Backdoor hacking has become a menace for the cybersecurity personnel of organizations big and small globally.
In the world of cybersecurity, a backdoor is defined as any kind of access that allows unauthorized user entry into our devices via hardware/firmware alterations or software corruption, using malware files, including spyware, rootkits, trojans, ransomware and so on.
In recent news, Chinese hackers used versions of a cross-platform instant messenger application known as “MiMi” to trojanize and thus deliver a new backdoor (called rshell) to be used for stealing data from Linux and macOS systems.
Using the backdoor method, hackers log onto our machines with many malevolent motives including surveillance, data theft, cryptojacking, sabotage and malware attacks.
Recent data on cybersecurity shows that the number of backdoor malware episodes detected in second quarter 2022 in the Middle East decreased by 35% compared to the previous quarter. According to the report, 443,408 cases were detected in April-June 2022. Despite the promising reduction, however, the number of backdoor detections remains high and poses a challenge for security operations in commercial and government organizations.
Well-hidden backdoor tactics such as SessionManager have targeted governments and NGOs around the world. SessionManager backdoor was set up as a malicious module within the Internet Information Services (IIS), a popular web server edited by Microsoft, the investigative findings reveal. Microsoft has warned of hackers increasingly embracing the use of IIS modules to gain a more efficient foothold within a victim’s IT estate. SessionManager enables a wide range of malicious activities from collecting emails to complete control over the victim’s IT infrastructure. First leveraged in March 2021, this backdoor intruder hit government institutions and NGOs in Africa, South Asia, Europe and the Middle East. Many of the targeted organizations still remain at risk, warn the experts
The report shows Bahrain and Oman were the only countries in the Middle East to see increases in backdoor detections from first quarter to second quarter. In Bahrain, the number of detected cases in Q2 increased from Q1 by 63% to 2,756 cases. In Oman, the increase amounted to 17% with the number of cases rising to 5,014.
The most significant decrease in backdoor detections from Q1 to Q2 among the Middle East countries happened in Qatar – by 53% down to 2,466 cases. In Egypt, the number of backdoor detections decreased to 212,011 or 47%. Kuwait and Saudi Arabia saw similar decreases in the share of backdoor detections in Q2 – by 22% to 4,240 cases and 169,373 cases, respectively. The United Arab Emirates saw a mild decrease in the number of backdoor detections to 47,548 (a 3% decrease).
Experts recommend the following strategies to protect organizations from backdoor attacks:
- Laser-focused attention by the defense strategy on detecting lateral movements and data exfiltration to the internet.
- Adopting the principle of least privilege as part of a zero trust model.
- Strict monitoring of outgoing traffic to detect cybercriminal connections; regularly backing up data while ensuring quick access to it during times of emergency.
- Using trusted anti-hacking solutions with an Endpoint Detection and Response (EDR) core that includes prevention, detection and response – elements critical for organizations of any size and type.
Other recent cybersecurity findings reveal that most of the infections for the attacks occurred through either an unpatched vulnerability -- Log4Shell, ProxyLogon, and ProxyShell, or poorly configured unsecured Remote Desktop Protocol (RDP) servers. In most cases involving multiple attackers, the victims failed to remediate the initial attack effectively, leaving the door open for future cybercriminal activity. In those instances, the same RDP misconfigurations, as well as applications like RDWeb or AnyDesk, became an easily exploitable pathway for follow-up attacks. In fact, exposed RDP and VPN servers are some of the most popular listings sold on the dark web.
The cybersecurity market size in the Middle East is expected to grow from $15.6 billion in 2020 to $29.9 billion by 2025, at a compound annual growth rate (CAGR) of 13.80%, as per latest market research.
Related: Cybersecurity – Day Zero and Beyond
Related: sirar by stc Recognized for its Major Contribution to the Cybersecurity Industry