Why do Hackers Love to Target Backups?

by | Jan 18, 2023

backups, backupsecurity, hackers

Cybersecurity is experiencing a fierce conflict between hackers and security experts as a result of the exponential growth in technology. On the other hand, tech-savvy criminals are upskilling themselves and breaking into networks that aren’t properly secured and accessing private information and data. New risks emerge every day and current threats continue to advance at a rate that has never been witnessed before.

By Curtis Preston, Chief Technical Evangelist, Druva

This year, India has become one of the most frequently targeted countries for ransomware attacks. According to a CloudSEK XVigil report, the number of attacks directed at India’s government sector increased by almost 95% in the second half of 2022. A reliable data backup and recovery strategy is a must, to be adapted to drive business needs and is the need of the hour for organisations.

Backups are copies of a company’s valuable digital assets and are the final line of defence against ransomware. Implementing secure backup policies is crucial to aiding disaster recovery procedures when unfavourable events threaten to interfere with operations. It demands a robust understanding of the various data types that must be safeguarded as well as the importance of the data crucial to an organization. Companies need to keep a close eye on who has access to the backup system and what level of privilege they maintain.

Encryption and exfiltration are the two kinds of ransomware attacks that pose a threat to backup and recovery systems, and most on-premises backup servers are vulnerable to both. An important role backup servers play is providing the means to recover from a ransomware attack without paying the ransom. Ransomware groups attempt to encrypt the backups as well because they contain the information required to reconstruct the machines that have been compromised by the ransomware. The saddest line in any ransomware story is, “and the backups were also encrypted.” They are your last line of defence, and you must hold the line.

That’s the traditional ransomware attack, but data exfiltration is increasingly serving as the main driving force behind ransomware attacks on backup servers. Threat actors may intimidate a business with extortion by saying things like, “Pay up or your company’s most crucial secrets will become public knowledge,” if they can exfiltrate and decrypt the company’s secrets via the backup server. The organizations are left with no choice but to pay the ransom and cross their fingers that the attackers keep their word after granting access to a web page where you can view the data they possess.

According to CISA, unauthenticated users can often access internal API functions, which may result in the upload and execution of malicious code. Companies should be concerned about remote server access as long as the data protection and ransomware recovery strategy relies on conventional hardware and software-based methods (the 2 most popular attack vectors).

See also: Infosys CISO Vishal Salvi prescribes strategy to deal with Ransomware attacks

Here are a few of the security best practices that a data resiliency platform should incorporate into their system:

1. Utilize infrastructure built on the cloud to use public cloud security standards

A SaaS provider should incorporate security of the underlying infrastructure by providing features like immutability, air gapping, and other capabilities beyond native data protection.

2. Implement backup platform observability and alerting

Systems should use observability tools to increase platform security, stop events like bulk deletions or configuration changes, or encryption from ransomware in progress, and accelerate response and forensics tasks with pertinent log and data change records.

3. Backup data should be encrypted wherever it is kept

For instance, to encrypt data at rest a business can use AES 256-bit encryption and data in flight using TLS.

4. Make use of deduplication as part of a multi-layered security strategy

Organizations should use block-level deduplication and separate the storage of data and metadata. The data’s structure should be concealed in this way, making it impossible for hackers to reconstruct it.

5. Use role-based access controls

A least-privilege strategy should be used to ensure that each user only has the access necessary to carry out their job.

To summarize, hackers are constantly on guard, and these threat actors are evolving their attacks making themselves more potent over time. Attackers even understand that victims are likely to implement recovery systems and backups and recognise that these kinds of tactics are their best shot at a win. It is a must that organizations implement the best practices that keep valuable data safe. Data resiliency is the best solution for businesses to safeguard themselves.


This is a contributed/authored article. Digital Creed did not verify any of the assertions made by the contributing author.

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles