Erun Farajun, executive vice president of Asigra (a cloud backup solution provider), talks with Mike Matchett, founder and principal analyst of Small World Big Data, about the variety of means of attack that bad actors use to access data from backups and archives (including attack loops), They also discuss a few of Asigra’s latest approaches to backup security.
The Windows OS may be a favorite, but Farajun says that backups are highly vulnerable to hackers — and in fact, they are the second most favorite target. He explains, “If they can kill your backup and render it useless, you can't recover. You’ve got to pay the money [or] the bitcoins.”
Farajun says, “One of the ways they do it is they land a piece of malware code on the network, and it looks for the default name ... of the backup repository directory.”
He adds, “Some go through APIs. Some, they steal. They hack into the active directory, they steal the backup user credentials, and they log in as if they were a legitimate user. And then they either delete all the backup data, or they restore it and corrupt it.”
A new attack technique has emerged — attack loops. Attack loops, Farajun explains, “ … put a virus in the network. It gets in through the end users, and sits dormant for three, six, eight months. And during that period of time, you are backing up the virus … you don't see it. And then it infects your repository, including the offsite tape, air-gapped backups. And then it detonates. And it's very hard to get rid of because you don't know [when you] ingested the virus. So you keep recovering to an older and older and older backup. [So] you lose data, where at some point it's unfeasible.”
Farajun says, “We've inserted multiple malware detection engines. Then the malware is quarantined, and users receive a notification.” Asigra also offers biometric authentication.
Check out the full video w. Asigra here: Guarding Data at the Back Door