Wasabi Covert Copy Enhances Cloud Storage Security for CISOs

Executive Summary

In today’s rapidly evolving cyber threat landscape, ransomware and data manipulation attacks increasingly target cloud backup infrastructure as a critical failure point. Wasabi’s newly launched Covert Copy feature represents a significant advancement in cloud storage security. By creating a logically air-gapped and fully hidden replication of data buckets that cannot be accessed or deleted without multi-user approval, Covert Copy offers CISOs a robust method to protect critical backup data from ransomware and malicious deletion. This development aligns with increasing global security investments and the critical need for cyber resilient data protection strategies. Understanding and leveraging such innovative cloud defenses is vital for organizations to stay ahead in the ongoing cybersecurity race. This cybersecurity report highlights the strategic benefits Covert Copy brings to enterprise cloud resilience.

What Happened

Wasabi Technologies has enhanced its cloud storage platform by introducing Covert Copy, a patent-pending feature designed to protect stored data from ransomware and other cyberattacks. Covert Copy allows users to create a hidden and locked replica of specific storage buckets. These replicas are logically air-gapped, meaning they are isolated in a way that prevents visibility, access, modification, or deletion without explicit multi-user authentication. Unlike traditional air gap solutions, this approach ensures the copies remain completely undiscoverable to attackers. This hidden copy acts as a “last line of defense,” preserving critical backup data even if primary data becomes compromised. The solution requires only a few clicks for setup, eliminating complex management overhead. Additionally, Wasabi includes Covert Copy as part of its existing Hot Cloud Storage without charging egress fees, making it an accessible option for diverse industries, including healthcare and finance, that must comply with regulations like HIPAA, GDPR, and SEC requirements.

Why This Matters for CISOs

Cloud storage remains a prime target in the cyber threat landscape due to its centrality in enterprise data availability and recovery strategies. Attackers increasingly focus on backup systems, knowing that disrupting backups or deleting data can devastate business continuity. For CISOs, ensuring data immutability alone is no longer sufficient; attackers equipped with advanced ransomware variants seek ways to detect and sabotage even hardened copies. Wasabi’s Covert Copy addresses this challenge by providing truly hidden, immutable backup copies, thus advancing beyond traditional protections by keeping copies out of an attacker’s view. This reduces recovery time after attacks and lowers operational risk. Given rising regulatory scrutiny on data protection, enterprises gain compliance benefits using Covert Copy, notably those under frameworks like GDPR, HIPAA, and SEC. Simplified management and cost efficiencies from no egress fees also mean CISOs can implement stronger defenses without heavy resource drain, advancing overall cloud security threats readiness.

Threat & Risk Analysis

Attack vectors targeting cloud storage backups commonly include ransomware infiltration followed by encryption or deletion of primary data and backups. Wasabi’s Covert Copy mitigates these attack patterns by logically air-gapping data storage buckets and locking copies behind multi-user authentication workflows, effectively nullifying attacker attempts to discover or modify backup copies remotely. The hidden nature of these copies drastically reduces exposure scenarios centered on insider threats or advanced persistent threats who might otherwise access backup infrastructure to sabotage recovery efforts. From a supply chain perspective, organizations relying on third-party cloud services benefit from the added resilience layer that Covert Copy introduces without increasing complexity or reliance on brittle procedural controls.

Motivations for attackers revolve around maximizing operational disruption or increasing ransom leverage by denying the victim accessible backups. Covert Copy shifts this dynamic by making the attacker blind to highly available recovery options, thus decreasing the effectiveness of ransomware extortion tactics. Enterprises adopting Covert Copy could reduce downtime impact and accelerate recovery, preserving operational continuity and reputation.

From a threat intelligence report standpoint, this capability marks an important evolution in ransomware defense strategies, complementing existing controls like encryption, object locks, and multi-factor authorization. CISOs should assess the potential to integrate such features alongside comprehensive patch management and backup policies. For deeper strategy, see our insights on comprehensive patch management strategy and daily cyber threat briefings.

MITRE ATT&CK Mapping

• T1486 — Data Encrypted for Impact
  Covert Copy protects against ransomware encryption by hiding immutable data copies from attackers.
• T1489 — Service Stop
  Attackers aiming to disrupt backup services lose ground due to locked, hidden storage buckets.
• T1490 — Inhibit System Recovery
  The solution counters attempts to delete or alter backups, safeguarding recovery capabilities.
• T1087 — Account Discovery
  Multi-user authentication adds barriers to unauthorized access and discovery of protected copies.
• T1565 — Data Manipulation
  Hidden copies prevent attackers from tampering with critical backup data.
• T1216 — System Service Discovery
  Covert Copy’s hidden state avoids detection by attacker reconnaissance efforts.

Key Implications for Enterprise Security

• Hidden, locked backup copies reduce ransomware impact and recovery downtime.
• Multi-user authentication enforces separation of duties and reduces insider threat risk.
• Simplified setup reduces operational overhead and risk of misconfiguration common in cloud security.
• Compliance with data protection regulations is streamlined by implementing immutable, undiscoverable data copies.
• No egress fees removes financial disincentives to frequent data recovery testing.
• Applicability across regulated sectors enhances enterprise-grade cyber resilience posture.

Recommended Defenses & Actions

Immediate (0–24h)

• Evaluate existing backup strategies for gaps in ransomware-proofing and data immutability.
• Review access controls on current cloud storage to enforce multi-user approval workflows where available.
• Begin awareness sessions with disaster recovery and security teams on Covert Copy benefits.

Short Term (1–7 days)

• Pilot Covert Copy on critical storage buckets to validate ease of deployment and operational fit.
• Integrate multi-factor authentication enforcement and segregate duties for backup approval.
• Update incident response playbooks to include Covert Copy as a recovery asset.
• Coordinate with legal/compliance to align new backup protections with regulatory mandates.

Strategic (30 days)

• Incorporate Covert Copy into enterprise cyber resilience roadmap and cloud security frameworks.
• Conduct tabletop exercises simulating ransomware attack scenarios focusing on backup recovery using hidden copies.
• Assess cost-saving and efficiency benefits from removing egress fee concerns to scale backup strategies.
• Monitor threat intelligence for evolving ransomware tactics targeting backup storage and adapt defenses accordingly.

Conclusion

As ransomware and sophisticated cyber-attacks increasingly seek to cripple backup data, Wasabi’s Covert Copy offers a proactive layer of defense, ensuring critical data remains concealed and immutable. For CISOs leading digital resilience efforts, embracing such disruptive cloud security innovations enables organizations to reduce risk and regulatory exposure while streamlining disaster recovery. In this evolving cyber threat landscape, maintaining unassailable backup integrity via hidden, locked copies is a vital component of a mature cybersecurity report and an effective enterprise defense strategy.