Backdoors Category: malware
The exploitation of backdoors is a technique used by malicious actors in order to gain unauthorized access while bypassing regular security measures. Due to this bypass, related incidents regularly remain unnoticed for a prolonged period of time. Regular pentests and active network monitoring aid in improving the chance of revealing illegitimate backdoors or errors in the source code.
Exploiting backdoors, also often referred to as trapdoors, is a technique to gain access to a computer or its data while bypassing regular authentication or encryption. Backdoors can either be implemented intendedly or unintentionally on a hardware-, Operating System- or an application level. A backdoor in itself is not malicious. Legitimate backdoors are mostly used by developers to quickly test changes or for debugging purposes.
Backdoors can be used by malicious actors who either detect existing ones or implement them through malware. This technique may allow attackers to:
- access data
- deface a website
- hijack servers
- achieve a DDoS attack
- proceed to waterhole attacks
- complete APT assaults
In 2014, hackers copied ‘premium’ paid services and add-ons on WordPress and provided these for free. Users installed these add ons and later on found out they contained backdoors, hidden links and spam. Through these techniques, hackers gave themselves Admin-rights to whole websites and servers:
• Telegram messenger
In February 2018, a zero-day vulnerability was discovered by a group of security researchers in the Windows app of Telegram, the Russian counterpart to WhatsApp. Through this zero-day, hackers were able to send a disguised executable, through which the attackers were able to install backdoors, accessing and copying the local cache of the victims in the process, or mine cryptocurrency.
- Trojan Backdoor
A Trojan Backdoor is a malware focused on endpoint systems. Once installed, the malware executes predetermined actions such as gathering keyloggers, responding to requests from a remote server as well as a large range of expandable actions.
It has been seen to connect to the different locations
• http://85.93.[REMOVED].70/matchSource: Symantec.com (2018)
Risks related to backdoors
Based on many practical examples concerning the exploitation of backdoors, attackers achieve one or more of the following actions:
- Data leak or loss
- Theft of Intellectual Property
- Interruption of business
- Reputational damage
- Loss of privacy
- Failure of systems
Backdoor intrusions are difficult to detect. Thus, RedSocks Security analysts advise their customers to follow this advice:
- Document legitimate backdoors and delete them before the release of a product;
- Pentest regularly to detect coding errors and potential vulnerabilities early on;
- Monitor diligently with strong threat intelligence to detect these intrusions, as they can
happen through legitimate applications.
The Malicious Threat Detector aids in active network monitoring. By analyzing the metadata of packages, uncommon or unusual traffic has a higher chance to be discovered, which could lead to an unpatched backdoor. Additionally, RedSocks has a team of highly experienced PenTesters, ready to inspect your network!
For more information contact our team at firstname.lastname@example.org