Backdoor
Backdoor, backdoor (from the English back door, back door) is a program or set of programs that an attacker (hacker) installs on a computer he hacked after gaining initial access in order to re-gain access to the system. When connected, it provides any access to the system (as a rule, it is a command interpreter: in GNU/Linux - Bash, in Microsoft Windows NT - cmd). Backdoor is a particularly important component of the rootkit.
There are two types of shell access grant: BindShell and Back Connect:
- BindShell is the most common, it works on a client-server architecture, that is, the backdoor is waiting for a connection.
- "Back Connect" - used to bypass firewalls, the backdoor itself tries to connect to the hacker's computer.
Known backdoors are entered into the databases of antivirus systems. High-end hackers use hand-written or modified backdoors and rootkits, making them difficult to detect and remove.
2024: Millions of D-Link routers from the plant received bookmarks that can remotely capture devices
In mid-June 2024, it became known that a number of models of D-Link wireless routers have bookmarks that allow attackers to seize control of devices. The problem could potentially affect millions of routers. Read more here.
2023: Factory-installed viruses found in Chinese TVs
On October 4, 2023, Human Security announced the identification of a large-scale cybercriminal campaign called Badbox, emanating from. China Through Internet sells various devices under control, the Android firmware of which initially contains malicious code. As a result, users, unaware of this, can be involved in activities. botnet
As the investigation showed, the malware is integrated into inexpensive Chinese set-top boxes, TVs and mobile gadgets. The malicious code is based on the Triada Trojan, which was discovered in 2016. This is a modular virus that uses superuser rights and other mechanisms to maximize the concealment of its presence in the system. The Trojan modifies the Zygote Android process, which is used as a kind of basis for any other application: as a result, the malware becomes part of every program installed on the device. Plus, the virus can replace system functions and uses it to hide its modules in the list of running processes and installed applications. Therefore, the victim does not notice at all that his device is infected.
Human Security reports that after turning on an infected gadget or TV and connecting it to the network, malware can be used to steal personal data, launch hidden bots, steal one-time passwords, and organize unique fraud schemes. In addition, the malware connects to the command server and loads a number of additional components, one of which is the Peachpit advertising tool. Attackers use ad fraud as a way to fund their illegal activities.
A study by Human Security says thousands of infected devices are being used around the world as part of the Badbox campaign. In addition to advertising, cybercriminals have many other revenue opportunities. Moreover, in many cases, damage is detected only when it becomes too late.[1]
2022: Bookmarks in software and equipment on the darknet have risen in price to $10 thousand.
On February 22, 2023, IBM published a report analyzing the global information security industry. It is said that bookmarks in software and hardware on the darknet have risen in price to $10 thousand.
Experts recorded a decrease in the share of ransomware in the total volume of cyber incidents by 4% in 2022 compared to 2021. It is said that protective equipment has become more effective in resisting malware of this type. According to the report, the introduction of backdoors that provide remote access to systems became the main practice of attackers in 2022. Moreover, about 67% of these cases are associated with attempts to distribute ransomware: security tools were able to identify the backdoor before the ransomware entered the IT infrastructure.
The most common target of cyberattacks in 2022 was extortion, which was achieved not only through appropriate programs, but also through compromising corporate email. Europe accounted for approximately 44% of all cases of extortion - attackers sought to exploit geopolitical tensions. In 2022, the number of information interceptions increased significantly when cybercriminals used compromised accounts to falsify answers and conduct false correspondence on behalf of the account owner.
Outdated exploits continue to be used. The share of known malware in relation to vulnerabilities decreased by 10% from 2018 to 2022 due to the fact that the number of holes in software reached a new record level in 2022. The findings show that old exploits allow years-old malware such as WannaCry and Conficker to continue to exist and spread. The number of cybercriminals targeting credit card information fell by 52% over the year: this indicates that attackers prioritize personal information such as names, emails and home addresses that can be sold at a higher price on the dark web.[2]
2021: Bookmarks found in 80% of push-button phones in Russia
On September 2, 2021, it became known that push-button phones from Russian manufacturers contain undeclared functions. We are talking about the so-called "bookmarks" in the firmware, which allow, for example, to send SMS to paid numbers, intercept incoming messages and access the Internet without the user's knowledge.
According to Kommersant, backdoors contain 80% of devices. Thus, the SF63 model of the Russian brand Irbis can use phone numbers to register third parties in online services.
The Dexp model SD2810 the DNS store chain sends SMS to paid shortcodes. F + devices automatically and unnoticed by the user send messages to a specific number with information about the device number and SIM card. The F-Plus Mobile company told the publication that if they receive "user requests about any bugs, they fix them in the following firmware."
According to Kaspersky Lab, almost every vendor equips their phones with at least the function of secretly sending registration data. What proportion of devices send paid SMS, the company did not report.
The story is most likely massive. Because in Russia or any other country where the share of push-button phones is significant, such a scheme will be effective, "Viktor Chebyshev, a researcher of mobile threats at Kaspersky Lab, told Izvestia. |
Devices are assembled in, and China manufacturers do not always monitor final products for such vulnerabilities, so it is easy for scammers to agree on modifying phones from the lower price segment at the assembly stage, the head of the department notes. cyber security SearchInform Aleksei Drozd According to him, in order to combat undeclared capabilities, customers need to strengthen control over the final products, and manufacturers need to release a firmware update.[3][4]
Notes
- ↑ BADBOX, PEACHPIT, and the Fraudulent Device in Your Delivery Box
- ↑ IBM Report: Ransomware Persisted Despite Improved Detection in 2022
- ↑ The function of hidden sending of paid SMS was found in push-button phones. Bookmarks
- ↑ were arranged on the tubes. Undeclared functions found in push-button phones