Backdoor
What is Backdoor?
BackdoorA covert mechanism that bypasses normal authentication or access controls to give an attacker future entry to a system.
A backdoor provides hidden, persistent access to a compromised host, network device or application — typically bypassing logging, authentication and policy controls. It may be planted by an external attacker (web shell, malicious service, scheduled task), pre-installed by an insider, hidden in a software supply chain, or originate from a vendor as an undocumented account. Backdoors enable command execution, data exfiltration and re-entry after eviction. Detection requires endpoint and network telemetry correlation, code signing checks, configuration auditing, threat hunting, and supply-chain attestation. Mitigation includes least privilege, regular credential and key rotation, anomaly detection and immutable audit logging.
● Examples
- 01
SUNBURST in the SolarWinds Orion supply-chain attack (2020).
- 02
Web shells like China Chopper deployed on compromised Exchange servers.
● Frequently asked questions
What is Backdoor?
A covert mechanism that bypasses normal authentication or access controls to give an attacker future entry to a system. It belongs to the Malware category of cybersecurity.
What does Backdoor mean?
A covert mechanism that bypasses normal authentication or access controls to give an attacker future entry to a system.
How do you defend against Backdoor?
Defences for Backdoor typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Backdoor?
Common alternative names include: Trapdoor, Hidden access.