Backdoor Account

A backdoor account is a hidden user account created to provide unauthorized access to a system or application.

These accounts are typically established by attackers who have gained initial access to a system, allowing them to maintain persistent access even if their original entry point is discovered and closed.

Backdoor accounts are often given innocuous names that blend in with legitimate system accounts, such as "admin2," "backup," or "service." They may be assigned elevated privileges and configured to bypass normal authentication mechanisms. Attackers frequently hide these accounts by modifying system logs, disabling account auditing, or placing them in obscure locations within the system's user database.

Organizations can defend against backdoor accounts through regular user account audits, implementing principle of least privilege, monitoring for unusual account creation activities, and maintaining comprehensive logs of administrative actions. Automated tools can help detect dormant or suspicious accounts by analyzing login patterns, privilege escalations, and account creation timestamps. Additionally, implementing strong change management processes and requiring multi-factor authentication for administrative accounts can make it more difficult for attackers to establish and maintain backdoor access.