Source URL: https://www.theregister.com/2025/01/08/backdoored_backdoors/
Source: The Register
Title: Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed
Feedly Summary: Here’s what $20 gets you these days
More than 4,000 unique backdoors are using expired domains and/or abandoned infrastructure, and many of these expose government and academia-owned hosts – thus setting these hosts up for hijacking by criminals who likely have less altruistic intentions than the security researchers who uncovered the backdoors.…
AI Summary and Description: Yes
Summary: The text discusses findings by watchTowr Labs on the security risks associated with over 4,000 unique backdoors that utilize expired domains and abandoned infrastructure. These backdoors primarily impact government and educational institutions, which may be susceptible to hijacking by attackers leveraging existing vulnerabilities without needing to conduct extensive reconnaissance or compromise efforts themselves.
Detailed Description:
The report by watchTowr Labs reveals concerning security implications stemming from the misuse of expired domains and forgotten infrastructure, especially targeting sensitive institutions like government agencies and universities. Below are the significant points addressed in the text:
– **Discovery of Backdoors**: WatchTowr Labs identified more than 4,000 unique backdoors that were exploiting outdated domains and infrastructure, often linked to governmental and academic institutions, thereby exposing them to criminal exploitation.
– **Mass-Hacking-on-Autopilot**: The term coined by CEO Benjamin Harris characterizes this method as a low-effort means for attackers to gain access to compromised systems. By commandeering abandoned backdoors, attackers can capitalize on the work done by previous malicious actors without the need to initiate their hacking campaigns from scratch.
– **Effortless Exploitation**: The findings highlight a troubling trend where criminals can gain access to valuable data on compromised hosts with minimal effort simply by purchasing or using expired domains, essentially allowing them to bypass original security measures put in place.
– **Potential Victims**: The report indicates that compromised hosts include high-value targets such as the Federal High Court of Nigeria and other educational institutions from various countries including Bangladesh, China, Nigeria, Thailand, and South Korea, showcasing the breadth of the targeted entities.
– **Infrastructure Preservation**: WatchTowr Labs, conscious of the cycle of carelessness that leads to such vulnerabilities, has decided to sinkhole the discarded domains through collaboration with the ShadowServer Foundation to mitigate future exploitation risks.
– **Research Motivation**: The study not only serves a serious security purpose but also reflects a sense of curiosity about the kinds of hacking attempts that occur routinely. This ongoing situation highlights the importance of maintaining vigilance over digital assets to prevent them from being misused.
In conclusion, this finding from watchTowr Labs underlines the urgent need for improved infrastructure management practices, especially concerning expired domains and abandoned systems, in order to fortify security against opportunistic attacks utilizing these vulnerabilities.