6 Ways Cybercriminals Exploit Your Self-Managed Immutable Backup

By Chris Voigt, Xigent Solutions Architect

Hacker exploiting immutability weaknesses

If immutability is part of your organization’s IT infrastructure, you’ve taken the first, very important step toward protecting your backup data and your business continuity. However, if you’re managing your own backups, you may likely have some serious vulnerabilities that cybercriminals could use to gain access to your environment.

Immutable repositories provide a strong additional layer of defense, protecting your data from encryption, deletion, or malicious modifications. The trouble is that today’s cybercriminals are getting more sophisticated, taking a “land and expand” approach, targeting your environment over longer periods of time to find vulnerabilities.

Organizations that are protecting themselves with self-administered immutability solutions have some common weak points that the bad actors can exploit. Does your system have any of the following weaknesses?

  • Operating System Vulnerabilities. Cybercriminals often take advantage of software security flaws to gain access to unauthorized systems. Even if you frequently patch your systems, there is still risk of attackers using “zero day” flaws in the hours or days before they’re widely known or fixed to gain access to your backup infrastructure and compromise your backup data.
  • Platform Interfaces.  Remote server management technology, service processors, hypervisors, etc can all provide back door access to machines that house immutable file systems. If the machines can be disrupted or destroyed above the immutable layer, these backups can be compromised.
  • AD Authentication. For ease of use, many backup systems and repositories are configured to integrate with Active Directory. Cybercriminals gain access through phishing and hacking to administrative credentials and use those compromised accounts to expose immutable backup systems or structures to exploitation or destruction.
  • Network Segmentation. It is very difficult to deploy backup infrastructure that is truly isolated from the remainder of the production environment. Shared networking and lack of segmentation allow cybercriminals to expand their area of influence into backup infrastructures that aren’t network isolated.
  • Cloud Credential Sharing. Many cloud providers seeking to facilitate ease-of-use, allow credential sharing with on premise authentication services. Your immutable cloud data copies can be destroyed at the account, subscription, or storage domain/account level if these credentials are compromised.
  • Internal Sabotage. No one wants to think that an employee might want to harm your organization, but you just can’t ignore this possibility. Internally developed systems and processes are always the most vulnerable to those who design and manage them.

 

How do I eliminate these weaknesses?

For that next level of protection, move beyond self-administered, on-premise immutability to an immutability solution that is managed, maintained, and credentialed separate from the rest of your IT environment. Xigent’s IT consultants can help you design a truly immutable backup with tested recoverability.

Talk to a Security Expert