Backdoor Programs

Objective

Download a legitimate program and add a backdoor to obtain remote access to a victim computer.

Discussion

This type of attack is how threat actors gain access to remote computers of users behind restrictive firewalls. Port 80, 8080, 443, etc. are usually allowed outbound to the internet. In many organizations, any port is allowed outbound. A threat actor can send an email attachment that contains a backdoor and work the way you will see it in this lab.

Also, when users download arbitrary programs from the internet, they could inadvertently inject malicious code into a computer that impacts the organization. Similarly, if a threat actor can gain access to a reputable website and their downloads, they could also inject a backdoor into the legit program and when someone downloads and executes it, it could allow threat actors to gain access into the organization. There have been many cases of this occurring. The most high-profile attack of this type was the Solarwinds attack. Threat actors gained access to the development environment of the Solarwinds source code. They injected a backdoor that was undetected for a significant amount of time. Solarwinds products are used by private industry, state and federal governments. The tool that was compromised is used to monitor network activity on a network such as computers which are up and running, the services running on the host, and other essential network functions. You can imagine the problem with this type of attack. The tool used to monitor networks was compromised and used in the healthcare, financial, military, federal, and state government levels. The attack allowed unrestricted access to computers because the Solarwinds monitoring tool is allowed unrestricted access to virtually every computer and device on a network.

##Questions

1. What did you like the most and least about this assignment?

Seeing the attack happen in real time and the attack being visualized on Eve's computer. I disliked that Eve had more of a role in the lab and Alice is mostly just waiting. 

2. What questions do you have?

How has this attack been used by threat actors? Is there a way for Eve to be undectable on Alice's computer?

3. How likely are you to rethink downloading arbitrary programs from the internet?

Yes, as a kid there was many times I would download software and apps from random places on the internet. Leading in quite a few viruses. Seeing how quick a attack can happen and the amount the attacker had access to was eye opening.