Second survey of the platform statist, around 66% of organizations worldwide fell victim to ransomware attacks between March 2022 and March 2023, with many of these incidents involving DNS (domain name system) attacks. Whether overloading a DNS server or using it as an entry point for ransomware attacks, or even leading victims to access fake websites that appear legitimate, cybercriminals have several techniques at their disposal to exploit system weaknesses.
“We need to remember that the DNS was built primarily to respond correctly and efficiently to queries. By not questioning the intention of the information requested, it presents vulnerabilities that do not go unnoticed by cybercriminals”, explains Caio Sposito, country manager at Arcserve Brasil, the world's most experienced provider of immutable backup, recovery and storage solutions for unified data resilience. against ransomware and disasters.
“This picture of growing threats was the starting point for building the Zero Trust security approach. By following the principle of least privilege, the company grants users or systems only the minimum access necessary to perform specific tasks. In the context of backup systems, this ensures that only authorized personnel and processes have access to stored data, which reduces the risk of unauthorized access and data breaches”, details Caio Sposito.
The executive highlights the importance of the ability to recover data quickly and effectively when necessary. “The focus should not just be on making backups, but ensuring that the company can restore them to their original state. Customers often secure their environment, create multiple copies of their data, and store it in multiple locations, including the cloud. However, the true test for a robust backup plan is in the restoration process”, he warns.
Companies often fail to recover data not because of the backup itself, but because of outdated policies that miss critical data or fail to back up properly. “It’s crucial to stay up to date on the basics of data protection, especially in this context of constantly evolving threats like ransomware and DNS attacks. This strategy has proven effective with a considerable increase in the number of companies that, even without recovering 100% of their data, remain operational and can choose not to pay ransom to cybercriminals”, observes Caio Sposito.
