Users run the risk of losing critical data as hackers increasingly target weaknesses in backup and recovery applications, warns the SANS Institute.
The latest report from the cybersecurity think tank is based on research from the U.S. Computer Emergency Response Team (US-CERT), the U.S Department of Homeland Security, the British Governments National Infrastructure Coordination Center (NISCC), and Canadas Cyber Incident Response Center. It cites backup and recovery as the soft underbelly of users security strategies.
No one, it appears, is safe. All operating systems running backup software are potentially vulnerable to exploitation, warns the Institute, with Microsoft Windows and Unix the most commonly affected operating systems.
In the worst-case scenario, the vulnerabilities could be exploited to attack systems running backup servers and clients. This opens up the possibility of an attacker gaining access to sensitive backed-up data.
A number of storage backup products have been affected by vulnerabilities, the Institute reports. These include Symantecs NetBackup, Backup Exec, and Storage Exec offerings, as well as Computer Associates BrightStor ARCServe.