A Backdoor in the world of cybersecurity refers to the strategy used to get around normal security measures and gain privileged user access on a computer system, network, or software application. Backdoors are used by both authorized users, and unauthorized users (hackers and Nation States). The unauthorized users, if they discover this backdoor (or in some cases have it planted there to begin with), can steal sensitive data, install additional malware, and hijack devices. When backdoors are not already built into a device by the manufacturer, they are installed by cyber criminals through phishing or social engineering tactics which convince employees to download and install backdoor malware software onto their computer.
Backdoors can also be inserted by hardware manufacturers as a deliberate means of gaining access to their technology once deployed. This can be used benignly to assist customers who are locked out of devices or for troubleshooting software issues that arise. It can also be used maliciously by nation states. There are many articles below citing both CISCO (US Company) and Huawei (Chinese company) allegedly building backdoors into their hardware products.
Most troubling of all, recent disclosures by Edward Snowden revealed that the NSA may have built a backdoor into Elliptic Curve Cryptography essentially undermining the confidence and trust built into our encryption algorithms. These backdoors allegedly allowed the NSA to spy on encrypted communications around the world.
What does this mean for an SMB?
- Monitor network activity. There are often unusual data spikes when an attacker is gaining access to your system through a backdoor. A firewall can track the inbound and outbound activity on the applications installed on your devices.
- Install applications and plugins from a reputable source. Hackers will often hide backdoors within free applications or web browser plugins, so it is smart to ensure the installs are coming from a reputable source. An easy way to ensure employees aren’t accidentally installing malware is by limiting administrator rights.
- Use a password manager with complex 14+ character passwords or passphrases. Using weak and simple passwords can open an unintentional backdoor for attackers.
- Enable two-factor authentication wherever possible.
- Block all remote access into your network in your firewall if it is not needed.