Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Backup Poses Risk, SANS Warns

Users run the risk of losing critical data as hackers increasingly target weaknesses in backup and recovery applications, warns the SANS Institute.

The latest report from the cybersecurity think tank is based on research from the U.S. Computer Emergency Response Team (US-CERT), the U.S Department of Homeland Security, the British Governments National Infrastructure Coordination Center (NISCC), and Canada’s Cyber Incident Response Center. It cites backup and recovery as the soft underbelly of users’ security strategies.

No one, it appears, is safe. All operating systems running backup software are potentially vulnerable to exploitation, warns the Institute, with Microsoft Windows and Unix the most commonly affected operating systems.

In the worst-case scenario, the vulnerabilities could be exploited to attack systems running backup servers and clients. This opens up the possibility of an attacker gaining access to sensitive backed-up data.

A number of storage backup products have been affected by vulnerabilities, the Institute reports. These include Symantec’s NetBackup, Backup Exec, and Storage Exec offerings, as well as Computer Associates’ BrightStor ARCServe.

  • 1