Backdoor

Home / Resources / Cyber Attacks Database / 

Backdoor

Backdoor

 - Cyber Attack Explaination

Synopsis of a 

Backdoor

A backdoor is a malware type that negates normal authentication procedures to access a system.

Overview

A backdoor is a remote access method used by Advanced Persistent Threats and by malware that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.

Backdoor installation is achieved by taking advantage of vulnerable components in a web application. Once installed, detection is difficult as files tend to be highly obfuscated.

Webserver backdoors are used for a number of malicious activities, including:

  • Data theft
  • Website defacing
  • Server hijacking
  • The launching of distributed denial of service (DDoS) attacks
  • Infecting website visitors (watering hole attacks)
  • Advanced persistent threat (APT) assaults

Download the PDF:  
Short Video Explainer

What you need to know about 

Backdoor

A backdoor on a computer system is a method of bypassing normal authentication and gaining unauthorized access to a computer. Backdoors can be caused by a number of different factors, including:

  1. Malware: A malicious software, such as a virus, worm, or Trojan horse, can be designed to open a backdoor on a computer system and allow an attacker to gain unauthorized access.
  2. Unpatched vulnerabilities: A computer system that is not kept up to date with the latest security patches may have vulnerabilities that can be exploited to install a backdoor.
  3. Misconfigured systems: A computer system that is not configured properly can have security weaknesses that can be exploited to install a backdoor.
  4. Social engineering: An attacker can trick an unsuspecting user into installing a backdoor on their computer by disguising it as legitimate software or by convincing the user to run a malicious attachment or click on a malicious link.
  5. Supply Chain Attack: An attacker could use a vulnerability in the supply chain to install a backdoor on a computer before it is shipped to the end user.

It is important to keep computer systems updated with the latest security patches, to use anti-virus software, to be cautious when opening unknown files or links, and to use strong and unique credentials. Also, regular security audits and penetration testing can help identify and remediate backdoors in a computer system.

Once installed, backdoors are very hard to weed out. Traditionally, detection involves using software scanners to search for known malware signatures in a server file system. Backdoors can occasionally be detected through vulnerability scanning. This process is error prone, however. Backdoor shell files are almost always masked through the use of alias names and—more significantly—code obfuscation (sometimes even multiple layers of encryption).

Detection is further complicated since many applications are built on external frameworks that use third-party plugins; these are sometimes laden with vulnerabilities or built-in backdoors. Scanners that rely on heuristic and signature-based rules might not be able to detect hidden code in such frameworks.

Even if the malware is detected, typical mitigation methods (or even a system reinstallation) are unlikely to remove it from an application. This is particularly true for when they employ a persistent presence in re-writable memory.

The best detection method is through your Security Operations Center. They should be detecting the compromise and preventing it from occurring. Having a DNS service such as the Quad 9 project in place, or DNS Black Lists, will hinder a Backdoors ability to maintain persistence.

How to defend against it

The best method to defend against backdoors is regular scanning by a reputable endpoint protection solution on all devices.