Ransomware has long been one of the current threats to data security and availability. Good backup software is seen as a protective wall, the last line of defense for data. It is easy to overlook the fact that the backup software itself can become a gateway for the misuse of data: the protective wall against ransomware then suddenly turns into a Trojan.
Let’s take this scenario as an example: A state uses backup software as a tool and camouflage to access data – state-supported industrial espionage. Attractive features, good marketing, and a fair price ensure that the software is distributed worldwide. The camouflage is ideal: after all, the software is sold legally, so anti-malware programs will not report it as harmful.
The possibilities for manipulation are almost unlimited, as the backup software has access to both the original and the backup data and can execute specific commands on all systems. They range from subtle sabotage through targeted changes to individual data sets or programs, to spying on data for industrial or state espionage, to the complete loss of all original and backup data – and thus the entire infrastructure to a standstill.
Table of Contents
What Makes the Backup Software an Ideal Trojan?
Of course, the example shown is an extreme scenario, but it makes one thing clear: You must carefully select your own backup software. The checklist at the end of the article shows what has to be observed. But first to the backup software itself: Why can it even become a Trojan?
- The primary task of backup software is to protect the company’s data by creating copies. By definition, she has access to all company data. It runs privileged on all systems with relevant and critical data in order to ensure unrestricted access.
- The administrator himself distributes the agents and gives privileges to the application as part of the installation – giving the software full control.
- In order to fulfill its tasks, the backup software can execute commands and scripts on all systems. This too in privileged mode.
- There is usually central management where all data come together, and controls all components centrally. All necessary and exciting data and metadata come together there.
- A list of all servers in the network, with network configuration, operating system, patch statuses and applications.
- A catalog of all backed up data.
- A copy of all data with version status, retention periods, and the possibility of concealed access to the data copies.
Another Thing is the Direct Connection
Software today usually communicates with the manufacturer. Updates are sent from the license server, and diagnostic information or marketing data flow back to it directly. Most of the time, they do not disclose this communication. It would be easy to incorporate additional information or commands here unnoticed. Logging in the information hardly protects the user because the additional information or commands may not be transmitted permanently – or they are encrypted. After all, it is sufficient if the malicious functions can be activated covertly if necessary.
But there is also Good News
You can protect yourself against this misuse of the backup software. The first step is to become aware of the problem and do a brief hazard analysis. Criteria are, for example:
- What are the possible attack scenarios on the infrastructure?
- What are the consequences of a standstill or sabotage of the infrastructure?
- How important is the company’s data, and who might be interested in it – keyword industrial espionage?
- What would a loss of data mean for the company?
Backup software – But Safe
Of course, reliable data protection is a must for all organizations. Because in an emergency, the backup is the last line of defense. With the right software and the right concept, data backup becomes a real protective wall against ransomware – without simultaneously being a possible gateway for Trojans.
The following checklist can help ensure maximum security when selecting, installing, and configuring the backup software.
- Is the manufacturer trustworthy?
- Is there a possibility that a foreign state can influence the manufacturer?
- Could there be any interest in state-supported industrial espionage?
- What rights does the manufacturer guarantee?
- Review of the terms and conditions concerning data access
- With which means and from which location does the support get access to the system?
- Does the manufacturer reveal the communication between the backup software and its servers?
- Can the software, with full manufacturer support, be operated in an isolated environment without external communication?
Backup software alone is not enough, especially since outdated backup products pose significant risks for business continuity. Instead, it requires a complete solution for data backup and availability: from the initial consultation, the creation of a tailor-made backup concept, the software implementation, the regular checking of functionalities through to support.
The right backup strategy is a decisive factor for successful data backup. Because that the risks for data security are increasing is not a scenario but a reality. The almost daily reports of cyber threats make it clear that companies need the know-how of experts in order to professionally secure business-critical data.
With limited internal resources, backup specialists can provide important support here. But it is essential to check carefully whether your own backup concept can withstand the extensive requirements. After all, the protective wall should not become a target.