17 october 2023
Network Management Systems - A Good Place to Hide?
I think about network infrastructure deployment sometimes. Quite often, in fact. Some would even say too often, but I disagree with that. Perhaps I think about deployment of telco and networking equipment just enough. For this reason I'm always on the lookout for breaches, hacks and tricks related to that sort of stuff.
One thing that I saw recently that amused me was the fact that AvosLocker seems to disguise a backdoor as a network monitoring tool:
It makes sense to me somehow, with network monitors often being quite complicated pieces of software with a lot of different traffic coming in and out of them. Put shortly: a good place to hide some fishy communication. The SolarWinds incident also serves as a good example of this:
https://arxiv.org/abs/2308.10294
I have been greatly enjoying Johannes Ullrich's "What's Normal?" posts and I believe awareness of such things could be of help if you suspect that someone is hiding in your network infrastructure:
https://isc.sans.edu/handler_list.html?author=642063&fname=Johannes&lname=Ullrich
But what's normal for a messy system such as a network manager?
Tags
#ownwritings, #cybersecurity, #networkingequipment, #malware, #telco, #telehacks, #awareness