Hopefully one of your honeypots simulates NetBackup. eg the Veritas (was Symantec) software
That should be reasonably easy to simulate, and (I'm guessing) Netbackup infrastructure would be significantly interesting to any hacker once they've popped an org.
To be frank I haven't heard of such scenarios from any direct sources. If you're thinking ransomware here then it's usually fairly automated and takes a shotgun approach for propagation, and trying to extend your breach to also manipulate any potential backup software would significantly increase the cost of the attack.
That being said - I could easily see this as a future trend (targeting backups) and it is not remotely a bad idea.
Ahhhh. Hadn't thought of the ransomware aspect at all, but it's a good point. ;)
With NetBackup (and probably other "Enterprise Backup" software too) the NetBackup master servers have ~root level access to pretty much every server in an Enterprise. Or at least, every server being backed up. Which is likely to be everything important. ;)
NetBackup master servers also have the capability to run commands (as root) remotely on systems-they-back-up, and have those commands not be logged by the auditing on the systems (or anywhere really).
To my mind, that seems like a handy thing for hackers to target. ;)
That should be reasonably easy to simulate, and (I'm guessing) Netbackup infrastructure would be significantly interesting to any hacker once they've popped an org.