When no organization is impervious to cyberattacks, backup immutability should be part of every business’ defense strategy. Find out more here…
As one of the fastest-growing digital economies in the world, the South-east Asia region is a prime target for ransomware and a hotbed for cyberthreats. Insights from Interpol’s ASEAN Cybercrime Desk Report showed a significant number of ransomware attacks in 2019, targeting healthcare, education, transport and manufacturing sectors in the region.
Attackers typically use encryption to prevent booting and other common operations. Once critical services in an organization have been brought down, the attackers demand a ransom to unlock the data so that services can resume.
As a way of combating this, companies have relied on backups as a line of defense, but attackers have now found ways to corrupt that, too. Advanced ransomware is now targeting backups by modifying or completely erasing them, removing the last refuge of companies and driving even larger ransom payouts.
Recovery from tape or other archives requires massive effort, and attempts to do so can be exhausting. Despite cybersecurity teams investing in myriad protection tools, threat actors continue to find new mechanisms to compromise and encrypt organizations’ data.
Design backup data for immutability
How do you ensure that your backup data is not vulnerable to hackers? The key, according to Kamal Brar, Vice President and General Manager (Asia Pacific and Japan), Rubrik, is to make backups immutable. This means that once data has been written it cannot be read, modified, or deleted by users on the network.
Backup immutability goes well beyond simple file permissions, folder Access Control Lists (ACLs), or storage protocols. The concept of immutability needs to be baked into the backup architecture so that no security exposure can tamper with it.
Here is a list of solutions from Rubrik that can help integrate immutability into the organization’s backup architecture:
- Establish stringent validations before data transformations are committed
Customer data brought into the system is written into a proprietary sparse file called a Patch File. These are append-only files (AOFs), meaning that your data can only be added to the Patch File while it is marked as being open. This powerful file system will refuse writes at the API level that are not append-only. Patch Blocks within each Patch Files generate checksums. These checksums are computed and stored in a separate Fingerprint File before data transformations are committed. This process ensures that the original file remains intact with forced validation during read operations. Data integrity is achieved as Patch Blocks are routinely verified against their checksums. In order to counter a ransomware attack, the administrator must restore the original, validated data from backups. As Patch Files are not exposed to any external systems or customer administrator accounts, this ensures that meticulous care is taken to restore exactly what was originally stored in a backup.
The other option is to divide Patch Files into fixed-length segments called Stripes. As Stripes are written, the AOF computes a Stripe-level checksum which is stored within each Stripe Metadata. Stripes are further divided into physical Chunks where activities such as replication and erasure coding occur. As each Chunk is written, a checksum is computed and stored in the Stripe Metadata alongside the list of chunks. These checksums are periodically recomputed and compared against the checksums in the Stripe Metadata. If a data rebuild is needed, erasure coding is automatically leveraged in the background.
- Identify and secure data cluster connections
Traditional approaches to cluster security often rely on a ‘full trust’ model in which all members of the cluster are able to communicate with one another. This creates a weak surface area when designing a defense-in-depth backup architecture.
Each cluster has some number of nodes that need to communicate with one another. Create secured cluster communications by using the TLS protocol with certificate-based mutual authentication. This means each node that wants to exchange data should be validated by strong, randomized passwords on a per-node basis.
Thus, the ‘admin/admin’ style of default local authentication that is easily searchable on the web and adds an attack vector, should never be an option.
- Implement systems hardening standards to support backup architecture
There are numerous other elements to protect the integrity of the system through internal security measures. Organizations can minimize the attack surface by integrating systems hardening standards.
- Control what end-users can do in the database using role-based access permissions.
- Screen and allow only certified applications and services to run within the data platform.
- Pre-configure the services that can access each other.
- Designate authorized personnel who can authenticate software images.
- Disable inactive user ports.
Ransomware attacks can be debilitating, and organizations need to devise a reliable recovery plan to ensure minimal downtime. A responsive ransomware strategy leverages the power of immutable backup to recover the most recent clean data and restore critical services.
Today, when absolutely no organization is impervious to cyberattacks, backup immutability should be part of every business’ defense strategy.