Common Cyber Threats and How To Avoid Them

Cyber threats come in many forms so for that reason a holistic approach is required in order to tackle them. Cybersecurity is of the utmost importance to all organizations, so the responsibility should not fall to just one department. Everybody within the organization has a role to play, so we will kick off here by addressing some of the most common internal threats to data security.
Internal data security and employee blunders
Often the biggest security risks are not from cyber criminals, but from the staff we put in charge of data management. Employees with access to business critical and Personal Identifiable Information (PII) have the ability to either expose or damage that data maliciously, or in most instances, unintentionally.
To limit the risk of damage the principles of ‘least privilege’ should be applied to ensure that employees only have access to the data sources that are relevant to their job roles. In additional to user level access control, data volumes can also be protected against unwanted alteration through application control. Blocky for Veeam® provides application fingerprinting technology which permits only authorized system processes from writing to protected volumes. Users are unable to make direct modifications or delete files within protected volumes unless they are doing so through a permitted application. In the case of a protected volume containing Veeam Backup and Replication backup files, a user could manage backup files if they have login permissions to the Veeam management console; but direct modification of files within a protected volume by any other process such as the Windows file explorer would be blocked.
Employees are also one of the leading causes of data breaches as they routinely make mistakes which can expose sensitive information to the public, or provide useful resources to cyber criminals. Common examples include emails sent to the wrong people externally and companywide internal emails that copy recipients in the Cc field instead of using Bcc, which can result in a full company email directory falling into the wrong hands if the email is exposed externally. This type of internal email exposure provides hackers with a great database of contacts for targeting an organization with fake emails known as phishing.
Education is the key to minimizing these types of threat through the provision of email best practice guides, training and regular assessments.
Social engineering

In our earlier article The Blocky for Veeam® – 5 Step Guide to a Safer Network we highlighted that 98% of cyber-attacks rely on social engineering. This is a type of attack in which criminals imitate a trustworthy entity such as a person or an organization.

Phishing is the most common form of social engineering usually conducted over email. These are fake messages which contain urgent requests, typically highlighting a problem within an organization’s service delivery or the user’s login details.
Depending on the method of attack, the intent is to convince the user into handing over sensitive data, downloading a malicious file attachment, or providing access to a restricted network or physical location.
Some phishing scams contain links that direct users to a recreation of the legitimate site, enabling the criminals to capture the individual’s username, password and banking details. Others contain malicious attachments that infect the recipient’s computer with malware.
Although most phishing attacks are email messages, similar tactics are also common on social media, by telephone and in SMS text messages.
Malware
Malware refers to ‘malicious software’, which are pieces of code that are planted on computers and networks to perform certain activities.
Types of malware include adware which uses pop-up adverts in an attempt to generate revenue through clicks, spyware which monitors the activity on an infected device and viruses which attach themselves to programs, script files and documents with the intention to spread as far and wide as possible.
However, one of the most notorious types of malware is ransomware.
Ransomware
Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. It has the ability to lock a computer screen or encrypt important predetermined files. Ransomware attacks are based on a simple premise: organisations need access to their files in order to operate and generate revenue. When those files are locked a ransom payment is often the most affordable way to get the business operational again.
However, those files are only valuable if they are the only copy. You can avoid criminals’ demands if you have a backup plan for when your organization is infected. Backups should be taken regularly based upon your risk analysis and recovery point objectives, but more importantly, backups should be made secure and immutable.
DDoS Attacks
DDoS (distributed denial-of-service) attacks occur when hackers use a network of compromised computers, known as a botnet, to overload a target site with traffic. The site is then unable to process such a high volume of requests and either crashes or becomes unusable.
DDoS attacks are therefore not cyber-attacks designed to steal data but rather to disrupt the target organization. As such, they’re normally conducted when the hacker has a political or personal reason to attack.
However, there have been instances of DDoS attacks being conducted to distract an organization while hackers conduct another attack, so it is very important to assess the damage following any DDoS attack once you are back online.
Hopefully the tips and trends outlined here have given you some new areas for consideration on your cyber security journey. For any questions please get in touch through our contact form, the Blocky team are always ready to help.
wanted software applications, protocols and unnecessary application features as possible to further reduce your attack surface.
Removal of all non-essential applications and features within your Veeam deployment is part of the Infrastructure Hardening process and should be applied to Veeam Backup & Replication installations.
While many utilities may offer useful features to the backup administrator, if they provide ‘back-door’ access to the system, they should be removed. Also consider additional software such web browsers and Java on your Repository servers. Elements which do not belong to the operating system or to active Veeam components should be removed. This will also make software patch level maintenance much easier.
For the Veeam Backup & Replication Server the following hardening procedures should be considered at a minimum:
  • Remove the Backup & Replication Console from the Veeam Backup & Replication server. The console is installed locally on the backup server by default.
  • Switch off the Veeam vPower NFS Service if you do not plan on using the following Veeam features: SureBackup, Instant Recovery, or Other-OS File Level Recovery (FLR) operations.
Be aware that the Backup & Replication Console cannot be removed through the installer or by using Add/Remove in Windows. You must also first de-install all Veeam Explorers before removing the console. Refer to the Veeam help centre documentation for your current version of Veeam Backup & Replication for more information.
Another target for the hardening process is The Veeam Backup Enterprise Manager (Enterprise Manager) which is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Similarly, when Enterprise Manager is not in use de-install it and remove it from your environment for added security.
Cyber security can seem a daunting task with so many loop holes to plug, but with a systematic approach you can achieve a great level of protection for your backup environment. For any questions please get in touch through our contact form, the Blocky team are always ready to help.
Blocky is a Veeam Ready Partner

Start your 30 Day risk free trial

Fill out the form below, to receive the download instruction for Blocky for Veeam