• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Backdoor attacks: How they work and how to protect against them

Backdoor attacks: How they work and how to protect against them

  • Posted on:January 7, 2015
  • Posted in:Current News, Industry News
  • Posted by:
    Trend Micro
0

In the today’s business environment, companies must do everything in their power to prevent network breaches. With attacks coming from nearly all sides, it can sometimes be difficult to ensure that every vector and point of entry is protected.

Recently, there has been an increase in backdoor attacks. Here, we’ll take a look at just what a backdoor attack entails, what makes them such a dangerous risk factor and how enterprises can protect themselves.

The basics of a backdoor attack
According to Trend Micro’s report, “Backdoor Use in Targeted Attacks,” applications that allow for remote access to computers – known as backdoors – are often used for targeted attacks. In these types of breaches, hackers leverage backdoor programs to access the victim’s network. The benefit of this attack vector is that the backdoor itself can help cybercriminals break into the infrastructure without being discovered.

“Often initially used in the second (point of entry) or third (command-and-control [C&C]) stage of the targeted attack process, backdoors enable threat actors to gain command and control of their target network,” report authors Dove Chiu. Shih-Hao Weng and Joseph Chiu wrote. “In fact, research reveals that many of the backdoors used in targeted attacks have been especially designed with the ability to bypass any kind of intrusion detection system (IDS).”

Intrusion strategies in backdoor attacks
Backdoors not only provide a disguised point of entry for hackers, but can also offer a number of strategies for intrusion. Trend Micro’s report noted that these include:

  • Port binding: Utilized before firewalls were commonplace, port binding involves specific information configurations to reveal where and how messages are transmitted and delivered within the network.
  • Connect-back: Once firewalls were put in place on many networks, hackers began using the connect-back approach, where backdoors are leveraged to connect the targeted systems to cybercriminals’ C&C server systems. This also allows for a reverse connection from the servers to the victim platform through ports not under firewall protection.
  • Connect availability use: This strategy involves the use of several malware samples to not only breach the network, but remain there undetected for long periods of time. This extends the window hackers have to steal sensitive data from the target. The first malware, or “first-line backdoor,” serves as a platform to download the second sample, the “second-line backdoor,” which performs the actual theft of information.
  • Legitimate platform abuse: The report noted that abusing legitimate platforms has become more common especially as hackers must now work harder to side-step security systems. Within this strategy, cybercriminals abuse a valid platform – like a blog, for example – and utilize it to for the storage of C&C server data.

These are just a few attack strategies that can be carried out with backdoors. Trend Micro noted that other approaches include common services protocol or file header abuse, protocol or port listening, custom DNS lookup use and port reuse.

In addition, Tripwire noted that software isn’t the only system that can have a backdoor. Hardware components including authentication tokens, network appliances, surveillance systems and certain communication infrastructure devices can also have malicious backdoors allow for cybercriminal intrusion.

How to protect against backdoor attacks
Cloud Security Alliance noted that because many backdoor attacks are known for being able to prevent detection by many discovery tools, protecting against them can be difficult. However, there are strategies that can be leveraged to help reduce the risk of a breach of this kind.

First and foremost, companies should have firewalls in place that can block entry points from all but authorized users. This is especially important as execution of a port binding backdoor attack is nearly impossible should a firewall be present.

In addition, Cloud Security Alliance encouraged robust network monitoring particularly of any open source-based programs.

“Unlike surpassing huge barriers in influencing (or writing) an industry standard, open-source projects enable someone to choose any of the missions of open-source projects in hundreds of mirroring sites opening up a broad surface of attack,” Cloud Security Alliance stated.

In this way, businesses should be choosy about the open-source applications they use and ensure that they come from a reputable source.

Network monitoring is also key when it comes to protection from backdoor attacks. Monitoring can help guarantee that any suspicious activity – such as information being gathered by a command and control server – is flagged with network administrators. IT staff can then react quickly to get to the root of the issue, stop the attack and mitigate any damage.

Another protection measure involves the use of an anti-malware solution. Trend Micro noted that because some backdoor attacks include the emulation of network traffic, the network activity therefore appears genuine and does not set off any alarms. However, an anti-malware system like Trend Micro OfficeScan is able to detect backdoors if this kind.

Backdoor attacks present a considerable threat to businesses, but understanding how they happen and how they can be prevented can go a long way toward better protection.

Related posts:

  1. Best security practices for preventing advanced persistent attacks
  2. Securing the work from home generation
  3. Netis Router Backdoor Update
  4. 3 overlooked endpoints for cyber attacks and how to protect them

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.