Cybercrime: Hidden backdoors to enterprise data

Alex Raistrick, vice president for Western Europe at Palo Alto Networks, has spotted an attack vector where backdoors are being exploited, though.

"There is something of an intentional backdoor left open by mobile application developers," he says.

The most common backdoor threats to organisational data come not from any technology but from complacency on the part of the user.

"By installing software such as an SDK in the application itself, the app can reach out to the internet and pull the correct ad in order to get paid. But this embedded software then provides access to the application and the device itself."

Raistrick claims the research his company has undertaken has "identified several malicious APKs that were able to avoid all tested mobile antivirus solutions, so clearly there is effort being applied to backdoor attacks".

Catalin Cosoi, chief security strategist at Bitdefender, backs Sanabria's view that backdoors are a rare occurrence and Trojanised applications and documents are more commonly used to compromise data.

"Except in targeted attacks because hardware is much more diverse than software," Cosoi explains.

However, there is little the average enterprise can do to protect itself against its own hardware, but Cosoi suggests the following bullet points be absorbed:

  • Make sure you understand what you are using and how.
  • Remote control functionality exists in most networking equipment and in high-end enterprise PCs as well. This adds convenience, but also security risks. For example, the control interface for a router should never, ever be on the subnet it routes for.
  • Diversify systems, compartmentalise data, and air-gap what needs to be air-gapped. Remember, you shouldn't be able to move data across an air-gap in a digital format.
  • Encryption in transit is not just for Wi-Fi networks, and wired ones are not inherently more secure. A compromised router or a "pwn box" might be listening in, so don't make its job easier by forgoing SSL in the corporate intranet.
  • Keep an accurate, up-to-date inventory. Vulnerabilities in hardware, as well as in software, are found all the time. It's not uncommon for a "forgotten" printer or router to be left un-patched for years.

Closing the backdoor

"The most common backdoor threats to organisational data come not from any technology but from complacency on the part of the user," insists Chris McIntosh, CEO at ViaSat UK, who cites the News of the World phone hacking scandal as an example.

This 'hacking' was largely possible because journalists and private detectives, if not the mobile phone owners themselves, knew you should change the default PIN code for remote voicemail.

Anyone with access to Google can quickly find these default codes, and the same is true of routers and networked hardware.

"Similarly, new devices on the network are often non-accredited meaning they may well contain a number of backdoor entry points that organisations are unaware of," says McIntosh.

Simply taking the time to review passwords and other security codes, or properly vet devices, can save a huge amount of hassle and make things a lot harder for attackers by locking some of the backdoors that would otherwise remain open.

It's not rocket science, as McIntosh reminds us, "make sure that people, process and technology work together in a three-tiered approach: don't allow either of those to become a weak point that renders the other two worthless."

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.