Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%.

The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses must be prepared to block more break-ins and implement strategies that keep attackers from coming back.

What is a backdoor, and how does it get unlocked?

A backdoor is an additional access route to a system or piece of software. Unlike more familiar front door routes, backdoors aren’t subject to typical security checks and screenings. Instead, these doors provide direct access for users who know where they are.

In practice, there are two common ways for backdoors to become unlocked. The first is by design. Software developers may intentionally add a backdoor for ease of access when it comes to feature testing and functional evaluation. These backdoors are legitimate parts of a software release, which means they won’t show up as a security concern. If backdoor code is left in place when software is shipped and installed, doors persist across all installed versions.

It’s also possible for attackers to leverage code vulnerabilities that haven’t been detected or patched to create their own persistent backdoors. In this case, these doors are virtually undetectable until attackers begin to move in earnest.

Where to look for backdoor building

There’s no single part of system infrastructure that lends itself to ideal backdoor building. There are, however, several common points of compromise that security teams should search for evidence of backdoor operations.

First up are operating systems. If attackers can gain (or create) access to key OS functions, they can disrupt every aspect of business operations. Communication systems are next. These could include video and audio conferencing tools, collaboration software that has access to a host of critical data, or even routers that connect office desktops to the interest. Routers are especially worrisome, given their tendency to use default login and password details for access.

Enterprises must also recognize the role of remote work in backdoor break-ins. Consider an employee that works from home part-time and connects to company servers using a VPN. Even if the staff member is diligent in using a secure and encrypted connection, the technologies in their home — such as internet routers and mobile devices — offer a potential pathway for attackers to build backdoors and then move laterally to more critical systems.

Read the Threat Index

Keys to the kingdom? Discovering doors on the dark web

For many attackers, discovering backdoors or building their own is both time-consuming and expensive.

To streamline the process of security compromise, these malicious actors are turning to the dark web. Offered anonymity by The Onion Router (TOR), skilled attackers and those looking to buy their way into backdoors find common ground. Attackers with backdoor access simply wait until demand spikes, then post their solutions for sale on dark web marketplaces. Not only do these attacks typically come with detailed instructions, but threat actors may also offer technical support for issues that arise.

Solutions such as IBM’s X-Force dark web analysis provide a way for businesses to discover if backdoor builds are available for sale online. By regularly scanning the dark web for this data, companies can proactively identify potential security issues before attackers take action.

Closing time: Tools of the trade

While regular searches of the dark web can help companies discover potential backdoor risks, this approach isn’t enough on its own. The reason is simple: Not all backdoors make their way onto illicit marketplaces.

In some cases, attackers looking for openings stumble across weaknesses or vulnerabilities that allow them to create backdoors, and rather than keeping them to sell, they simply exploit them in the moment. In others, malicious actors may simply hold on to backdoor data until they see an opportunity.

To address this variation in attack approaches, enterprises must take a multi-prong approach to backdoor defense. In practice, this means implementing solutions such as:

Strategic threat assessment

X-Force strategic threat assessment can help companies get ahead of attack efforts. Equipped with a better understanding of current threat landscapes along with likely threat vectors, organizations can focus their efforts on bolstering specific defenses that limit the risk of backdoors.

Penetration testing

Another key component in blocking backdoor break-ins is penetration testing. By partnering with experienced penetration testing teams, companies can discover where and how their networks are at risk — before attackers do it for them.

Zero trust access

Never trust; always verify. This is the central tenant of a zero trust approach. From user behavior analysis to multifactor authentication to secure single sign-on (SSO) and mobile device management (MDM), taking a zero trust approach limits the ability of attackers to compromise systems, even with the assistance of backdoors.

Managed detection and response (MDR)

Companies also need to consider what happens if attackers do get through the door. While the aim is to close and lock as many entrances as possible, no security approach is perfect. This means that eventually, cyber criminals will crack the code and crack open the door. Advanced MDR tools allow companies to improve incident response and reduce the time between attack detection and remediation.

The goal is to create a connected protective framework that is more than the sum of its parts. For example, while penetration testing can help identify potential backdoors and zero trust access can limit the number of potential users with access, solutions such as MDR shorten the time required for organizations to respond if incidents occur, in turn reducing total risk.

One step forward, two steps back(door)?

Backdoor attacks are both popular and problematic, given their ability to fly under the security radar. But it’s not all bad news. By understanding how and why backdoors open organizations to risk and implementing tools capable of closing the gap, businesses can better block backdoor break-ins.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today