Cam free backdoor

08-Jun-2020 07:50

For those organizations that don't use a CASB, other strategies can be useful.Keep in mind that, for a backdoor to be useful to an attacker, it must enable the attacker to command and control a targeted resource.To the extent that what they're looking to backdoor into is an entity on a network, the internal defense strategies in place already -- such as exfiltration controls, behavioral monitoring and antimalware -- can help to detect and prevent this.The broader concern would be access to those resources from devices that aren't directly managed by the organization, such as a personal or home device belonging to an employee.There have been a number of attempts over the years to establish a naming standard for the unambiguous identification of malware between researchers, but the reality is that there's so much malware out there and it evolves so quickly that adhering to a uniform standard for naming, taxonomy and classification is non-trivial.This, in turn, means that while general categories and families are agreed upon by the research community, how a particular researcher categorizes a given sample from among the various strains and variants out there is largely up to the researcher.These tools can help directly by finding and blocking malware, including backdoors.They can also help indirectly by monitoring cloud access and enforcing security policies in the cloud.

While that may be interesting as a barometer of cloud-intersecting attacker tradecraft, the more salient point for security practitioners in organizations that make extensive use of the cloud is the need to understand what exactly a cloud backdoor is -- and, more importantly, how a security team can detect and block it.

Because those devices could have access to corporate resources, having a plan to help mitigate this issue is also prudent.

The short answer is that organizations should evaluate, plan and defend against backdoors in the cloud the same way they would for internal threats.

As a general rule, backdoors are classified by what they are designed to do: to enable an attacker to control a victim resource -- such as a virtual or physical host or cloud resource.

So, a cloud backdoor is exactly what it sounds like: a channel that gives an attacker some level of command and control over an organizational resource.

While that may be interesting as a barometer of cloud-intersecting attacker tradecraft, the more salient point for security practitioners in organizations that make extensive use of the cloud is the need to understand what exactly a cloud backdoor is -- and, more importantly, how a security team can detect and block it.Because those devices could have access to corporate resources, having a plan to help mitigate this issue is also prudent.The short answer is that organizations should evaluate, plan and defend against backdoors in the cloud the same way they would for internal threats.As a general rule, backdoors are classified by what they are designed to do: to enable an attacker to control a victim resource -- such as a virtual or physical host or cloud resource.So, a cloud backdoor is exactly what it sounds like: a channel that gives an attacker some level of command and control over an organizational resource.How can an organization detect and prevent a cloud backdoor?