organisations, governments, and individuals across the globe. In May 2021, the Colonial Pipeline ransomware attack brought the gasoline supply on the east coast of America to a standstill for days. In November, millions of Australians came within minutes of losing power to their homes in a ransomware attack on a Queensland power station.

Meanwhile, ransomware attacks on Australian organisations increased 15 per cent in the past financial year, contributing a significant portion of the 67,500 cybercrime reports received by the ACSC. 

Ultimately, ransomware continues to mutate and adapt, with a variety of tactics being specially employed to best exploit targets.

One incredibly effective ploy involves threat actors employing a two-pronged ransomware approach. First observed in 2018, attackers will go after an organisation’s backups before encrypting systems, meaning attackers can strip a business of their last line of defence before their presence is even known.

It’s a cyberattack method that is occurring more frequently and on a larger scale, and highlights the need for organisations to revisit their business continuity and disaster recovery (BCDR) strategy and take measures to ensure their backups are secure.

Backup software requires a high level of access to files, systems, virtual machines, databases, and other aspects of a computing environment, creating additional risk. To minimise this risk, companies need to take a multi-step approach, both on-premises and in the cloud. 

It’s imperative businesses employ a multi-factor authentication (MFA) process for access to both the backup administration portal and for activities that have the potential to manipulate or delete backup data, as this will significantly limit a hacker’s ability to access systems.

Joining the dots, covering all bases

There’s a variety of interconnected factors to be aware of when securing backups. It’s important to consider every endpoint and every application as a potential vulnerability, as any one of them could give hackers access to your most valuable data. 

Be sure connections cannot be made directly to a backup appliance. Heavily restrict local backup appliance remote access on the LAN and implement layers of protection to prevent malicious access. If a remote monitoring and management solution (RMM) is used to manage the backup appliance, then this could be another point of attack and security needs to be heightened on the RMM access controls. In addition, separate the appliance from backups stored in the cloud with independent authentication mechanisms. Never store admin credentials for the appliance or the cloud in a local browser, attackers can access them in seconds.

Backup files are easy targets, because file extensions, such as .bak, are easily located. To keep backups secure, they should be stored in read-only state. If encrypting, follow best practices, such as storing the encryption key on a separate physically secured device and only loading it into memory on the device doing the encryption. In addition, proactively scan backups for ransomware.

Finished backing up? Good, now do it again

It’s best practice to maintain multiple copies of backups in separate secure locations and limit the ability to modify the data or its storage. This is crucial for situations in which a threat actor has managed to encrypt your data. Moving from cyber protection to cyber resilience requires businesses to take an assumed-breach approach to cybersecurity and be ready for anything.

Current backup solutions can provide several point-in-time recovery points, as well as the ability to replicate backups to cloud storage. In addition, protect backups from unauthorized and accidental deletion by creating a delayed delete time window.

When testing backups on a regular basis, make sure testing includes full restoration. Perform bare metal restorations as it would occur in a real disaster situation. Finally, confirm that network connectivity can be re-established, key services (i.e. Active Directory) are properly working, applications can communicate with each other and document everything in a recovery plan.

Backups are an organisation’s last line of defence, and threat actors know it. Many are now modifying their malware to actively track down and eliminate backups, leaving victims at their mercy. 

Take the necessary steps to start 2022 off on the right foot. If necessary, upgrade your systems, and run regular tests to ensure your backups are safe, uncorrupted, and readily available for instant recovery. Adopt an assumed breach model, and work towards a cybersecurity posture that looks past protection to resilience.

Why Every Business Needs Wholesale Gift Boxes and Custom Packaging

candles, handmade jewellery and artisanal chocolates are just some item types where aesthetics are important to shape customer assumptions in terms of brand prestige or product quality. Pack aging ...

Daily Bulletin - avatar Daily Bulletin

How Local Service Businesses in Australia Can Compete (and Win) Online

Source: Pexels Running a local business today means competing not just on your street but online, too. It’s no secret that big brands dominate search results and social feeds, leaving many Australi...

Daily Bulletin - avatar Daily Bulletin

Why Small Business is the Latest Casualty of the Cost-of-Living Crisis

The Australian small to medium enterprise (SME) sector is currently navigating a systemic crisis defined by the convergence of high operational costs and severely constrained consumer demand. This env...

Daily Bulletin - avatar Daily Bulletin

Telematics Boosts Australian Business Efficiency

Telematics—the clever fusion of telecommunications and information technology—is rapidly becoming the cornerstone of smarter operations for businesses across Australia. Faced with the unique challen...

Daily Bulletin - avatar Daily Bulletin

Choosing Local Stainless Steel Fabrication and Laser Cutting in Brisbane

Stainless steel is one of the most widely used materials in industries today due to its strength, durability, and resistance to corrosion and rust. For architectural elements, industrial equipment, ...

Daily Bulletin - avatar Daily Bulletin

How Meaningful Employment Supports Mental Health and Independence for People with Disabilities

Photo by Yan Krukau from Pexels: https://www.pexels.com/photo/a-woman-sitting-at-the-table-7640785/As a manager or leader of HR, you might already know that a healthy work environment is vital to the ...

Daily Bulletin - avatar Daily Bulletin

Speed Dating For Business