每日安全简讯(20170131)
1、安全厂商发现冒充Netflix登录器的勒索软件2、360团队发布MBR勒索木马GoldenEye分析报告
3、奥地利酒店感染勒索软件 客人无法自由出入
4、香港证监会称部分证券公司网站曾受DDoS攻击
5、OurMine黑客组织入侵CNN等多个社交媒体帐户
6、专家担心特朗普三星Galaxy手机遭到黑客攻击
【安天】搜集整理(来源:trendmicro、freebuf、securityaffairs、securityaffairs、ibtimes、securityaffairs) 1、安全厂商发现冒充Netflix登录器的勒索软件
标题:Netflix Scam Delivers Ransomware
作者信息:January 29, 2017 at 6:07 pm By Marvelous Pelin
//BEGIN
Netflix has a 93 million-strong subscriber base in more than 190 countries, so it’s unsurprising that cybercriminals want a piece of the pie. Among their modus operandi: stealing user credentials that can be monetized in the underground, exploiting vulnerabilities, and more recently infecting systems with Trojans capable ofpilfering the user’s financial and personal information.
Netflix当前有9300万多忠实的粉丝,这些人来自全球的190个国家和地区。这么大的一个群体,难怪网络犯罪份子将目光盯上他们。采用的手段有:盗取这些用户的登录账号,并在地下洗白;利用一些系统存在的漏洞;通过木马来盗取用户的支付凭证以及个人信息。
//END
Bad guys need only hack a modicum of weakness for which no patch is available—the human psyche. Social engineering is a vital component in this scam, so users should be smarter: don’t download or click ads promising the impossible. If the deal sounds too good to be true, it usually is.
这些犯罪份子往往不需要采取什么高级的手段来攻击这些受害者,他们只需要利用一个不能打“补丁”的人性弱点即可。在这方面,社工是一个重要的手段。因此必须告诉用户的是:不要轻易下载或者点击广告,不要相信一些看似不可能的宣传。如果看上去不是真的,那么往往它就确实不是真的。一定不能轻信。
点评:对付勒索软件,建议采用备份备份再备份的3B原则:Backup、Backup、Backup(Beifen、Beifen、Beifen)。
2、360团队发布MBR勒索木马GoldenEye分析报告
{CHN}
标题:MBR勒索木马再度来袭:GoldenEye分析
作者信息:2017-01-30 By 360安全卫士
//BEGIN
早在今年上半年,破坏力极强的修改MBR并加密MFT (Master File Table)的勒索木马Petya就引起了杀毒厂商的高度关注,然而在今年下半年360白名单分析组又捕获了该作者最新的勒索木马“GoldenEye”。 半年以来该木马作者与杀毒软件的对抗持续升级,新的勒索木马的查杀难度显著增强。
//END
GoldenEye主要通过发送“求职垃圾邮件”的形式进行传播,并引诱受害者点击其中包含的恶意附件。首个附件是一个PDF文档,它将自己伪装成一封正经的求职信,而后还跟着一个包含了宏恶意软件的Excel文档。提醒广大网友:重要数据应定期备份。此外,他人发来的可疑程序或脚本(如exe、scr、js等)不要双击运行,这样就能最大限度的避免中招。
点评:对付勒索软件,建议采用备份备份再备份的3B原则:Backup、Backup、Backup(Beifen、Beifen、Beifen)。 3、奥地利酒店感染勒索软件 客人无法自由出入
标题:Ransomware infected systems at a luxury hotel locking guests in and out of the rooms
作者信息:January 29, 2017By Pierluigi Paganini
//BEGIN
The Romantik Seehotel J?egerwirt 4-Star Superior Luxury Hotel was hit by a ransomware attack that locked guests in and out of the rooms.
奥地利4星级豪华酒店The Romantik Seehotel J?egerwirt近期遭到了勒索软件的攻击,导致其客人登记出入的门锁计算机系统停止运行,影响了客户的出入:要进门的客人进不去了;在房间的客人出不了门!
该酒店以前也曾经遭遇到类似的攻击,虽然当时并不是针对这个门禁系统的,但即使这样,当时拒绝支付赎金,结果导致重要损失,最后才得以恢复。
这回酒店管理层吸取了上次的教训:死马当活马医,选择给勒索者支付了相当于1500欧元的赎金,幸运的是,支付赎金后果然完全恢复了其电子门禁卡系统的正常运行。(虽然这个个案的成功,但是我们依然不建议用户给勒索者支付赎金。相信勒索者的话,将是非常危险的。)果然在本案例中,即使恢复了整个系统的运行,但是勒索者依然给系统留下了一个后门程序,它伺机寻找机会再次作乱!
幸亏酒店的IT管理部门及时发现了该问题,并清除了它,当下采取了更加严格的安全措施来预防此类攻击。
该酒店的管理层选择公开此事,意图告知类似的酒店系统注意防范类似的攻击。
酒店方面采用的是电子钥匙卡系统管理酒店的门锁系统,而不是采用传统的钥匙。因此没有该系统的帮助,这些酒店所有的门都不能正常运行。
//END
“The house was totally booked with 180 guests; we had no other choice. Neither police nor insurance helps you in this case.” explained the Managing Director Christoph Brandstaetter.
“The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found. Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly.”
酒店有180间房。为了给客户提供良好的服务,管理层别无选择。酒店管理层称在此时,警方或者保险公司都帮不了实际的忙,只好自己帮助自己了!元凶找不到,就不能向肇事者索赔,损失只好我们自己承担。
点评:对付勒索软件,建议采用备份备份再备份的3B原则:Backup、Backup、Backup(Beifen、Beifen、Beifen)。 4、香港证监会称部分证券公司网站曾受DDoS攻击
标题:Hong Kong brokers blackmailed by hackers with DDoS Attacks
作者信息:January 29, 2017By Pierluigi Paganini
//BEGIN
The Hong Kong Securities and Futures Commission revealed some brokerage websites have been hit by DDoS attacks and blackmailed by crooks.
The Hong Kong’s SFC (Securities and Futures Commission) confirmed several brokers in the city has suffered DDoS attacks and were blackmailed by hackers.
香港证监会称部分证券公司网站曾受DDoS攻击,同时受害方还收到了攻击的勒索邮件。根据2016年11月份的调查显示,2014年到2016年这三年间,针对中国大陆和中国香港的商业网络攻击事件增长了969%。
//END
SFC urged brokers should configure their servers to avoid ‘reflective amplification’ DDoS attacks.
“Licensed corporations are expected to take immediate actions (including seeking advice from external contracted vendors if they do not possess such expertise and/or resources in-house) to critically review and assess the effectiveness of their cybersecurity controls in place,” SFC added.
证监会发布消息称,请各证券公司加强自身的网络安全防护,特别是采取恰当措施来防范DDOS攻击,对诸如网络构架、服务器、网络设备等应该进行适当的配置,以免受高级、持续的网络攻击。
特别是服务器的设置中应专门针对DDOS攻击进行配置,以防止反射性放大Reflective amplification 攻击。
如果证券公司自身的实力不足,那么应该立即聘请外部有实力的安全公司来帮助,并严格评审其网络安全防范措施的有效性,防止DDoS攻击破坏。
点评:证券公司等也是重要基础设施。 5、OurMine黑客组织入侵CNN等多个社交媒体帐户
标题:OurMine hacks multiple WWE and CNN social media accounts
The group was responsible for multiple social media account hacks in 2016 including that of Mark Zuckerberg.
作者信息:January 30, 2017 11:08 GMT By Hyacinth Mascarenhas
//BEGIN
OurMine, the notorious hacker group responsible for hacking the social media accounts of a number of celebrities, companies and top tech executives in 2016, are back at it again. The group hacked multiple Twitter accounts associated with the World Wrestling Entertainment group on Saturday (28 January) including that of WWE Universe, WWE NXT, WWE Network, Summer Slam as well as wrestlers John Cena and Triple H. WWE's Tumblr page was also compromised.
专门黑名人、高科技企业高管(包括FB的小Zuckerberg)的黑客OurMine又回来了!这次他们的目标是Twitter账户:含CNN和WWE(世界摔跤协会)等。
//END
The group claimed that all of the WWE accounts were linked to the head of social media's account allowing them to easily breach them. When asked about their motivation for the hacks, a representative of OurMine told IBTimes UK that they don't choose a specific target, but choose them "randomly" instead.
OurMine并不专门针对任何特定目标,而是随机选择软柿子捏。而且看起来没什么恶意,只是书写一段文字:"Hey, it's OurMine we are just testing your security, please contact us for more information, Thanks," (大意是:我们是OurMine,我们这样做的目的只是测试你的安全性,无他。有需要帮助,请联系OurMine.)
点评:OurMine算良心黑客?
6、专家担心特朗普三星Galaxy手机遭到黑客攻击
标题:Anonymous promises war on Trump, and only line experts say how to hack his mobile
作者信息:January 30, 2017By Pierluigi Paganini
//BEGIN
Anonymous declared war to US President-elect Donald Trump, hackers are threatening to expose his alleged affairs with Russians.
Anonymous declared war to US President-elect Donald Trump, recently the collective threatened to expose his “financial and personal ties with Russian mobsters.”
著名的黑客Anonymous已经对美国川总宣战:黑掉其使用的智能手机三星Galaxy S3,并将揭露其与俄罗斯犯罪团伙的经济与私人往来。不过到目前为止,还没发现什么新闻。
//END
The analysis suggests it could be very easy by downloading a publicly available exploit depending on the specific OS version running on the target. The analysis cites the Stagefright exploit as a possible weapon against the President’s smartphone.
“Alternatively, one could advertise malware on Brietbart and just wait for Trump to visit,” the hacktivists added.
三星Galaxy智能手机S3据说能比较容易黑掉,只需要采用公开的漏洞利用包即可;或者采取水坑攻击的方式:黑掉一个网站然后引诱川普总来访问。
点评:宣传的因素更多一些吧。
页:
[1]