Absolutely.

I always say, minimum three copies of anything of value.

That's three copies excluding the "live" copy, and things like backups onto RAID arrays only count as one copy.

And yes, as Capn Bloggs says. One copy should really be in "offline" format, be it CD/DVD/Bluray, a drive that's disconnected when not in use, or backups to cloud services.

Probably not.

What I consider a connected drive (and I guess Capn Bloggs too), is a traditionally mounted device, i.e. one that appears as an additional volume on your computer (e.g. a drive letter on Windows).

In order to affect your cloud backups via a virus or suchlike, the attackers would first need to determine what cloud backup mechanism you are using and then either interface with that software or collect your credentials from that software. Not saying it could never happen, but....

For most people, the benefits the additional backup to cloud brings (i.e. offsite, managed storage platform etc) will probably outweigh any potential downside.

Some cloud services may offer versioning services, that might be worth looking out for.

Your thinking is correct.

Enumerating mounted volumes is a straightforward task on any operating system, and then once enumerated you can use standard operating system commands to interact with the volumes.

So you've got two choices, either :

(a) As you say, physically disconnect your drive each time (ejecting only unmounts the drive, you can still enumerate unmounted drives and re-mount them).

(b) Get a few more drives and look into a rotation scheme (e.g. GFS - Grandfather Father Son - or Tower of Hanoi). Using a rotation scheme means you have a historical timeline over a given period of time, and therefore it does not matter whether you leave a drive connected and mounted, because you can always drop back to another point on the rotation timeline.