The year 2020 has arguably been a dream come true for cybercriminals. Quite notably the frequency of cyber-attacks has never been any higher. The world has seen a significant rise in the number of phishing emails containing the words corona or COVID-19 during the current pandemic.
In one such instance, we saw a spoof email impersonating the National Institute of Public Health, claiming to contain important information on the COVID-19 virus. However, when the recipients of the email open the attachment, their computer system gets infected and their backup system also gets erased at the same time.
With deceitful criminals exploiting the emotion of fear that has arisen over the current pandemic, more and more data recovery cases are coming to light, where backup applications have been wiped out. Increasingly these are backup files of virtual machines (VMs).
To a modern organization, VM’s provide various benefits and hence this move is not at all surprising. Organizations in the current era are likely running multiple VMs on one physical server, rather than using the separate servers, since, modern hypervisors make the configuring and maintenance of physical servers far less arduous.
In case of such a security incident, sometimes the data from backup files and storage systems can be saved post-breach, even when it is not clear just how long the system was accessible to the cybercriminals.
What can the organization do in such a scenario? Do they rely on their last backup to restore their vital data? Probably not.
So, what can be done?
Addressing the Internal issues
Let’s take a look at some of the common causes of data loss on VM’s. According to researchers, human error, hardware malfunction, and RAID issues are all potential culprits, in addition to ransomware. Unfortunately, untold damage and data loss can happen due to a simple human error which is a persistent cause. This could include patches with programming errors from under pressure developers, updates without an offline backup, poorly planned implementation of new company-wide software, accidentally overwriting or formatting a storage medium, damage to the core database, or integration problems between disparate systems.
The age-old adage of things not being built to last stands true when it comes to the hardware problems faced by the virtual system. Faulty drives, faulty controllers, faulty server components, power problems are all contributors to its hardware problems.
Because of the very nature of virtualization, RAID damage – is often a much bigger challenge for VMs and is also the final potential culprit. Assigning all information to the many available disks are done by the RAID controllers. Unfortunately, files can’t be simply rebuilt if a RAID configuration becomes corrupt. Rather, the interconnectedness of multiple systems may lead to significant data loss and long downtime, when that happens.
Keeping it simple
Irrespective of where the cause of data loss comes from, the consequences are massive and can lead to heavy fines from regulators as well as untold damage to goodwill. It is increasingly vital to understand that virtualization and VMs are not flawless. Just like other legacy storage options, they can become defective as quickly in the real world scenario. Hence, it’s advisable to think about which solution fits best before creating a virtual environment for sensitive applications.
It is best not to do this by combining separate virtualization solutions though. The risk of data loss increases exponentially when it is done in the same environment. The data recovery process also becomes time consuming even for a seasoned professional if too many layers of complexity are added to it. Hence, keeping the virtualization simple and staying with one solution within one environment is advised by our security experts.
Also, always back up and take snapshots of changes. A good backup rotation scheme is essential since advanced persistent threats (APTs) are showing up repeatedly. Multiples backups should be made without forgetting to save them to other physical or cloud locations.
It is important to provide an air gap so that a hacker cannot access the network during backup.
Finally, the right backup software for a specific virtual environment should be given a careful thought so that it can support future endeavors. When choosing a backup software, probably the most important factor to consider is how much time it takes to recover VMs should a breach or accident happen.
Swift Accessibility
With all of its benefits, virtualization can undoubtedly save time, however, the sad truth is hat VM files can still be lost or damaged. For anyone who manages virtual systems, data loss is a stark reality of today. It is, therefore, essential to understand the systems well and have a specific plan on how to respond to a security incident.
What is important is how quickly repairs can be made so that business-critical data can be quickly accessed again.
To read more, please check eScan Blog
