Overcoming Human Vulnerabilities that Open the Door to Ransomware

Ransomware attacks dominated the cybersecurity landscape in 2020 and will remain a top threat in 2021, posing major challenges for both public and private institutions. The UK’s National Cyber Security Centre recently reported that it handled more than three times as many ransomware incidents as in the previous year. New variations of attacks are always testing security defenses, including more sophisticated “phishing” schemes — taking advantage of human error or vulnerabilities by duping individuals into clicking a malicious link and thereby enabling ransomware to infect an organization.

Neil StobartNeil Stobart, Vice President of Global System Engineering, Cloudian

View LinkedIn Profile

In this recently published ITProPortal article, I discuss one of the biggest challenges in data protection and how to address it.

space


How data storage technology can overcome human vulnerabilities that open the door to ransomware

By Neil Stobart

data securityLet’s take a look at the importance of back-up protection in the era of ransomware.

Ransomware attacks dominated the cybersecurity landscape in 2020 and will remain a top threat in 2021, posing major challenges for both public and private institutions. The UK’s National Cyber Security Centre recently reported that it handled more than three times as many ransomware incidents as in the previous year. New variations of attacks are always testing security defenses, including more sophisticated “phishing” schemes — taking advantage of human error or vulnerabilities by duping individuals into clicking a malicious link and thereby enabling ransomware to infect an organization.

Phishing attacks have long been a major threat to all types of organizations, but these attacks have become more prevalent and successful due to the increase in remote working and learning caused by Covid-19. Phishing methods are also increasingly innovative, with new scams becoming more personalized and authentic-seeming. In addition, “do-it-yourself” phishing kits are now readily available on the dark web, and Ransomware-as-a-Service (RaaS) continues to grow. With barriers to entry now so low, as no special technical skills are required, it’s no surprise that more and more cybercriminals are going phishing. Some of these ransomware variants, such as Lockbit, are sold on underground forums, and their proprietors are even offering refunds if their wares don’t work as advertised.

So how do cybercriminals use human vulnerability to gain entry to an organization’s systems? In the case of universities, for example, they may have tens of thousands of students and faculty who require access, often from geographically dispersed areas. According to statistics provided by the Office of National Statistics (ONS), 65 percent of current UK university students reported having attended no in-person teaching. It only takes one of these users falling for a fake email for an attack to slip through the net. In addition to this, the vast amount of personal data that these institutions carry, from home addresses to detailed parental income statements, make them a tantalizing target for cybercriminals, who can monetize these by selling in bulk on the dark web. Though training can help protect against the dangers phishing brings, it may be too difficult to ensure that any cybersecurity training provided is fully implemented when thousands of users are involved.

WORM storage tech
Threat detection can be useful in preventing ransomware penetration, but threats and the signatures which identify them constantly evolve and become more sophisticated over time, making it hard for even the most advanced cybersecurity solutions to keep up completely. Backup is another useful tool; however, backups are not impervious to tampering. Many ransomware strains, such as the EKANS strain which has recently plagued manufacturers, go after organizations’ backups with the same voracity as primary data. This means that even if organizations have diligently kept up with their backups, these backups can still be encrypted, and the data held hostage by cybercriminals. This also means backups need the highest possible level of protection.

One of the best ways to safeguard data against ransomware attacks is WORM (Write Once, Read Many) storage technology. With WORM, data is locked from any further changes at the time of storing the data. A retention policy is set to determine for how long this data cannot be changed, and during this period it is not possible to change or delete the data. After the retention period ends, WORM protection is removed, and the data can be managed as normal. By making data immutable (unchangeable) and, therefore, tamper-proof, WORM eliminates the ability for ransomware to change data in place, rendering an attack useless.

WORM techniques have been around for a while, used predominantly with removable media such as tape and optical media (CD-ROM, DVD, etc.), and is often referred to as air-gapped storage. This term comes from there being physical space between the removable media storage and the computer systems that access data. This is considered the ultimate protection for data, but it has many disadvantages, such as operational management costs, inflexible access to data and slower data retrieval times. In modern 24\7 operations driven by efficiency and the need for immediate data access, removable media has become unpopular.

Phishing through admins
WORM on hard disk and flash drives has had a checkered past. Until the last few years, WORM was only adopted by organizations that needed compliance to demonstrate digital records being tamper-proof (finance and healthcare for example). The reasons it was limited to these organizations are that a) they were the only ones that had a need for this level of protection (pre-ransomware) and b) WORM implementation was not simple or cheap.

Initial implementations of WORM were only configurable either at an entire storage system level or across a whole file system. You had to be very sure that any data you wrote to these systems were intended to be unchanged and stored for a long time. In the event of any mistakes, you could not roll back, as is still the case. In addition, dedicating an entire storage system or file system to a specific WORM-required workload becomes expensive as this is storage that has a very limited use case.

The S3 Object Lock API provides a very elegant implementation of WORM that allows for granular WORM policies applied at the individual object level, eliminating the need to dedicate an entire storage system just to service WORM-required use cases. This works through a client-server communication between the application managing the data and the storage system. The application configures the data with a retention period as determined by defined data protection levels and updates the metadata for the object. Once the storage system receives the data object, reads the metadata concerning the Object Lock policy, the system stores the data with the protection policy applied. This data cannot be changed until the retention period expires.

It is also imperative to ensure that the data is protected from internal attacks such as a phishing attack with administrator credentials. The storage system must provide adequate protection to prevent any privileged user from circumventing the WORM process and deleting data through an admin backdoor. Systems with secure shell preventing root user access are key to ensuring complete tamper-proof functionality.

Filling the gaps
Protecting ever-changing data workloads such as databases and file shares with WORM would be prohibitively expensive as every time a file was changed, a new version would be saved, racking up storage costs very quickly. But protecting backup data is perfect. Once written, this data does not change and typically needs to be stored unchanged for a longer period. This way you manage to have an immutable copy of all your data without the negative impact. All the major backup software companies have S3 Object Lock support in their products today or certainly on their near-term roadmaps.

Object Lock makes WORM technology more accessible for institutions, which is particularly important for healthcare, local government, and education organizations with limited IT resources. In the event of a ransomware attack, they can quickly and easily restore a clean copy of their data and continue operations.

Cybercrime continues to evolve at a much faster pace than the technical knowledge and cyber hygiene of the average individual user. So, it’s simply unrealistic for modern institutions with thousands of stakeholders relying on their systems every day to expect perfect compliance with cybersecurity best practices. As a result, it’s up to the organization’s leadership to fill in the gaps with technologies such as WORM/Object Lock that provide the best defense for combatting ransomware.


To learn more about how Cloudian can help protect your data from ransomware attacks, go to Ransomware Backup Protection Solutions | Cloudian.

Cloud Providers leveraging Cloudian storage to expand

Rising Demand for Storage-based Cloud Services

With a growing demand for storage-based services, Cloud Service Providers are introducing a suite of new storage-based services built on S3-compatible storage from Cloudian to profitably expand their businesses and better serve customers.  These high-value services leverage the limitlessly scalable, feature-rich HyperStore object storage platform, and an extensive technology partner ecosystem.

Before taking a closer look at HyperStore for Cloud Providers, let’s set the context by understanding the overall market and trends.  According to IDC, the market demand for cloud storage services is forecasted to triple in size from $20 billion in 2019 to $60 billion in 2023.  That’s a remarkable 32% CAGR in just 4 years.

storage services revenue

The demand for these storage-based services is due in part to several notable trends:

1. Dramatic growth in data volume driving new storage capacity requirements, increasing from 33 Zettabytes in 2019 to a staggering 175ZB by 2025, according to IDC, a 61% CAGR.

2. Technical standardization on S3 API

  • S3 API is the de facto standard for cloud storage
  • Growing S3-compatible software ecosystem
  • Expanding use of S3-compatible applications

3. A growing mandate for a hybrid | multi-cloud model with public cloud and on-prem storage locations

Taken together, these trends are having a dramatic impact and challenging organizations in every industry to find a cost-effective way of storing and managing their data without sacrificing performance, security, or service delivery. Increasingly, they are turning to service providers for services that benefit from their scale, vertical specialization, multi-source flexibility, and regional diversification. These end-user organizations are in turn benefiting with increased agility, lower costs, and the ability to do more with their resources.

Getting Started with Cloudian HyperStore

As the industry’s leading S3-capable object storage, Cloudian HyperStore was designed from the start with Service Provider features including multi-tenant resource pooling with integrated management tools such as billing and quality of service controls. Cloud Service Providers using HyperStore have the ability to start small with just three nodes and then grow to meet their evolving capacity needs without interruption and to an exabyte of storage.

Whether using a single location or a geo-distributed deployment in multiple locations, Cloud Providers benefit from HyperStore’s architecture and built-in data protection configuration options to provision services that flexibly match the unique needs of their customers. A single storage pool across public cloud and on-prem storage locations provide unified visibility and management of data.  Security is another area where Cloudian provides unique value with support for S3 Object Lock for WORM storage as well as with enhanced security certifications such as SEC 17a-4(f), Common Criteria and FIPS 140-2 that help ensure compliance and protect against ransomware attacks.

New Cloud Services Opportunities

These and other factors are driving the surge of Cloud Provider interest to offer new Cloudian storage-based Cloud Services. Today, Cloud Providers are leveraging these capabilities and benefits to deliver a full portfolio of high-value services, each provisioned and managed with the Cloudian storage platform.  This includes VMware Cloud Providers who are taking advantage of the seamless HyperStore integration with VMware Cloud Director, enabling their services to be delivered with a single point of management, simplifying workflows, and minimizing costs.

Cloud Providers deploy HyperStore with Cloudian storage appliances or as software-defined storage with industry-standard x86 servers, benefiting from the compatibility, cost efficiency and application support needed to ensure a profitable business model.

Some of the principal HyperStore enabled Cloud Services include:

Storage-as-a-Service
S3-compatible storage capacity provided on a subscription basis to help end-users address their growing volumes of data.

Backup-as-a-Service
Backup of VMs, databases, and other application data with HyperStore as a backup target and integrated with backup platforms such as Commvault, Rubrik, Veritas, and Veeam.

Ransomware Protection as-a-Service
Addressing the urgent need to protect data from loss or malicious attacks with HyperStore and Veeam now supporting Object Lock, a data protection feature that enables immutable backup copies, unchangeable for a set period of time

Archive-as-a-Service
Long-term data repository leveraging HyperStore’s limitless scalability, security, and unmatched data durability.

Disaster Recovery-as-a-Service
Keeping customer data safe and available with one or more offsite copies to avoid the risks of business and organizational disruptions resulting from disasters.

Big Data-as-a-Service
Leveraging HyperStore rich metadata tagging to apply machine learning and analytics to large data sets, enabling new insights, discoveries, and operational efficiencies.

Compliance as-a-Service
Meeting regulatory and privacy needs with a secure, long term repository for healthcare, financial and other data.

Containers-as-a-Service
Enabling containers to be uploaded, organized, and managed within a secure and scalable repository

 


Read more about Cloudian here, or contact us for more information

YOU MAY ALSO BE INTERESTED IN:
Learn about Building a Profitable MSP Business Model for Backup and Storage-as-a-Service

View this panel session to learn how new technology from Cloudian, Veeam, and VMware to enable Ransomware Protection-as-a-Service 

Try Cloudian Free