#AntiBackupDay: let’s rise up against the automatic backup

Mar 29, 2018

March 31 is World Backup Day, which is designed to raise awareness about backups and data-preservation. While we applaud this initiative, we are shamelessly hijacking this day to highlight an issue that we are increasingly concerned about: unprotected automatic backups. (Sorry, World Backup Day, we owe you a beer). 

On the whole, we are huge fans of backups. Backing up your files is a responsible and sensible way of ensuring business continuity in the event of a loss or failure. We aren’t even 100% against automatic backups. It’s just that we have seen what can go wrong when they aren’t properly configured, and we don’t want this to happen to you. 

Don’t let the automatic backup show you who’s boss


The problem with automatic backups is that it’s easy to lose track of what is being backed-up, and where it is being saved. Or even that you are creating a duplicate of a file in the first place! It’s one thing to keep a copy of a file in case the original version is somehow compromised, but this doesn’t mean that you want to share it with everyone. Many connected storage devices are unprotected by default. A common scenario is a person saving a copy of their passport - or else the dreaded Word doc of passwords - onto their PC, only for it to end up on an open NAS drive following an automated backup. 

Just as worrisome is the supplier or contractor working on your account from their home office, who is about to upload your warehouse blueprints or NDA contract onto their cloud storage via - yep, you guessed it - automatic backup. In addition to the traditional settings of data leaks, such as the Deep and Dark webs, CybelAngel is also scanning Connected Storage. We do this because we know that threat actors are already searching NAS drives, cloud storage, and databases to weaponize their attacks. 

We have found many sensitive documents (Blueprints, NDAs, PII) on unprotected Connected Storage. In some cases we have also witnessed such documents being traded on the Dark Web, covered in articles by investigative journalists, or used to plan cyber attacks. In many cases, these documents end up exposed on Connected Storage as the result of automatic backups. For the purposes of this post, we recently conducted a quick scan of Connected Storage for open documents with “Backup” in the filename. This is by no means exhaustive but we already found 175 million unprotected documents*. It is difficult to know exactly how many of these are the product of automatic backups, but we can be sure that at least 2 million of them were**. Either way, it is clear that we need to be careful when it comes to backing up. 

Be secure when you backup 

We are advocates of secure backups. Backing up your files is the way to go, and automatic backups present an efficient way of carrying this out. But don’t let the automatic backup show you who’s boss - take the time to understand what is being backed up and where it is being saved, and above all make sure that the backup is secure. 

*over the month of March  2018

**due to the protocol on which they were found