An Unfortunate Reality for Virtualized Systems

According to Europol, the frequency of cyber-attacks has never been higher. Perhaps unsurprisingly, there has been a significant rise in the number of phishing mails containing the words corona or COVID-19 during the current pandemic.

One particularly nasty example we have seen is a spoof email purporting to come from the National Institute for Public Health, that claims to contain important information about the virus. However, when a worried recipient opens the attachment, not only will their computer become infected with ransomware, but their backup system could also be erased.

With unscrupulous criminals abusing the unrest that has arisen over the current pandemic, we are seeing more and more data recovery cases emerging where backup applications have been erased. Increasingly these are backup files of virtual machines (VMs).

This is perhaps not surprising. VMs provide a myriad of benefits to a modern organization. Today’s organizations are likely running multiple VMs on one physical server, rather than using the separate servers of old. After all, modern hypervisors make the configuring and maintaining of physical servers far less complicated.

However, although sometimes the data from backup files and storage systems can be saved post breach, it is often not clear just how long the cyber-criminal has had access to the system. As a result, should an organization rely on their last backup to restore their vital data? Probably not. So, what can be done?

The problem within

Let’s firstly look at other common causes of data loss on VMs. Our research shows that – in addition to ransomware – human error, hardware malfunction and RAID issues are all potential culprits. Unfortunately, simple human error continues to cause untold damage and data loss. This could include patches with programming errors from under pressure developers, updates without an offline backup, poorly planned implementation of new company-wide software, accidentally overwriting or formatting a storage medium, damage to the core database or integration problems between disparate systems.

The hardware problems faced by virtual systems are almost the same as a traditional physical system. The old adage of things perhaps not being built to last is unfortunately truer than many of us would like to believe. Think of faulty drives, faulty controllers, faulty server components and power problems.

The final potential culprit – RAID damage – is often a much bigger challenge for VMs because of the very nature of virtualisation. RAID controllers are responsible for assigning all information to the many disks available. However, if a RAID configuration becomes corrupt, files cannot be simply rebuilt. Rather, when that happens, the interconnectedness of multiple systems may lead to significant data loss and long downtime.

Keep it simple

Whether the cause of data loss comes from inside or outside the organization, the consequences are substantial and can lead to heavy fines from regulators as well as untold damage to goodwill. It is important that organizations recognize that virtualization and VMs are not flawless. The reality is that they can become defective just as quickly as other legacy storage options. Therefore, before creating a virtual environment for sensitive applications, think about which solution fits best.

It is best not to do this by combining separate virtualization solutions though. Doing so in the same environment can increase the risk of data loss exponentially. This is because adding too many layers of complexity can make the data recovery process time consuming for even a seasoned pro. Far better to keep your virtualization simple and stay with one solution within one environment.

Also, always back up and take snapshots of changes. Since advanced persistent threats (APTs) are showing up more and more, a good backup rotation scheme is vital. Make multiple backups and don't forget to save them to another physical location (whether that be a local server, hard drive or tape) or in the Cloud. It is important to provide an airgap so that a hacker cannot access the network during backup.

Finally, think carefully about the right backup software for your virtual environment so that it can support you in your endeavors. There are several backup software solutions on the market. Some can be used with both VMware and HyperV solutions. Probably the most important factor to consider, though, when choosing your backup software is how much time it takes to recover VMs should a breach or accident happen.

Swift accessibility

Although virtualization can undoubtedly save time and eliminate complexity for users, the unfortunate truth is that VM files can still be lost or damaged. Data loss is a reality today for anyone who manages virtual systems. It is, therefore, essential that you are fully aware of the ins and outs of your systems and have a specific plan on how to respond to an incident.

It should never be considered an if, but a when. What is important is how quickly repairs can be made so that business-critical data can be quickly accessed again.

What’s Hot on Infosecurity Magazine?