Skip to main content

When “Backups” Becomes Target of Cyber Attacks


Maintaining reliable and secure backups of data and systems is one of the most important functions of any organisational IT team, which also forms a critical component of an organisational IT disaster recovery and business continuity plan. Having reliable backups helps to ensure that a business can quickly recover and continue to operate in the event of any sort of disaster such as failure of active systems, cyber attack, human error or even natural disasters.

On an individual level, people make effort to backup their personal data in case of loss of a device and to be able to regain access to their important personal data. This is achieved by simply restoring data from backups on a new device which is usually a seamless process and gets the user up and running, eliminating the pain of loosing important data.

The question is what happens when these valuable “backup vaults” become the target for cybercriminals? Why do cybercriminals target backup systems/data, how can organisations and businesses stay ahead of the game? I have seen this trend in recent years and it does not seem to be going away soon, rather it is likely to get more widespread and sophisticated.

Why do Cybercriminals target “Backups”?

The answer is simple — this is because backups helps businesses to keep going in the event of a disaster such as a ransomware cyber-attack or even natural disasters that may take live systems/data offline. In their ruthless manner, cybercriminals target these critical backups as they consider it a way to bring organizations down to their knees and to increase likelihood of a ransom payment as data recovery becomes difficult for the victims.

Also, cybercriminals have over time observed that more attention is given to production systems in terms of adequate security controls, while the backups are somewhat given lesser attention. They have discovered that sufficient security controls are implemented on live systems and data while the backups do not receive similar treatment but are left more vulnerable to sophisticated attacks.

Incidents of Cyber Attacks on Backup Systems

Veeam Backup Infrastructure Attacks (Ongoing 2025): Veeam is widely used by organisations and businesses around the world as a cloud backup service for their IT infrastructure and data such as servers, databases and credentials. Recently, their systems have been identified as being actively targeted by cybercriminals who are attempting to harvest credentials

Spectra Logic (Dec 2025): Spectra-Logic which is a major force in backup solutions was targeted in a cyberattack, indicating direct attacks on backup infrastructures.

Askul (Oct 2025): A major Japanese retailer is still bouncing back after a cyberattack that disrupted its business, likely caused by ransomware hitting backup systems.

LastPass Data Breach (2022): One of the most recent incidents is the data breach involving one of the prominent tech companies that offers “password manager” service known as LastPass — as cybercriminals gained unauthorised access to its backup database. LastPass has a consumer user base of over 20 million and 100,000 businesses relying on its services — with such userbase, one would imagine it probably must be a target for cyber attacks!

The hacker was able to extract the contents of the backup database, which contained personal information of 1.6 million LastPass customers, including names, emails, phone numbers, and stored website URLs. However, no evidence that encrypted passwords and other credentials was decrypted by the hacker due to LastPass’s zero-knowledge encryption system.

The Way Forward

Organisations need to understand that the security of backup systems is as critical as that of primary production systems, and such should be treated equally — by applying technical and non-technical controls to both systems in active use and the backups.

The following are best practice recommended for organisations to consider

- Enable enhanced security measures such as Multi-Factor Authentication (MFA) especially for backup systems and third party vendor remote access.

- Third-party vulnerabilities are a common attack vector, so it is important to perform frequent vendor risk assessments.

- Test backup and disaster recovery plans regularly to ensure data can be restored effectively.

In summary, cybersecurity is everyone’s business! And the bottom line is that security isn’t just tech, but also more about staff awareness and building a culture of digital security mindset.

Labels:
Location: Aylesbury, UK

Comments

Post a Comment

Kindly drop you comments, love to hear from you. Thank you.

Popular posts from this blog

WhatsApp - How to Enable Two-Step Verification

Once again I bring to you online security tips; this time it is about the popularly used mobile messaging app  - WhatsApp.  Two-step verification ensures safety of the application and prevents intruders from taking over your account. Here are the steps to enable the two-step verification. Step 1: Open WhatsApp Settings. Step 2: Tap Account > Two-step verification. Step 3: Tap Enable. Step 4: Enter a six-digit PIN of your choice and confirm it. Step 5: Provide an email address you can access (Recommended) Step 6: Confirm the email address and tap Save or Done. You should see the final page as show below With this you have successfully enabled two-step verification on your WhatsApp account. Remember to keep your six-digit PIN safe and never disclose to anyone. Hackers can come by way of social engineering and trick you to release sensitive information like the six-digit PIN, beware of such. Thank you for reading and I hope you find this quite helpful. Stay safe!
1 comment
Read more

WHATSAPP: HOW TO BACKUP CHATS & MEDIA ON GOOGLE DRIVE

With Google Drive cloud storage service you can backup WhatsApp media which includes chats, photos, videos, audio and documents. It is goodbye to data loss! The importance of performing this backup is if you change or lose your device you can always retrieve all your previous media files with ease. Google has recently announced a new agreement with WhatsApp regarding backup of WhatsApp chats and media on Google Drive which will allow users have extra storage different from their normal Google Drive storage quota. The announcement reads; "Due to a new agreement between WhatsApp and Google, WhatsApp backups will no longer count against Google Drive storage quota. However, any WhatsApp backups that have not been updated in more than a year will automatically be removed from storage. This policy will go into effect for all users on November 12, 2018 though some users may see the quota benefits earlier. To avoid the loss of any backups, we recommend that people manually back up...
4 comments
Read more

The Importance of Cybersecurity Health Check for Small Businesses

   According to the International Labor Organization (ILO), small businesses have become the engine of economic growth and social development across all countries, accounting for a staggering 70% of employment worldwide . Obviously, these small businesses rely heavily on the internet and other online platforms and resources, which form integral components and enabling tools for their transactions. This has become even more prevalent since the pandemic period. Regarding online safety, it is estimated that over 40% of these small businesses have experienced a cyber attack. The type of cyber attacks that are more commonly aimed at small businesses include Social Engineering attacks like Email Phishing and telephone phishing otherwise known as "vishing"  There are a few factors that make small businesses to be vulnerable to attacks. Cyber criminals assume that small businesses have weaker security measures in places, ...
Post a Comment
Read more