Cybercrime: Hidden backdoors to enterprise data
How much of a risk do backdoors pose to corporate data? Davey Winder investigates...
Alex Raistrick, vice president for Western Europe at Palo Alto Networks, has spotted an attack vector where backdoors are being exploited, though.
"There is something of an intentional backdoor left open by mobile application developers," he says.
The most common backdoor threats to organisational data come not from any technology but from complacency on the part of the user.
"By installing software such as an SDK in the application itself, the app can reach out to the internet and pull the correct ad in order to get paid. But this embedded software then provides access to the application and the device itself."
Raistrick claims the research his company has undertaken has "identified several malicious APKs that were able to avoid all tested mobile antivirus solutions, so clearly there is effort being applied to backdoor attacks".
Catalin Cosoi, chief security strategist at Bitdefender, backs Sanabria's view that backdoors are a rare occurrence and Trojanised applications and documents are more commonly used to compromise data.
"Except in targeted attacks because hardware is much more diverse than software," Cosoi explains.
However, there is little the average enterprise can do to protect itself against its own hardware, but Cosoi suggests the following bullet points be absorbed:
- Make sure you understand what you are using and how.
- Remote control functionality exists in most networking equipment and in high-end enterprise PCs as well. This adds convenience, but also security risks. For example, the control interface for a router should never, ever be on the subnet it routes for.
- Diversify systems, compartmentalise data, and air-gap what needs to be air-gapped. Remember, you shouldn't be able to move data across an air-gap in a digital format.
- Encryption in transit is not just for Wi-Fi networks, and wired ones are not inherently more secure. A compromised router or a "pwn box" might be listening in, so don't make its job easier by forgoing SSL in the corporate intranet.
- Keep an accurate, up-to-date inventory. Vulnerabilities in hardware, as well as in software, are found all the time. It's not uncommon for a "forgotten" printer or router to be left un-patched for years.
Closing the backdoor
"The most common backdoor threats to organisational data come not from any technology but from complacency on the part of the user," insists Chris McIntosh, CEO at ViaSat UK, who cites the News of the World phone hacking scandal as an example.
This 'hacking' was largely possible because journalists and private detectives, if not the mobile phone owners themselves, knew you should change the default PIN code for remote voicemail.
Anyone with access to Google can quickly find these default codes, and the same is true of routers and networked hardware.
"Similarly, new devices on the network are often non-accredited meaning they may well contain a number of backdoor entry points that organisations are unaware of," says McIntosh.
Simply taking the time to review passwords and other security codes, or properly vet devices, can save a huge amount of hassle and make things a lot harder for attackers by locking some of the backdoors that would otherwise remain open.
It's not rocket science, as McIntosh reminds us, "make sure that people, process and technology work together in a three-tiered approach: don't allow either of those to become a weak point that renders the other two worthless."