Background
Hacker’s Door is a remote access trojan that has been around for many years. However, it has resurfaced and Cylance employees discovered it as part of recent compromise assessment engagement.
They discovered that this new sample shares many of the traits of the old Chinese backdoor Hacker’s Door, released back in 2004 and 2005. The newer sample has been updated to allow it to run on newer operating systems and modern 64-bit platforms.
Watch the video of Cylance vs. Hacker’s Door:
VIDEO: Cylance vs. Hacker’s Door
Why is Hacker’s Door an Important Issue and Why Should I be Concerned?
Hacker’s Door is a good example of “commoditized” malware – being sold in private markets by the original author and providing updates so that the malware can continue to run.
Commoditized malware allows anyone with a little bit of money to be a threat to your business. This example highlights the fact that threat actors are comfortable relying on third-party tools to keep cost and development time to a minimum.
The newer versions allow the malware to run on current operating systems and platforms and even utilize stolen code-signing certificates to run without warning.
If you are interested in learning about Hacker’s Door, Cylance has published a deep-dive teardown of the latest samples here.
It also represents a situation where older malware can return to infect current systems. Many of the endpoint security solutions out there today rely on signatures. As these signature repositories get bigger and bigger, companies begin removing “older” signatures in favor of new signatures (to keep the updates as small as possible) – creating a situation where older malware can come back and infect your computer.
Not only can older malware reappear in your network, but also your end users are burdened with endpoint security products that get heavier over time and consume valuable endpoint resources.
How Can Cylance Protect Me?
CylancePROTECT® requires absolutely no signatures to detect malware. Because Cylance uses artificial intelligence (AI) to actually predict the malware, there is no need for Cylance to have huge repositories containing all known malware signatures.
Cylance’s AI treats each unique sample as an unknown and makes a mathematical determination in real-time, pre-execution. With Cylance’s approach, there are no continual updates and the product utilizes only a fraction of system resources, compared to other solutions in the market today.
Yes, it is possible, with Cylance, for you to deploy an endpoint security product that is not only extremely effective at preventing malware – but also, to do it using a fraction of the resources your end users have to deal with today.
