Research Article
Backdoor Investigation and Incident Response: From Zero to Profit
@INPROCEEDINGS{10.1007/978-3-031-06365-7_14, author={Anthony Cheuk Tung Lai and Ken Wai Kin Wong and Johnny Tsz Wun Wong and Austin Tsz Wai Lau and Alan Po Lun Ho and Shuai Wang and Jogesh Muppala}, title={Backdoor Investigation and Incident Response: From Zero to Profit}, proceedings={Digital Forensics and Cyber Crime. 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6-9, 2021, Proceedings}, proceedings_a={ICDF2C}, year={2022}, month={6}, keywords={Incident response Backdoor Malware Targeted attack APT}, doi={10.1007/978-3-031-06365-7_14} }- Anthony Cheuk Tung Lai
Ken Wai Kin Wong
Johnny Tsz Wun Wong
Austin Tsz Wai Lau
Alan Po Lun Ho
Shuai Wang
Jogesh Muppala
Year: 2022
Backdoor Investigation and Incident Response: From Zero to Profit
ICDF2C
Springer
DOI: 10.1007/978-3-031-06365-7_14
Abstract
We have investigated an incident in an online gaming company about an unauthorized access to the transactional database, the attacker modifies the gaming transaction to win the game. The attacker compromises the database occasionally without explicit footprints, basically this company has just engaged enterprise-grade firewall and anti-virus software but its anti-virus control failed to detect the existence of a backdoor file. After 4-month of investigation, with additional layered defense and monitoring, we have discovered the backdoor and carried out an incident response successfully. In view of this incident, OilRig attack [1] and Solarwinds Supply Chain Hack [2], we can foresee this type of incident will continue. Therefore, in this paper, we propose an incident response methodology matrix called BackDoor Incident Response Model (BDIRM) to handle incidents with backdoor effectively, thereby accelerating to eradicate the risk and impact of backdoor against organizations.
