Protecting Your Company From Backdoor Attacks – What You Need to Know

Description
A rare example of a backdoor planted in a core industry security standard has recently come to light.

Please download to get full document.

View again

of 3
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information
Category:

Presentations

Publish on:

Views: 4 | Pages: 3

Extension: PDF | Download: 0

Share
Tags
Transcript
  ProtectingYourCompany from BackdoorAttacks – WhatYou Needto Know “We often get in quicker by the back door than the front” — Napoleon BonaparteA rare example of a backdoor planted in a core industry security standard has recentlycome to light. It is now widely believed that the NSA compromised trust in NIST’sencryption standard (called the Dual EC DRBG standard) by adding the ability for  NSA to decipher any encrypted communication over the Internet. This incident bringsto fore the question of how much trust is warranted in the technologies that enable business over the Internet today.There are only a few organizations in the world (all with 3 letter acronyms) that can pull off a fundamental backdoor coup such as this. More commonly entitiesundertaking backdoor attacks do not have that level of gravitas or such far reachingambitions – instead the majority of these entities tend to leverage backdoors toundertake cybercrime missions ranging from advanced persistent threats on specifictarget companies, to botnet and malware/adware networks for monetary gains. Inthese instances,  Cloud Security  services are a favorite vector for injecting backdoorsinto the enterprise. What can we really trust? In his 1984 Turing Award acceptance speech, Ken Thompson points out that trust isrelative in what is perhaps the first major paper on this topic titled Reflections onTrusting Trust which describes the threat of backdoor attacks. He describes a backdoor mechanism, which relies on the fact that people only review source(human-written) software, and not compiled machine code. A program called acompiler is used to create the latter from the former, and the compiler is usuallytrusted to do an honest job. However, as he demonstrated, this trust on the compiler todo an honest job can, and has, been abused. Inserting backdoors via compilers As an example, Sophos labs discovered a virus attack on Delphi in August 2009. The  W32/Induc-A virus infected the program compiler for Delphi, a Windows programming language. The virus introduced its own code to the compilation of newDelphi programs, allowing it to infect and propagate to many systems, without theknowledge of the software programmer. An attack that propagates by building its ownTrojan horse can be especially hard to discover. It is believed that the Induc-A virushad been propagating for at least a year before it was discovered.While backdoors in compilers are more frequent than backdoors in standards, they arenot as prevalent as backdoors in open-source software. Enterprises freely trust closed-and open-source software as evidenced by its extensive use today. In our experience,we have not come across any corporate enterprise that does not use (and hence trust)at least some open-source software today. The open-source conundrum The global software contributor base and publicly reviewable source code are bothhallmarks of an open-source ecosystem that actually provides transparency and valuefor free. Yet, these are the same characteristics that pose the biggest risk of backdoor exploits into enterprises by malicious actors intent on capturing competitiveadvantage. Unlike surpassing huge barriers in influencing (or writing) an industrystandard, open-source projects enable someone to choose any of the millions of open-source projects (> 300,000 hosted in SourceForge alone, at last count) inhundreds of mirror sites opening up a broad surface area of attack.One of the earliest known open-source backdoor attacks occurred in none less thanthe Linux kernel — exposed in November 2003. This example serves to show justhow subtle such a code change can be. In this case, a two-line change appeared to be atypographical error, but actually gave the caller to the sys_wait4 function root accessto the system. Hiding in plane sight Given the complexity of today’s software, it is possible for backdoors to hide in plainsight.More recently, there have been many backdoors exposed including an incident lastSeptember with an official mirror of SourceForge. In this attack, users were tricked  into downloading a compromised version of phpMyAdmin that contained a backdoor.The backdoor contained code that allowed remote attackers to take control of theunderlying server running the modified phpMyAdmin, which is a web-based tool for managing MySQL databases. In another case that came to light as recently as August,2013, a popular open-source ad software (OpenX) used by many Fortune 500companies including was determined to have a backdoor giving hackersadministrative control of the web server. Worse than the number of these backdoors isthe time elapsed between the planting of the backdoor and the actual discovery of the backdoor. These backdoors often go unnoticed for months. How to prevent backdoor attacks The reality in today’s enterprise is that software projects/products that have little or unknown trust are leveraged every day. We have found that many of these backdoorselude malware detection tools because there are no executables, Enterprises must nowlook for new ways to track the open-source projects that enter their enterprise fromexternal untrusted sources, such as open-source code repositories and must be able torapidly respond to any backdoors discovered in these projects. If not, these backdoorshave the potential to inflict serious and prolonged harm on the enterprise.
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x