Are Criminals Entering Your Network Through a Backdoor in the Cloud?

Ubiquitous, destructive, and difficult to defend, backdoor attacks of cloud services constitute unique threats to enterprise networks — and they demand unique mitigation techniques to match.

Cybercriminals have been exploiting backdoor attacks to infiltrate enterprise networks for years, and IT pros have responded by deploying effective security systems across the board. But systems put in place to defend against threats to local on-premise networks don’t have the same capacity to defend an organization’s cloud assets.

With the rapid rise of cloud computing in the enterprise, hackers have been increasingly targeting cloud assets with backdoor attacks. A comprehensive understanding of cloud backdoors — what they are, the unique threats they pose, and sensible tactics for mitigating them — can help enterprises bolster network security and avoid costly consequences.


What Is a Backdoor?

A backdoor is an ancillary method of bypassing “front door” security mechanisms to access and seize control over a target resource like a network or computer. There are legitimate backdoors, like those installed by device manufacturers to recover passwords. More commonly, backdoors are used by hackers for illicit purposes like data exfiltration and malware, DDOS attacks, and so on.

Hackers can either exploit existing “legitimate” backdoors or install their own after an initial hack to enable concealed entry for future attacks. Backdoors represent one of the most common network security breaches currently in existence — according to Netskope Inc.’s February 2018 “Cloud Report,” they now account for more than a third of malware attacks.


The Unique Threat of Cloud Backdoors

Illicit backdoors are, by definition, secret: known to the hacker(s), unknown to the victim — unless and until the victim discovers and patches the security gap. And in general, detecting conventional backdoors is a tricky business.

Cloud backdoors, which facilitate remote access via cloud services like AWS or Dropbox, are even more difficult to detect. Intrusion detection techniques and security systems put in place to secure local networks will be ineffectual in combating suspicious behavior in the cloud, since operational control of cloud data systems falls to the third-party cloud services providers.

Even if organizations deploy robust security systems against their local networks, as long as they’re using SaaS applications like Salesforce, or hosting data remotely with IaaS providers like AWS, they have new attack vectors in the cloud for hackers to exploit. And as the rapid proliferation of cloud services in the enterprise continues to grow the value and number of cloud-based targets, hackers will divert more and more resources towards exploiting them.


Mitigating Backdoor Attacks

Securing organizational assets from the threat of backdoor attacks requires a dynamic approach, as well as a knowledgeable IT team committed to staying informed of developments in a constantly evolving field.

The first order of business is to secure local networks and devices with contextually appropriate anti-malware, SIEM, intrusion detection, exfiltration controls, behavioral and network monitoring, and basic firewalls. The rise of the BYOD era means that special attention must be paid to locking down the variety of access points your employees are using and securing unsecured devices.

Mitigating backdoor threats to IaaS (offsite) cloud servers demands the use of all the same traditional tools used to secure on-premise networks, except that these tools will need to be implemented through the cloud service provider. The degree of operational control you have will vary depending on which CSP you’re using.

Securing SaaS applications requires the implementation of third-party Cloud access security brokers — examples of which include Skyhigh Networks, CipherCloud and Symantec. The CASB operates between the end-user organization and the cloud service, running compliance, data security, threat protection, and data prevention to ensure the security of information moving up and down between local networks to the cloud. CASBs can provide full encryption, flag unauthorized or risky applications with auto-discovery, and control user access with tools like credential mapping and single-sign-on.


The Better Way to Protect Your Cloud

Enterprises concerned with the security of their networks or that are looking to take some of the load off of their in-house IT teams might consider partnering with a company like Turn-key Technologies (TTI). With three decades of experience and a multitude of industry certifications, TTI has the experience and know-how to secure enterprise networks and cloud services and avoid the costly consequences of backdoor attacks.

With managed services from TTI, enterprises have à la carte access to our network security expertise where and when it’s needed. We work hand-in-hand with enterprises of all sizes to build robust security systems and optimize networks for both speed and cost-efficiency.

By Craig Badrick


Sign up for the TTI Newsletter