Identity-Based Attacks Are Now Targeting Backup Policies. New Anomaly Detection Feature from N-able Closes That Window

Key Terms

identity-driven cyberattacks technical

Identity-driven cyberattacks use stolen, guessed or forged login details — such as usernames, passwords or security tokens — to impersonate real people or accounts and gain unauthorized access to systems, data or money. Investors should care because these attacks can cause direct financial loss, regulatory penalties, operational disruption and reputational damage that often translate into sudden costs and share-price declines, like a burglar using a copied key to enter a business and steal value.

anomaly detection technical

Anomaly detection is software that looks for patterns or datapoints that don’t fit expected behavior, like a smoke detector spotting an unusual signal in a room. For investors it flags unexpected events — sudden trading spikes, accounting irregularities, unusual customer behavior or operational problems — providing early warning of risk or opportunity so decisions can be made before small problems become big losses.

ransomware technical

Ransomware is malicious software that locks or encrypts a company’s computer files and systems, then demands payment for their release — like a thief changing the locks on a business and asking for a ransom. It matters to investors because attacks can halt operations, trigger large cleanup costs, damage customer trust, lead to regulatory fines or legal claims, and reduce future revenue, all of which can hurt a company’s financial value.

honeypots technical

A honeypot is a deliberately placed fake computer system or file designed to lure and catch hackers by imitating real company resources; think of it as a decoy safe that looks valuable so thieves reveal themselves. For investors, honeypots matter because they can help detect breaches early, limit damage and show a company is actively managing cyber risk — all of which affect operational continuity, legal exposure and the firm's reputation.

indicators of compromise technical

Indicators of compromise are observable signs that a computer system or network has been breached or is under attack—unusual files, strange network traffic, unexpected account activity or other anomalies that act like footprints or fingerprints left by intruders. They matter to investors because these signs can reveal past or ongoing cyberattacks that may disrupt operations, harm reputation, trigger regulatory penalties, and reduce a company’s value, so detecting them affects risk assessment and portfolio decisions.

Latest feature detects anomalous behavior in backup environments, identifying credential-based threats before they become catastrophic breaches

BURLINGTON, Mass.--(BUSINESS WIRE)-- N-able, Inc. (NYSE: NABL), a global cybersecurity company delivering business resilience, today expanded its Anomaly Detection capabilities in Cove Data Protection to combat the surge in identity-driven cyberattacks targeting backup environments. The new functionality delivers real-time alerts when suspicious or unauthorized changes to backup policies are detected – giving customers an early warning system against the credential-based tactics attackers use to disable or corrupt backups before deploying ransomware.

Identity-based attacks have become a major driver of successful cyberattacks, with AI making these schemes even more convincing. With stolen or phished credentials, attackers can gain access to backup software and weaken backup policies. The 2025 Verizon Data Breach Investigations Report found that roughly 88% of basic web application breaches involved stolen credentials, making it clear how widespread this tactic has become. Once inside, attackers – and sometimes well-intentioned employees - can alter retention policies, exclude critical data from backups, and delete protected devices. These are subtle changes that can go unnoticed for weeks or even months before the attacker triggers the final ransomware event.

To give IT teams real-time visibility, Anomaly Detection introduces a vital layer of protection through event-based notifications that highlight these indicators of compromise. This capability notifies users of potential cyberattack signals or misconfigurations before they escalate, allowing organizations to take just-in-time action to safeguard their recovery posture and maintain data resilience. This new capability builds on last year’s Anomaly Detection feature, Honeypots, an always-on defense mechanism designed to detect brute-force attacks on backup infrastructure.

“It’s no longer just active systems under attack – backups are firmly in the crosshairs,” says Neil Douglas, CIO at Network ROI, a UK-based managed IT services provider. “If attackers gain access to the backup platform, they don’t always strike immediately. They can quietly manipulate backups, alter retention policies, or delete servers, then sit undetected for weeks (or even months). When they finally launch their attack, recovery can be impossible. In the past, we had no visibility into those subtle changes happening behind the scenes. Now, with real-time, event-based alerts for even the smallest alteration, we know the moment something suspicious occurs. That not only protects us from malicious actors but also guards against accidental misconfigurations. It’s a powerful step forward in strengthening our overall data resilience.”

“A new wave of threats is targeting businesses through stolen identities,” said Chris Groot, General Manager of Cove Data Protection. “Real-time alerts to backup policy changes give customers peace of mind by protecting them from risky changes that could affect recovery, whether that change was caused by attackers or employees. By catching these changes as they happen, organizations can stop identity-driven attacks and misconfigurations before recovery is compromised."

To learn more about how Anomaly Detection can strengthen your organization’s data resilience, visit our blog.

About N-able

N-able protects businesses from evolving cyberthreats. Our AI powered cybersecurity platform delivers business resilience to more than 500,000 organizations worldwide, leveraging advanced end-to-end capabilities, simplified workflows, market leading integrations, and flexible deployment options to improve efficiency and drive critical security outcomes. Our partner first approach pairs our technology with experts, training, and peer-led events that empower customers to be secure, resilient, and successful. n-able.com

© 2026 N-able Solutions ULC and N-able Technologies Ltd. All rights reserved.

The N-able trademarks, service marks, and logos are the exclusive property of N-able Solutions ULC and N-able Technologies Ltd. All other trademarks are the property of their respective owners.

Category: Product

View source version on businesswire.com: https://www.businesswire.com/news/home/20260226292060/en/

Karla Walls

Karla.walls@n-able.com

Source: N-able, Inc.