Veritas™ REDLab Newsletters
Date | Newsletter Link | Summary |
September 2024 |
We conducted Play and Agenda ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".PLAY" by Play ransomware, resulting in the generation of a "Client Health anomaly" and ".OnHnnBvUej" by Agenda ransomware, the change of data deduplication rate is detected by the ML algorithm and generates an alert and it also starts an automatic malware scan of the backup image. |
|
August 2024 | REDLab-Newsletter-August-2024 |
We conducted Babuk and RansomEXX ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".__NIST_K571__" by Babuk ransomware, resulting in the generation of a "ransomware extension anomaly" and ".txd0t" by RansomEXX ransomware, the change of data deduplication rate is detected by the ML algorithm and generates an alert and it also starts an automatic malware scan of the backup image. In this edition, we would like to introduce a feature known as 'Anomaly configuration to enable automatic scanning' in NetBackup allows to trigger automatic malware scan for those anomalies that have high severity and based on the configuration file settings. Use the configuration file on the primary server to do the required settings. |
July 2024 | REDLab-Newsletter-July-2024 |
We conducted Blacksuit and CryptBB ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".BlackSuit" by Blacksuit ransomware, resulting in the generation of a "Client Health anomaly" and ".OKHkzrxNC" by CryptBB ransomware, the change of data deduplication rate is detected by the ML algorithm and generates an alert. In this edition, we would like to introduce a feature known as 'Malware scan before recovery' feature in NetBackup allows you to scan the supported backup images for malware before initiating data recovery. During recovery, if you start from a malware-affected backup image, a warning message appears, and you are prompted for a confirmation. This feature helps ensure that the recovered data is free from malware, enhancing security and reliability during the restoration process. |
June 2024 | REDLab-Newsletter-June-2024 |
We conducted BlackBasta and BlackCat ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".basta" by BlackBasta ransomware and ".uhwuvz" by BlackCat ransomware, , resulting in the generation of a "Client Health anomaly". In this edition, we would like to introduce a feature known as NetBackUp risk engine anomaly detection which detects certain system anomalies in a proactive manner and sends appropriate alerts, enabling corrective action to be taken before any security threats can impact your environment. |
May 2024 | REDLab-Newsletter-May-2024 |
We conducted 8Base and Medusa ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".8base" by 8Base ransomware and ".medusa" by Medusa ransomware, , resulting in the generation of a "Client Health anomaly". We have published script options for automating Malware scan host configuration and anyone can refer to the May 2024 newsletter for in-depth details. |
April 2024 | REDLab-Newsletter-April-2024 |
We conducted Trigona and Wannacry ransomware attacks on the NetBackup Client and data on NetBackup Client is encrypted. Filenames appended with the extension ".WNCRY" by Wannacry ransomware and "._locked" by Trigona ransomware, resulting in the generation of a Ransomware file extension-based anomaly detection. |
March 2024 | REDLab-Newsletter-March-2024 |
We conducted LostTrust and LeakDB ransomware attacks on the NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform. |
February 2024 | REDLab-Newsletter-February-2024 |
In this edition, we would like to introduce a feature known as Data-in-transit encryption(DTE). The security policies require the backup administrator to ensure that the channel on which NetBackup Clients send metadata and data to NetBackup Servers be secure. In NetBackup 10.0 and later, the data and metadata are encrypted over the wire. We conducted Lucky and MuskOff ransomware attacks on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. |
January 2024 | REDLab-Newsletter-January-2024 |
In this edition we would like to introduce a feature is Multi-factor Authentication which is a multiple-step account login process that requires you to enter a 6-digit one-time password along with your password. It is strongly recommended that you configure multi-factor authentication to protect the security of your account. We have carried out Faust and Mallox ransomware attack on NetBackup Client and Client Health anomaly was generated and it creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. |
December 2023 | REDLab-Newsletter-December-2023 |
In this edition we would like to introduce a feature which is Multi Person Authorization(MPA) NetBackup Security Administrator can configure multi-person authorization. It proactively protects NetBackup primary servers from an undesirable or a malicious act by ensuring that a second authorized user approves that action before it is allowed to take place. We have carried out BianLian and NoEscape Ransomware attack on NetBackup Client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client Health anomaly is detected. Once the anomaly is detected, the Client Health system anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. |
November 2023 | REDLab-Newsletter-November-2023 |
In this edition we would like to introduce a feature which is Anomaly Detection of ransomware file extension. During a backup operation NetBackup 10.3 check all file extensions, compares them with the ransomware extension list and generates an anomaly if there is a match. We have carried out Rhysida and Akira Ransomware attack on VMware infrastructure protected by NetBackup and post attack, a system anomaly of type ransomware file extension was generated. NetBackup rules engine is a new feature added in NetBackup 10.3 which is a rules-based engine that can trigger certain threshold-based detection use cases. The rule engine detects abnormal activities through NetBackup audit data. |
October 2023 | REDLab-Newsletter-October-2023 |
We have carried out Maze and Lockbit ransomware attack on a NetBackup client. Data on NetBackup Client is encrypted along with NetBackup configuration files and Client health anomaly is detected. Once the anomaly is detected, the Client Health anomaly creates a critical audit event that indicates failed communication with the NetBackup Client. This audit event generates an alert and reports the affected client name to NetBackup IT analytics or the SIEM/XDR platform. In this edition we would like to introduce a feature which is RBAC in NetBackup enhances security by ensuring that users have the appropriate level of access and control over backup and recovery operations. It helps prevent unauthorized access and minimizes the potential for errors or data breaches caused by users with overly broad permissions. |
August 2023 | REDLab-Newsletter-August-2023 |
In this edition we would like to introduce you to an Isolated Recovery Environment (IRE) We conducted Royal and Ryuk ransomware attack on NetBackup Client, resulting in the generation of a Client Health anomaly. This anomaly triggers a critical audit event indicating failed communication with the NetBackup Client. Consequently, this audit event generates an alert and reports the affected client's name to NetBackup IT analytics or the SIEM/XDR platform. |
June 2023 | REDLab-Newsletter-June-2023 |
NetBackup 10.2 introduced a new anomaly detection framework through which we delivered two new extensions, Image Expiry and Client Health Anomaly. Both of these utilize our machine learning engine to provide just-in-time detection capabilities keeping our customers one step ahead of the new cyber attacks. These extensions and any new ones will be available in a single package to simplify deployment and will receive regular updates. |