Services: Backdoor Test
Goal
Successful attack by infecting the target environment with a customized Trojan horse (backdoor) in order to determine exploitable holes in the current security system.
Initial Situation
Based on voluntarily provided basic data (such as network diagrams, IT policies) a custom-made Trojan horse is developed. This Trojan is tailored to attack the specific characteristics of the target environment.
Approach
- Preparation: The target environment is examined in order to develop a customized attack scenario.
- Development: A Trojan horse is programmed specifically for the customer.
- Infection: The target environment or a specific target system is infected with the Trojan horse (e.g. social engineering, drive-by infection, exploits of a file vulnerability)
- Remote control: After successful infection, the remote control is activated in order to demonstrate feasibility and possibilities.
Result
This type of backdoor inside/out test is very individualized. The preparations (development of the backdoor) as well as the attack itself (infection and remote control) are documented primarily in plain language. The documentation shows step by step how the attack was carried out. The exploited weaknesses of the target (e.g. firewall tunneling, antivirus evasion etc.) and/or the involved staff (e.g. social engineering, phishing, etc.) are discussed extensively.
Pros and Cons
A targeted malware attack makes it possible to probe all layers of the layered security system, because the Trojan horse has to evade all security measures in order to prevail. All remaining weaknesses of the target environment become apparent through such a comprehensive test. This way, realistic strategic decisions about IT security can be made.
Reference Example
Backdoor Test Web 2.0 Trojan: Web 2.0 refers to a combination of dynamic techniques to expand static webpages. Ajax (Asynchronous Javascript and XML) is first and foremost used for dynamic data exchange. It had been suspected for a long time that Ajax can be used to develop Trojan horses for the attack and remote control of systems through the web. We created Xdoor™ (formerly Swarm) to demonstrate – for the first time in a test for an international financial institution – the effective risks of such attacks. The target system was successfully infiltrated by accessing an Xdoor page.
