How Malware Gets Backed Up Along With Data

  /     /     /  
Publicated : 22/11/2024   Category : security


How Malware Gets Backed Up Along With Data


Malware is widely bypassing AV and other controls, getting backed up like any legitimate data, and re-infecting enterprise systems during restore.



Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)
When malware slips past antivirus, it can get swept up in an enterprises system backup and ultimately reinfect systems when the company restores applications from its contaminated backup.
Oliver Friedrichs, head of Sourcefires cloud technology group, says this cycle occurs more often than youd think. Friedrichs recently analyzed data collected from more than 2 million Sourcefire users during a one-month period and found that backup and file restoration applications often inadvertently restore malware.
His findings: During a one-month period, DropBox, a cloud-based file-sharing and backup service, restored 17,705 threats; Maxtor Backup and Restores MaxSynch, 5,076 threats; 2BrightSparks SynchBack backup software, 165 threats; and FreeFileSync, 104 threats. These were users that had been running traditional AV products.
Weve historically talked about backing up malware as a hypothetical ... we assume its been happening, but there hasnt been a clear way to see how frequently its been taking place, Friedrichs says. This [analysis] is a confirmation and affirmation that it is happening. We should be concerned about it and aware of backing up malware and then restoring malware.
Friedrichs says this demonstrates how malware is widely bypassing AV and other controls and then getting backed up like any legitimate data or files. Once the backup is polluted, he says, if it is used to restore a system, [the malware] would also be restored onto the system once again.
[ Sometimes its the little things--a misconfigured network proxy or an unused and forgotten port--that can make the difference in whether an organization suffers a major hack. See
Simple Settings That Could Curtail Some Attacks
.]
Is this an AV or a backup problem? Gleb Budman, co-founder and CEO of cloud-based backup service provider Backblaze, says his firm had explored whether it should provide malware scanning as part of its online backup service. But it just didnt make sense, for two reasons: We encrypt all of the files [backed up] so they cant be scanned in our data center, Budman says. We could scan on your client AV in our backup agent on your system--we thought about that--but if a user is already running AV, they would run it, then we would run it, and wed be using up system resources twice. That seems kind of silly.
Read the rest of this article on
Dark Reading
.
Most external hacks of databases occur because of flaws in Web applications that link to those databases. In this report,
Protecting Databases From Web Applications
, well discuss how security teams, database administrators, and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding. (Free registration required.)

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How Malware Gets Backed Up Along With Data