Skip to main content

When “Backups” Becomes Target of Cyber Attacks


Maintaining reliable and secure backups of data and systems is one of the most important functions of any organisational IT team, which also forms a critical component of an organisational IT disaster recovery and business continuity plan. Having reliable backups helps to ensure that a business can quickly recover and continue to operate in the event of any sort of disaster such as failure of active systems, cyber attack, human error or even natural disasters.

On an individual level, people make effort to backup their personal data in case of loss of a device and to be able to regain access to their important personal data. This is achieved by simply restoring data from backups on a new device which is usually a seamless process and gets the user up and running, eliminating the pain of loosing important data.

The question is what happens when these valuable “backup vaults” become the target for cybercriminals? Why do cybercriminals target backup systems/data, how can organisations and businesses stay ahead of the game? I have seen this trend in recent years and it does not seem to be going away soon, rather it is likely to get more widespread and sophisticated.

Why do Cybercriminals target “Backups”?

The answer is simple — this is because backups helps businesses to keep going in the event of a disaster such as a ransomware cyber-attack or even natural disasters that may take live systems/data offline. In their ruthless manner, cybercriminals target these critical backups as they consider it a way to bring organizations down to their knees and to increase likelihood of a ransom payment as data recovery becomes difficult for the victims.

Also, cybercriminals have over time observed that more attention is given to production systems in terms of adequate security controls, while the backups are somewhat given lesser attention. They have discovered that sufficient security controls are implemented on live systems and data while the backups do not receive similar treatment but are left more vulnerable to sophisticated attacks.

Incidents of Cyber Attacks on Backup Systems

Veeam Backup Infrastructure Attacks (Ongoing 2025): Veeam is widely used by organisations and businesses around the world as a cloud backup service for their IT infrastructure and data such as servers, databases and credentials. Recently, their systems have been identified as being actively targeted by cybercriminals who are attempting to harvest credentials

Spectra Logic (Dec 2025): Spectra-Logic which is a major force in backup solutions was targeted in a cyberattack, indicating direct attacks on backup infrastructures.

Askul (Oct 2025): A major Japanese retailer is still bouncing back after a cyberattack that disrupted its business, likely caused by ransomware hitting backup systems.

LastPass Data Breach (2022): One of the most recent incidents is the data breach involving one of the prominent tech companies that offers “password manager” service known as LastPass — as cybercriminals gained unauthorised access to its backup database. LastPass has a consumer user base of over 20 million and 100,000 businesses relying on its services — with such userbase, one would imagine it probably must be a target for cyber attacks!

The hacker was able to extract the contents of the backup database, which contained personal information of 1.6 million LastPass customers, including names, emails, phone numbers, and stored website URLs. However, no evidence that encrypted passwords and other credentials was decrypted by the hacker due to LastPass’s zero-knowledge encryption system.

The Way Forward

Organisations need to understand that the security of backup systems is as critical as that of primary production systems, and such should be treated equally — by applying technical and non-technical controls to both systems in active use and the backups.

The following are best practice recommended for organisations to consider

- Enable enhanced security measures such as Multi-Factor Authentication (MFA) especially for backup systems and third party vendor remote access.

- Third-party vulnerabilities are a common attack vector, so it is important to perform frequent vendor risk assessments.

- Test backup and disaster recovery plans regularly to ensure data can be restored effectively.

In summary, cybersecurity is everyone’s business! And the bottom line is that security isn’t just tech, but also more about staff awareness and building a culture of digital security mindset.

Labels:
Location: Aylesbury, UK

Comments

Post a Comment

Kindly drop you comments, love to hear from you. Thank you.

Popular posts from this blog

WhatsApp - How to Enable Two-Step Verification

Once again I bring to you online security tips; this time it is about the popularly used mobile messaging app  - WhatsApp.  Two-step verification ensures safety of the application and prevents intruders from taking over your account. Here are the steps to enable the two-step verification. Step 1: Open WhatsApp Settings. Step 2: Tap Account > Two-step verification. Step 3: Tap Enable. Step 4: Enter a six-digit PIN of your choice and confirm it. Step 5: Provide an email address you can access (Recommended) Step 6: Confirm the email address and tap Save or Done. You should see the final page as show below With this you have successfully enabled two-step verification on your WhatsApp account. Remember to keep your six-digit PIN safe and never disclose to anyone. Hackers can come by way of social engineering and trick you to release sensitive information like the six-digit PIN, beware of such. Thank you for reading and I hope you find this quite helpful. Stay safe!
1 comment
Read more

WHATSAPP: HOW TO BACKUP CHATS & MEDIA ON GOOGLE DRIVE

With Google Drive cloud storage service you can backup WhatsApp media which includes chats, photos, videos, audio and documents. It is goodbye to data loss! The importance of performing this backup is if you change or lose your device you can always retrieve all your previous media files with ease. Google has recently announced a new agreement with WhatsApp regarding backup of WhatsApp chats and media on Google Drive which will allow users have extra storage different from their normal Google Drive storage quota. The announcement reads; "Due to a new agreement between WhatsApp and Google, WhatsApp backups will no longer count against Google Drive storage quota. However, any WhatsApp backups that have not been updated in more than a year will automatically be removed from storage. This policy will go into effect for all users on November 12, 2018 though some users may see the quota benefits earlier. To avoid the loss of any backups, we recommend that people manually back up...
4 comments
Read more

INTERNET PENETRATION - Nigeria Top Three in Global Online Search

Over the years Internet penetration has greatly improved across the developing countries of the world especially Nigeria which now has over 92 million internet users. Finding information online has become a common practice as people comfortably search for information using web search engines, especially Google  and get relevant search results that answers their questions and further provides them insight to related articles, events, photos, news and even map locations. Thanks to Google Map Local Guides like myself who diligently contribute to improve the map by sharing knowledge of the local environment. The mobile internet revolution has made it possible for people even in the rural areas to have access to internet on their mobile devices. During my University days, precisely in the year 2008, I carried out a questionnaire research on the topic: "How Effectively Do You Utilize Your Mobile Phones For Internet Access", the responses were amazing as people were alrea...
3 comments
Read more