Track Common Adversary Tasks Performed Using BACKSPACE
To know more about it, you can go through my detailed document by clicking here
Overview
BACKSPACE is a backdoor used by APT 30 since 2005 and targets companies as well as organizations of various fields active in the countries like India, South Korea, Malaysia, Vietnam, Thailand, Saudi Arabia, USA, etc.
How Does It Works?
This malware mainly targets Microsoft Windows Operating Systems and spreads via spear phishing emails containing malicious links/attachments. It can also infect the disconnected systems from the network and steal the sensitive information. BACKSPACE can also bypass host-based firewalls and uses a technique that helps the transfer of metadata to the attacker without garnering any attention.
Prevention
The following techniques may be of great help in the defense against BACKSPACE as well as the other similar threats:
- Identifying the digital shadow assets, along with the cloud hosts, with the help of Attack Surface Management solution.
- Always keeping track of the passwords conditions in your organization at all times (mainly under peak conditions).
- Taking quick actions on all the alerts provided by your Threat Intelligence or Digital Risk Protection platforms.
- Keeping track of all the potential weaknesses on your internet infrastructure such as expired domains, SSL certificates, or subdomains.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment