- 1 Attack vector 1: backdoor.
Cybercrime is on the rise. Anyone is a potential victim. Many people are not yet victims of cybercrime because no one is yet interested in attacking them. In these articles, technical cybercrime terms are made simple.
Every criminal has a motive for the crime – is it money, revenge, or crime for hire or just a cybercriminal at work for a social cause or to make a point?
If you don’t have money or just have enough to live by, no one may be interested in compromising your on-line banking or hacking into your internet and mobile banking. The benefits of the crime may just not justify the crime in the first place.
Over 60% of nudity cases we have been involved, are linked to an ex making a point. It is the worst abuse of trust. During lovely moments, you get free and open to the extent of allowing your partner to take photos. If you suddenly change your interest and call-off the relationship, the other partner decides to post your nudes online. It is a form of revenge. The same applies to terminated employees or former suppliers who may have their contract terminated.
In these series, I will go deep to demonstrate common schemes hackers use to compromise your security.
Attack vector 1: backdoor.
It is a recommended best practice that when building, always leave a second gate into the building just for an emergency. And indeed, if you examine your office building plan now, you will notice the presence of the lift, the staircase, a main front door and gate and another door at the back of the building – the small gate. That is a backdoor. Rarely used but critical.
Consider an event to be attended by a big star or politician. Whereas everyone will be ushered in through the main gate and then the main door, most of the time, the stars or most senior politicians get ushered in through the backdoor. That way, no one ever checks them!
This is sensible and logical. The security for the event is meant to protect the big star or politician. So why take them through all the checks and balances! But keep in mind, the big star will bypass the security checks at the main gate with escorts and some few people in his or her entourage. And that is where the weakness of the backdoor manifests -letting the bad guy (pretending to be good) through the backdoor with the star.
In IT, backdoors are big things. Before I show you how hackers exploit them, let me explain how they come about.
It could be a programming error. Any code may have a glitch. It is like going to bed without having locked the house! And think about it, how many times have you driven out of your house, only to remember you could have forgotten to lock it! You write code and then leave a glitch that could be exploited whereby someone can log in to the system and effect changes. That is why every time you undertake a system upgrade; you must conduct a post-upgrade independent review. To make sure the vendor did not leave any ‘programming error’ in the code.
An additional username and password. Great cybersecurity experts are fantastic at coding and networking. Every developer knows that a super administrator “sa” user has unlimited system access. During development, someone privy to the ‘sa’ password could create an additional username and password in the system. And that becomes a backdoor. Many times, we have done vulnerability testing on production servers (a server in use to run day to day business), we find that the user table has so many users the database admin cannot explain, with access levels beyond what is provided for in the user matrix! That is system implementation for you. Who does an independent check on your system admins?
Insert a backdoor via spear phishing. Phishing is the process of sending you an email, a chat or message with a program that installs into your computer as you read the message. (Want a demo of this, contact us today.)
A backdoor makes it easy to access your computer system while bypassing your security measures – by physically being present in your server room or using a program that remotely controls your server. Like a burglar, a cybercriminal will always first study your movements (footprint and reconnaissance) before they launch an attack. It is during footprinting that they may discover a glitch with your system. Or they could have been your former vendors and deliberately left a ‘door’ for use later to gain access to your system.
Once a criminal gains access to your system, they gain total control – they can delete files, copy files, use webcam to take photos of you as you type on your computer, take screenshots of whatever is open on your computer, send emails to themselves from your computer and issue instructions as if it is you doing it. Think of a backdoor as someone who enters your house without notice, and then you go to work as they stay at your home all alone with access to everywhere. If you are a person who does not lock some rooms as you leave to work, you may find the house empty. You may lock the main gate and main door, but the criminal has access via the door at the back (backdoor.).
You don’t want to have a backdoor attack vector on your network since the attackers can continue stealing from you for a long period of time without your notice.
- Discourage the use of open source tools in your production environment. Any IT person or user intending to install a program must first seek approval from the CEO. Do not allow users to install any programs on their computers without monitoring.
- Provide clear terms of reference and scope of any vendor work on your system so that you constrain what they can do as well as create accountability for their actions. If the vendor or service provider wants access to update the system. Let them first do so on a sandbox, and thereafter on your production server. Have someone independent of the task to review the terms of reference or update details and check the system behavior before and after the upgrade. That way, everyone is on alert.
- Keep your systems up-to-date.
- And practice general cyber hygiene – staff awareness training, network segmentation, sys log capture and off-site backup to where IT even cannot access them! and of course on-going system checks for optimal performance. You must have real-time notifications to any unexpected changes on the production server.
In the next post, I will explore the buffer-overflow attack.
Copyright Mustapha B Mugisa, 2019. All rights reserved.