Ransomware attacks are more sophisticated than ever, targeting cloud-based workloads and posing significant risks to organizations. These cyberthreats can encrypt critical data, disrupt business operations, and demand hefty ransoms. Tactics such as double extortion and data theft amplify this potential damage, so a solid defense strategy is essential for safeguarding your cloud workloads.
Many ransomware attacks target backups to increase their chance of success in garnering a ransom payment. Protecting backups from malware is a crucial step toward safe recovery from a ransomware attack. Veeam malware detection tools use advanced methods that can scan for malicious files during backups, which allows you to have prompt responses to any ransomware incidents.
Importance of Cloud Workload Protection
Almost every company has workloads in the cloud. Statista states that 48% of respondents have data stored in the public cloud. This is because the cloud helps drive digital transformation and business growth.
However, protecting the cloud isn’t straightforward. With companies increasingly adopting multi- and hybrid cloud platforms, the potential attack surface is huge.
A key component of any defense strategy involves backing up cloud workloads and employing a solution that offers multi-layered protection.
In-line scanning capabilities by Veeam offers organizations real-time threat detection, malware protection, compliance adherence, and data loss prevention. By integrating Veeam’s ransomware backup capabilities into your cloud infrastructure, you enhance your backup resilience and raise your security posture, thus ensuring the safety and integrity of your cloud-based workloads. This enables businesses to operate confidently, since they can feel confident their critical data and operations are shielded from evolving cyberthreats.
Evolving Trends in Malware
Cybercriminals and state-sponsored bad actors increasingly use malware to steal information, extort companies, and harm critical systems. According to the Allianz Risk Barometer for 2024, 39% of large- and medium-sized companies consider cyber incidents, including cybercrime, ransomware, data breaches, and fines, to be their greatest business risk. Evolving trends include increased ransomware attacks, surges in data theft, backup targeting, and AI used for malicious attacks.
Ransomware Attacks Are Increasing
Although companies are fighting back against ransomware extortion, the number of victims continues to grow, particularly through the exploitation of zero-day and one-day vulnerabilities. According to Akamai, there was a 143% increase in ransomware attacks between the first quarters of 2022 and 2023. The World Economic Forum reports that ransomware gangs using Ransomware as a Service kits can mount attacks faster than ever, increasing the risk to smaller companies. Ransomware gangs typically use encryption techniques to encrypt customer data and extort payments from victims. Even after victims pay, they report that, on average, 43% of their encrypted data still isn’t recoverable.
Data Theft Is Surging
Criminal groups steal sensitive business and customer data from companies by using skimming tools. They then threaten to sell or release this data to the public unless the affected companies pay a ransom. While these techniques don’t necessarily destroy the organization’s data, criminals often threaten blackmail to extort money. Victims face the risk of reputational damage and severe fines from regulatory authorities. Other techniques involve stealing login credentials and credit card details to sell in underground forums.
Backups are Increasingly Targeted
Cybercriminals increasingly target backups for encryption. The Veeam 2024 Ransomware Report indicates that cybercriminals targeted backup repositories in 96% of reported attacks. It also notes that in 76% of these incidents, hackers successfully attacked at least a portion of a target’s backup repositories.
Threat Actors are Using AI
Criminals use large language models, such as ChatGPT and GitHub’s Copilot, to write malicious code and develop variants and strains of current ransomware. They also use artificial intelligence tools to create mass phishing attacks and support sophisticated voice cloning scams.
What Is Malware?
Malware is any malicious software developed by cybercriminals that harms or disrupts a host computer system. Some malware types include:
- Ransomware: Ransomware takes control of computer systems by locking users out or encrypting data to prevent access. Recovery of data involves paying a ransom. However, immutable backups do let administrators delete the ransomware and do a clean installation without paying a ransom.
- Spyware: This software is used to surreptitiously gather sensitive information and send it to a hacker. Data theft is commonly combined with a ransomware attack, where hackers threaten to release information to the public unless the victim pays the ransom.
- Viruses: Viruses are malicious programs that, once activated, perform a series of actions, such as corrupting an operating system, destroying files, or stealing information. Computer viruses are easily spread through data sharing in corporate systems, which results in infected machines. Often, the only solution is to disconnect and clean infected machines.
- Botnet: A botnet is malicious software code that lets an attacker control a group of computers without the owners’ knowledge. The attacker uses these computers to carry out malicious attacks, such as deploying distributed denial of service attacks, stealing personal data, and crypto-jacking computers for cryptocurrency mining.
Preventing Malware Attacks
An in-depth defense system is the most effective malware prevention strategy. This approach envisages using multiple protective layers to make it more difficult for hackers to successfully conduct a malware attack. Key steps in preventing malware attacks include hardening systems, adopting a zero-trust philosophy, providing employee education, and employing immutable backups.
Harden Systems
Strengthen your defenses by paying attention to your system design and layout to minimize vulnerabilities and configuration errors. Keep your network secure by applying software and security patches immediately and use virtual networks to segregate systems into logical domains to separate sensitive data and systems. You should also implement monitoring tools to automatically check for vulnerabilities and unusual network activity.
Implement a Zero-Trust Architecture
The concept behind zero trust is that anyone trying to access your system should never be automatically trusted. The core principles of zero trust include:
- Explicit verification: Use multiple methods to continuously verify users, including identity, location, device, and behavior.
- Least-privilege access: Limit user access to the application needed to perform their task and only for the task’s duration.
- Breach anticipation: Accept that breaches occur and focus on detecting intrusions before damage happens.
Educate Employees
Human error is responsible for most breaches. Hackers may use many methods, including phishing attacks, to trick employees into releasing sensitive information. Effective security awareness training helps employees understand cybercriminals’ techniques and the consequences of inadvertently leaking information.
Make Immutable Backups
When all else fails, you need secure and immutable backups. Immutable backups are locked and can’t be changed, so they’re secure against malicious encryption techniques. To prevent copying, backups should always be encrypted. It’s best to plan on having a minimum of three backup copies: Two should be on different media, and one should be kept off-site so you can still recover in the event of a major disaster. If it’s an option, Veeam also recommends that you air gap one backup copy, and validate one of your backups to ensure a rapid and smooth return to production.
What is Malware Detection?
Malware detection uses various techniques that work in several ways to identify and recognize malware. They recognize malicious software directly through its unique signature and indirectly by identifying effects such as abnormal behavior and unusual network traffic.
This form of software is known as a Security Information and Event Management (SIEM) system. SIEM uses the following techniques.
- Signature-based detection: This detection method is commonly used by antivirus software. It checks for suspicious activity by comparing endpoint traffic against known malware digital indicators that are stored in a threat database.
- Dynamic monitoring: Dynamic monitoring checks for mass file operations that are indicative of a malicious attack, such as unusual file deletions, file renaming, and other anomalous file changes.
- Machine learning: Using artificial intelligence algorithms, ML techniques can dynamically identify malware variants by analyzing system behavior to detect abnormal activity.
Safeguard Your Backups with Malware Detection by Veeam
Veeam’s malware detection capabilities are embedded in its Veeam Backup & Replication v12.1 and further enhanced in the 23H2 update of Veeam Data Platform. These features allow users to scan backup data for suspicious activity or infected objects by using built-in and third-party methods. They also facilitate scanning during the secure restoration process to verify no file changes or threats were discovered between the time backups were taken.
Veeam malware detection also provides daily activity reports and immediately notifies users of incidents so they can review them. It also marks restore points as clean or as infected if a detection occurred. Full access to this functionality is reserved for Veeam backup administrators.
Types of Veeam In-Line and Backup Scanning
Veeam malware detection software scans all files inline during backup processes and identifies and flags suspicious or infected files. It can also scan backup files and restore data. During this process, malware detection marks the restore points as either infected or clean. You can use Veeam’s built-in malware detection methods or third-party solutions.
File System Activity Analysis
During backup jobs, this feature scans guest indexing data to detect possible malware activity, such as malicious files and file extensions. It also checks for files that have been maliciously renamed and deleted and flags them as suspicious. Veeam automatically updates malware definitions daily at midnight. You may also add files and extensions known to be suspicious. This method scans file extensions, paths, and directories for known suspicious extensions based on over 4,000 indicators of compromise (IoCs). It can also detect zero-day attacks by identifying unusual file extensions that haven’t been seen before, even if they’re not listed in the XML file on the Veeam server.
Inline Entropy Analysis
Inline Entropy Analysis by Veeam checks the data stream during the backup process and searches for entropy changes in files. File entropy is a measure of the randomness of a file, with changes and increased levels of randomness indicating the files may be encrypted by ransomware. This analysis examines block-level binary data during backup transfers by looking for encrypted files and data anomalies. For example, if a server typically has 10% of its data encrypted and changes 50 – 60GB daily, but suddenly 20-30% of data is encrypted with changes of 90 – 100GB per day, it will trigger an alert for suspicious activity. Alerts are also generated if ransomware notes, bitcoin addresses, or other suspicious content are detected.
YARA Rules-Based Detection
Based on open-source software, YARA rules check for malware activity as specified by user-defined YARA rules. While they’re primarily employed during backup sessions, you can also use YARA rules during restore sessions. The software detects and marks objects as infected and finds the latest clean restore point. It scans for scripts, characteristics, patterns, and signatures that could indicate malicious software. This function lets you create or apply rules from external repositories, such as GitHub Yara Rules.
Antivirus Scan
Using the built-in or third-party definitions, the antivirus function scans all files during backup or restore sessions for viruses and marks suspicious objects as infected. By default, Veeam’s antivirus configuration file contains predefined settings for common antivirus software, including ESET, Symantec, Bitdefender, and Windows Defender. While you can also use any other antivirus software, it’s best to use only one type at a time to avoid conflicts.
Veeam SureBackup
Veeam SureBackup malware detection software can also be used to ensure backups are safe and functional. Working in an isolated virtual lab that mirrors the actual network, SureBackup creates virtual machines (VMs) and tests backups in an offline environment to identify potential recovery issues. With SureBackup, you can automatically verify backups and use these reports to demonstrate compliance with data protection rules.
Benefits of Veeam’s Malware Detection
Veeam’s proactive threat assessment tools identify threats before they disrupt your systems. These tools help organizations stay ahead of bad actors and ensure data resilience. By being prepared, you can minimize the impact of malicious attacks and recover quickly. Consider these benefits of Veeam malware detection:
- Proactive threat detection: By integrating advanced malware detection techniques, Veeam helps locate potential threats.
- Enhanced security posture: The combination of inline scans and YARA rules provides a strong mechanism to secure backups, making it harder for cybercriminals to exploit your data.
- Compliance and reporting: Veeam’s detailed logging and reporting features help organizations comply with regulatory requirements and maintain a clear audit trail of security events.
Setting Up In-Line Scanning for Cloud Workloads
To secure your cloud workloads with Veeam’s in-line scanning, follow these steps:
1. Create a Protection Group
Enter the credentials for your AWS or Azure account/subscription and select the region of the machines you want to protect. Make sure you choose cloud machines as the protection group type, which involves using specific agents for cloud workloads.
2. Select Machines
You can select machines individually or use tags to cover cloud workloads. For AWS, a role with specific permissions needs to be attached. Veeam can automatically create and assign these roles, which simplifies the process for organizations with numerous workloads.
A role with the following cloud permissions must be attached to the instances you want to protect in the case of AWS. Veeam can automatically create and assign those roles, thus simplifying the process for organizations with hundreds or thousands of workloads.
3. Enable Scanning Features
Enable both entropy and file system analysis in global settings. Once the backup job is created, in-line malware scanning occurs by default. Suspicious detections are shown in the job properties, inventory menu, and Syslog server if event forwarding is enabled.
Use Veeam Backup & Replication Today!
As ransomware threats increase in sophistication, organizations must stay proactive in protecting their cloud workloads. Malware protection by Veeam safeguards your workloads, and its in-line scanning capabilities offer real-time threat detection, malware signature recognition, behavior analysis, and automatic remediation. The ability to scan backups and use On-Demand Sandbox for SureBackup helps you ensure they’re safe, uninfected, and reliable.
By incorporating Veeam Backup & Replication into your data protection strategy, you can enhance the resilience of your cloud workloads, ensure business continuity, and safeguard your critical data assets. Don’t wait until it’s too late — implement proactive measures to defend your cloud environment today!
Learn how Veeam can help protect your multi-cloud Workloads here.
The post How Malware Protection by Veeam Safeguards Your Workloads from Threats appeared first on Veeam Software Official Blog.
from Veeam Software Official Blog https://ift.tt/BA7uWlw
Share this content: