When it comes to backdoor hacking, how secure is your system?
News of yet another security breach spread over the internet Monday morning. Researchers discovered that the Avast-owned security application CCleaner for Windows had been compromised by hackers who had installed a vulnerability in the malware removal tool. This vulnerability opened up millions of users to further malware downloads, including ransomware and keyloggers that could be used to hold data hostage or access sensitive information.
Since approximately August 15th, this threat has been spreading to 2.27 million computers via legitimate security software. The infected computers then send the computer's name, what software is installed and which processes are running to the hacker's server. Avast has already released an update to the CCleaner software that is meant to resolve the threat, but as cybercrime seems to be a growing threat, it leaves users, both corporate and individual, wondering if their systems are at risk.
The hackers in the CCleaner breach used a method known as backdoor hacking to gain access to millions of machines. In computing, a backdoor is an undocumented portal that allows administrators to access the system for troubleshooting or maintenance. But backdoors can also be created by hackers to gain illicit access to a server or individual computers. In the case of CCleaner, the hackers exploited backdoor access to spread malware.
Installing backdoor access to systems has been a hot debate in recent years, as some government agencies want the ability to circumvent encrypted protections and access systems and data for local or national security purposes. Software developers have been pushing back on this issue as a matter of privacy for their users. It's a battle that is likely to continue for some time as the questions of security vs. privacy, in light of the cyber warfare now taking place.
And while the debate over security and privacy is an important one, the question most companies are asking is, "Is my system safe from backdoor hacking?" To answer that, it's important to understand how hackers access your system and what you can do to guard against backdoor access.
In most cases, hackers access a backdoor by searching for network vulnerabilities such as unused accounts with easy to crack passwords. (As of 2016, the most common password was still 123456!) Once they've gained access, they change the password to something difficult to break and have open access to everything on the network. The hacker will then mask their activities by hiding files deep within the system directories,using inconspicuous file names to avoid detection. Exploiting system vulnerabilities is especially easy if the manufacturer's default passwords were still left on the network.
Because of the hidden nature of backdoor hacking, it can be difficult to protect your system from cyber criminals looking for a way in, but there are steps any business can take to help protect their data. The very first thing a network administrator should do is ensure that users are not falling back on bad password habits. The most commonly used passwords in 2016 were: 123456, 123456789, qwerty, 12345678, and 111111. The top 25 most commonly used passwords constituted 50% of the 10 million passwords analyzed in 2016. And any hacker would have no problem breaking into an account with such a simple password in seconds.
Once you've implemented secure passwords across your system it's critical to ensure that unused accounts are no longer active. As hackers often use these dormant accounts to gain initial access, you should remove these accounts as they create unnecessary vulnerabilities.
And, finally, it's important to have network administrators who will set up firewalls and monitoring to help prevent or detect unauthorized activity. A solid firewall that blocks entry points from all but authorized users will defend against the execution of a port binding backdoor attack while system monitoring allows network administrators to flag suspicious activity, stop the attack and mitigate any damage that may occur.
If the idea of protecting your systems and applications seems daunting to you, we understand. The good news is that you don't have to figure it all out for yourself. Spud Software is actively engaged in protecting our clients with system and application security solutions, and we'd love the opportunity to work with you. Give us a call or join us at our Lunch & Learn event on October 6th for more information on protecting your company and its data.