Cybercrime: Hidden backdoors to enterprise data

How much of a risk do backdoors pose to corporate data? Davey Winder investigates...

Alex Raistrick, vice president for Western Europe at Palo Alto Networks, has spotted an attack vector where backdoors are being exploited, though.

"There is something of an intentional backdoor left open by mobile application developers," he says.

The most common backdoor threats to organisational data come not from any technology but from complacency on the part of the user.

"By installing software such as an SDK in the application itself, the app can reach out to the internet and pull the correct ad in order to get paid. But this embedded software then provides access to the application and the device itself."

Raistrick claims the research his company has undertaken has "identified several malicious APKs that were able to avoid all tested mobile antivirus solutions, so clearly there is effort being applied to backdoor attacks".

Catalin Cosoi, chief security strategist at Bitdefender, backs Sanabria's view that backdoors are a rare occurrence and Trojanised applications and documents are more commonly used to compromise data.  

"Except in targeted attacks because hardware is much more diverse than software," Cosoi explains.

However, there is little the average enterprise can do to protect itself against its own hardware, but Cosoi suggests the following bullet points be absorbed:

  • Make sure you understand what you are using and how.
  • Remote control functionality exists in most networking equipment and in high-end enterprise PCs as well. This adds convenience, but also security risks. For example, the control interface for a router should never, ever be on the subnet it routes for.
  • Diversify systems, compartmentalise data, and air-gap what needs to be air-gapped. Remember, you shouldn't be able to move data across an air-gap in a digital format.
  • Encryption in transit is not just for Wi-Fi networks, and wired ones are not inherently more secure. A compromised router or a "pwn box" might be listening in, so don't make its job easier by forgoing SSL in the corporate intranet.
  • Keep an accurate, up-to-date inventory. Vulnerabilities in hardware, as well as in software, are found all the time. It's not uncommon for a "forgotten" printer or router to be left un-patched for years.

Closing the backdoor

"The most common backdoor threats to organisational data come not from any technology but from complacency on the part of the user," insists Chris McIntosh, CEO at ViaSat UK, who cites the News of the World phone hacking scandal as an example.

This 'hacking' was largely possible because journalists and private detectives, if not the mobile phone owners themselves, knew you should change the default PIN code for remote voicemail.

Anyone with access to Google can quickly find these default codes, and the same is true of routers and networked hardware.

"Similarly, new devices on the network are often non-accredited meaning they may well contain a number of backdoor entry points that organisations are unaware of," says McIntosh.

Simply taking the time to review passwords and other security codes, or properly vet devices, can save a huge amount of hassle and make things a lot harder for attackers by locking some of the backdoors that would otherwise remain open.

It's not rocket science, as McIntosh reminds us, "make sure that people, process and technology work together in a three-tiered approach: don't allow either of those to become a weak point that renders the other two worthless."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021