Risk management headache? Discerning eyes help you identify loopholes.
Backdoors are persistent and covert, bypassing authentication and encryption.
Execute code transfer file, injection program to attack.
Vulnerability patches are often upgraded, suspicious files are not received.
Real-time attention to new developments, quick to check the eye.
Back door
A backdoor is a way to bypass authentication or system encryption to gain access to a system. Sometimes developers build back doors into their programs, intentionally or not, for whatever reason, but if those back doors are discovered by others, it becomes a security risk that hackers can easily use as a vulnerability. Attackers, on the other hand, inject backdoors into vulnerable servers to execute attacks and upload malicious files, paving the way for further attacks.
Backdoor exploit security incident
On December 4, 2018, the Internet police brigade of a public security branch received a report. A company found that its internal computer had been executed dangerous orders, suspected to have been remotely controlled to grab computer data such as account passwords and a large number of sensitive information was sent back. The local Internet police immediately put the case on file for investigation. Through tracing analysis, the identification result was that the backdoor file had the function of controlling the computer, and the suspect had downloaded and run the script remotely through the backdoor to collect users' personal information. From January 4 to 5, 2019, the police arrested seven suspects, including Ma, Yang, Tan and Zhou.
In 2016, 80 webcams made by SONY were found to have "secret backdoors" that, once cracked, could be used by malware such as Mirai to take control of the device and launch a massive DDoS attack. The vulnerable cameras are all IP cameras from the Sony Professional Ipela Engine series. Stefan Viehbock of SEC Consult, an Austrian information security firm, discovered the backdoor in October and published a study. SONY officials have released firmware updates to fix the backdoor and thanked the SEC Consult.
The dangers of backdoor vulnerabilities
■ Attackers can use backdoors to execute code or upload files on infected servers
■ Steal data from internal databases or run encrypted malware by executing code or uploading files
...
Take CVE-2017-7923 vulnerability exploitation as an example
■ Vulnerability background
Since 2014, the IP camera products of a video surveillance manufacturer were revealed to have a backdoor. When the attacker constructed a request containing the field "auth=YWRtaW46MTEK", it would be identified as a special user by the background. The attacker may take advantage of the vulnerability to enhance the authority, obtain or modify the device information. The back door was found as early as March 5, 2017, March 14, 2017, the manufacturer official issued a security warning, May 5, 2017, the vulnerability was CVE included (CVE-2017-7923), (CVE-2017-7921), September 12, 2017 online published details of the vulnerability.
■ Use mode
The user name information for the response can be viewed by accessing the backdoor URL of the response.
■ Utilization process
1. Search in the search engine according to the relevant information, and download the corresponding utilization script.
2. Switch to the corresponding directory and run the corresponding code based on the device found on the Internet to obtain the user name and password of the camera.
Dipu Technology Solutions
1. Use the "Insight Security Detection Platform" of Deep Technology to detect whether there are backdoor vulnerabilities in the live network environment.
2. Use the "security risk control platform" of Deep Technology for continuous monitoring and closed-loop management of backdoor vulnerabilities.
3. The "security threat perception Big Data platform" of Deep Technology can be used for continuous monitoring of backdoor attacks.
4. Using DPtech IPS2000, WAF3000 security protection equipment can effectively protect the use of the back door attack.
Countermeasures for backdoor vulnerabilities
■ Periodically check vulnerabilities
■ Update patches issued by vendors
■ Use the virtual patch function of security protection devices such as IPS/WAF to manually repair the faults
■ Real-time monitoring of uploaded code for malicious content
