Corporate backup solutions Self-protection tests
Corporate backup solutions: In light of the growing number of ransomware attacks in which cryptolockers stop database processes to unlock database files for encryption (Cerber, GlobeImposter, Rapid, Serpent) and they can encrypt local and network backups to request a ransom payment (Rapid, Spora), we decided to test the self-protection capabilities of the best backup solutions used in the corporate environments available for testing.
The test aims to check the sustainability of the processes and services of the products against the typical attacks on the security software described below, as well as the self-protection of the local backup and of the product files. Ransomware can encrypt configuration files and local backup files that belong to a backup program by disabling file recovery. In addition, once access to the agent or server processes is obtained, the attacker can delete backup copies of files not only locally, but also in the cloud on behalf of a backup solution.
This document is a summary of the enterprise backup solutions test report and includes a description of the test environment, a list of tested solutions and their versions, an overview of test scenarios, as well as results and conclusions based on these results. We do not classify the tested solutions and do not award any prize, but we provide the results “as is” for informational purposes only.
The tests were conducted on the virtual machines of:
– Windows 8.1 SP1 32 bit build 9600
– Windows 10 Enterprise 64 bit Build 16299
– Windows Server 2012 R2 Standard 64 bit v. 6.3.9600 Build 9600
We have tested backup solutions on platforms
32 and 64 bit because the process injection techniques used in the test scenarios differ on these platforms. In addition, 32 and 64 bit product builds may contain a different set of features, including self-protection, and their implementation may depend on the architecture of the operating system.
Corporate backup solutions: The most recent versions of the following products available at the time of testing were tested:
Unified Data Protection Server
Unified Data Protection Client
6.5.4175 Aggiornamento 2 Build 667
Backup & Replication
Agent for Microsoft Windows
9.5 Aggiornamento 3
Veritas Backup Exec
Agent Utility pour Windows
16.0 Rev. 1142
16.0 Rev. 1142-1632
Each product was installed with the default settings and updated before running the test.
Corporate backup solutions – Test scenarios
The test suite includes 31 tests that simulate attacks on local backup files, product files, processes, services and cloud storage that aim to block the backup and restore service. The “Product File Protection” test category contains simple tests aimed at destroying backup and application files making it impossible to recover data encrypted by ransomware.
The second group of tests “Protection of processes and products services” is essential for self-protection since the malware can inject the malicious code into a backup agent and act on behalf of a backup solution obtaining all the necessary privileges to check the backup files. At the behest of an attacker, a malicious process can interrupt processes and services with consequent blocking of the backup and restore application
or deleting backup files on behalf of a backup solution. The latest series of tests is “Cloud backup and recovery protection” and is addressed to communication interfaces with cloud storage. The attack of DNS poisoning or the improper use of the CLI can cause the cloud backup service to be interrupted.
Corporate backup solutions – Conclusions
The purpose of the test was to verify the backup software’s self-protection capabilities to protect related files, processes, services and cloud storage from scenarios that can potentially be run by ransomware.
The results showed that most of the tested products are not ready in many cases to counter ransomware-type attacks by allowing a potential attacker to block user backups and disable backup and restore services. Only Acronis Backup has shown good results with an 87% and 81% effectiveness rate for 32-bit and 64-bit products, similarly providing complete self-protection and service sustainability features.
Download the complete department here: Nio Guard Independent Study_IT
- The threat of DDoS ransomware
- Procedural Security Analysis – Thank you for contacting us!
- Zombie phishing: beware of emails, it could be zombies
- Social engineering: how hackers scam their victims
- What is phishing? Understanding and identifying social engineering attacks
- Avoid Ransomware: That’s why it’s best not to take any risks
- Double extortion ransomware: What they are and how to defend yourself
- Zero-Day attack: what they are and how to defend yourself with SOCaaS
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (17)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (6)
- Web Hosting (13)
- Inside Strata's Plans to Solve the Cloud Identity Puzzle February 25, 2021Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.
- Microsoft Releases Free Tool for Hunting SolarWinds Malware February 25, 2021Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017.
- North Korea's Lazarus Group Expands to Stealing Defense Secrets February 25, 2021Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.
- Ransomware, Phishing Will Remain Primary Risks in 2021 February 25, 2021Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports.
- Thousands of VMware Servers Exposed to Critical RCE Bug February 25, 2021Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.
- 5 Key Steps Schools Can Take to Defend Against Cyber Threats February 25, 2021Educational institutions have become prime targets, but there are things they can do to stay safer.
- How to Avoid Falling Victim to a SolarWinds-Style Attack February 25, 2021A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.
- Cybercriminals Target QuickBooks Databases February 24, 2021Stolen financial files then get sold on the Dark Web, researchers say.
- New APT Group Targets Airline Industry & Immigration February 24, 2021LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
- 61% of Malware Delivered via Cloud Apps: Report February 24, 2021Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.
- Backdoor.Win32.DarkKomet.irv / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/a229acff4e0605ad24eaf3d9c44fdb1b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.irv Vulnerability: Insecure Permissions Description: DarkKomet.irv creates an insecure dir named "Windupdt" under c:\ drive, granting change (C) permissions to authenticated user group. Standard users can rename...
- Trojan.Win32.Pluder.o / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ee22eea131c0e00162e4ba370f396a00.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Pluder.o Vulnerability: Insecure Permissions Description: Creates an insecure dir named "z_Drivers" under c:\ drive, granting change (C) permissions to authenticated user group. Pluder.o also creates several registry key...
- Trojan.Win32.Pincav.cmfl / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/9d296ebd6b4f79457fcc61e38dcce61e.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Pincav.cmfl Vulnerability: Insecure Permissions Description: The trojan creates an insecure dir named "Windupdt" under c:\ drive, granting change (C) permissions to authenticated users group. Standard users can rename the...
- Trojan-Proxy.Win32.Daemonize.i / Remote Denial of Service February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/61bec9f22a5955e076e0d5ddf6232f3f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Daemonize.i Vulnerability: Remote Denial of Service Description: Daemonize.i listens on TCP port 5823, sending some junk packets to the trojan results in invalid pointer read leading to an access violation and […]
- Backdoor.Win32.Ketch.h / Remote Stack Buffer Overflow (SEH) February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/63c55ad21e0771c7f9ca71ec3bfcea0f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Ketch.h Vulnerability: Remote Stack Buffer Overflow (SEH) Description: Ketch makes HTTP request to port 80 for a file named script.dat, after process the server response of 1,612 bytes or more it […]
- Backdoor.Win32.Inject.tyq / Insecure Permissions February 23, 2021Posted by malvuln on Feb 23Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/833868d3092bea833839a6b8ec196046.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Inject.tyq Vulnerability: Insecure Permissions Description: The backdoor creates an dir named "hotfix" under c:\ drive granting change (C) permissions to the authenticated user group. Type: PE32 MD5:...
- IBM(R) Db2(R) Windows client DLL Hijacking Vulnerability(0day) February 23, 2021Posted by houjingyi on Feb 23A few months ago I disclosed Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability I found : https://seclists.org/fulldisclosure/2020/Oct/16 In that post I mentioned "I will add more details 90 days after my report or a security bulletin available". Here it comes. NOTICE : This vulnerability seems did not get […]
- CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189) February 23, 2021Posted by David Coomber on Feb 23CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189)
- [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability February 20, 2021Posted by research on Feb 19-------------------------------------------------------------- docsify
- Backdoor.Win32.Bionet.10 / Anonymous Logon February 19, 2021Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/be559307f5cd055f123a637b1135c8d3.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bionet.10 Vulnerability: Anonymous Logon Description: The backdoor listens on TCP port 12348 and allows anonymous logon credentials to be used to access an infected host. Type: PE32 MD5: be559307f5cd055f123a637b1135c8d3 Vuln ID:...
Cyber threat intelligence identify dangers before they cause damage Find threats before they become a problem… https://t.co/eoT3Mfmi7g
Analisi di Sicurezza Procedurale Verifica che le operazioni in azienda rispettino gli standard imposti per il trat… https://t.co/HYs4UsX3mP
VPN Aziendali connessioni protette sempre e dovunque Gran parte del lavoro ormai passa per la rete,la sicurezza dev… https://t.co/ZreMXSsS17
Ultimamente ci sono stati casi critici di ransomware degni di nota. L’Universita' Tor Vergata ha subito un attacco… https://t.co/oHVilx0VXx
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked… https://t.co/FQYuyKdAv6