• Unforeseen
    link
    English
    42
    edit-2
    1 year ago

    As someone who deals with this sort of thing, for ransomware and other destructive intrusions, the first thing they go for is the backups themselves.

    Companies that have an second backup copy that is seperate somehow so non-lateral movement isn’t possible are the ones that survive this level of breach.

    Or they could just be stupid (cheap) and didn’t have any lol

    • 50gp
      link
      fedilink
      131 year ago

      well they dealt in malware, perhaps they wanted the evidence to be easy to delete in case law enforcement decided to visit

      • @kautau
        link
        English
        51 year ago

        oh_shit_burn_it_all.sh

    • @[email protected]
      link
      fedilink
      English
      4
      edit-2
      1 year ago

      Often the server needs access to make backups, so when you get in and get root, you sometimes also have access to delete the backups.

      It depends on how it’s set up. If the server pushes the backups somewhere else and has write access, then the hacker can delete them. But if another account logs in to the server and makes a backup and downloads it, it’s impossible for the hacker to access the backup.

      Depends on if you planned for the scenario or not.

      • @[email protected]
        link
        fedilink
        English
        81 year ago

        Part of a good backup solution involves ensuring that it’s literally impossible for the “root” / “administrator” whatever user on the production system to delete the backups. For instance, were this AWS, it would be done by creating a separate AWS account and use IAM roles to provide access to a S3 bucket with the “DeleteObject” permission explicitly denied. Perhaps, even deny everything except something like PutObject, and ensure the target S3 bucket is versioned, so even overwriting the contents with garbage is recovered by restoring a previous version.

        But most businesses don’t think like that.

        • @[email protected]
          link
          fedilink
          English
          31 year ago

          Yup. I work as a devops guy with aws and that’s what I do. But I’ve seen a lot of enterprises having no clue about these things.

    • Nightwatch Admin
      link
      fedilink
      English
      31 year ago

      I go for stupid &cheap, most people think backups is when onedrive and Microsoft reinforces that insane idea with popups).