每日安全简讯(20170211)
1、暴力破解RDP传播勒索软件CRYSIS攻击数量翻倍2、威胁报告显示:勒索软件攻击较前年增长167倍
3、“超级隐身”(无文件实体)恶意代码成为主流
4、日立支付系统感染恶意软件致320万银行卡被盗
5、安全厂商预测2017年网络安全:安全意识觉醒
6、Gartner预测今年全球物联网设备数量将达84亿
【安天】搜集整理(来源:trendmicro、chainstoreage、wired、indiatimes、mcafee、X战略) 1、暴力破解RDP传播勒索软件CRYSIS攻击数量翻倍
标题:Brute Force RDP Attacks Plant CRYSIS Ransomware
作者信息:February 9, 2017 at 5:00 am By Jay Yaneza TrendMirco
//BEGIN
In September 2016, we noticed that operators of the updated CRYSIS ransomware family (detected as RANSOM_CRYSIS) were targeting Australia and New Zealand businesses via remote desktop (RDP) brute force attacks. Since then, brute force RDP attacks are still ongoing, affecting both SMEs and large enterprises across the globe. In fact, the volume of these attacks doubled in January 2017 from a comparable period in late 2016. While a wide variety of sectors have been affected, the most consistent target has been the healthcare sector in the United States.
SME:Small and Medium Enterprise 中小企业
RDP:Remote Desktop 远程桌面
去年九月份,感染澳大利亚和新西兰的勒索软件家族CRYSIS就采用了远程桌面RDP的暴力破解攻击方法。从那时开始一直到现在,该方法一直被勒索软件利用,其攻击目标也从以上这两个国家蔓延到世界各地的其他国家的中小企业和大型企业。涉及的领域主要有九大领域:健康行业、政府行业、教育行业、房地产行业、金融行业、制造行业、原材料行业、通信行业以及其他行业,其中健康行业排名第一。跨年的两个月份,其感染数量翻倍:这两个月是2016年的12月和2017年的1月份。通过远程桌面RDP,攻击者利用的有本地的资源目录或者剪切板中的内容
//END
What to do when you suspect that this method has been used against your organization
If you find yourself in this situation, our original discussion in September event provided some key steps to consider.
Limit the potential risk to your network by applying proper security settings in Remote Desktop Services. Disabling access to shared drives and the clipboard would limit the ability to copy files via RDP. Restricting other security settings may be useful as well. Note that limiting such functionality may impact usability
Try to identify any offending IP addresses. With newer versions of Windows, the OS logs Remote Desktop connection details in the Windows Event Viewer with the Event ID 1149. The logged information includes the user account that was used (i.e., the compromised account), as well as the IP address of the attacker.
当发现这种感染苗头时,建议采用以下方式来防范:
1 限制Remote Desktop Services远程桌面的服务的功能:禁止通过RDP协议访问共享目录或者剪切板的内容。当然也可以采取其他策略,不过这些限制策略在防范这些勒索软件攻击时,也会对用户的原有功能造成一定的妨碍。
2 应该试图定位攻击来源的IP:新版本的Windows的事件记录功能Event Viewer ID为1149可以记录远程桌面连接Remote Desktop的远端IP地址。该记录还能记录远端登录的用户账号:用户名和登录密码。通过这三种(IP,用户名和登录密码)特征可以帮助受攻击用户朔源。
点评:对付勒索软件,建议采用备份备份再备份的3B原则:Backup、Backup、Backup(Beifen、Beifen、Beifen)。
2、威胁报告显示:勒索软件攻击较前年增长167倍
标题:Report: Malware attacks drop, but ransomware, IoT threats increase
作者信息:FEBRUARY 9, 2017BY DEENA M. AMATO-MCCOY
//BEGIN
As malware attacks drop, it is becoming clear that cyber-criminals’ weapons of choice are shifting — and retailers need to be ready.
That’s according to the “2017 SonicWall Annual Threat Report,” which is compiled from data collected throughout 2016 by the SonicWall Global Response Intelligence Defense (GRID) Threat Network. This includes daily feeds from more than 1 million security sensors in nearly 200 countries and territories.
SonicWall公司最新出版的2017年年度威胁报告显示:恶意代码的攻击数量在减少,目前很明显的趋势是网络犯罪分子正在改变其攻击策略和方法。作为防守方和最终的用户都需要做出相应的改变。
这个年度威胁报告的数据采集时间段是2016年全年,范围是全球200多个国家的地区的超过100万个安全探针的每天的数据采集。
//END
“It would be inaccurate to say the threat landscape either diminished or expanded in 2016 — rather, it appears to have evolved and shifted,” said Bill Conner, president and CEO of SonicWall. “Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative.”
我们不能简单的宣称2016年全年的威胁形势扩大还是减少了。与有害代码的较量其实它是一个动态变化的过程,攻防双方都在进化过程中:包括其采用的技术手段。这并不是传统战争的消耗战,而是一种新的军备竞赛,双方都在不断“创新”、增强实力。
//下载:
SonicWall公司近两年的威胁年度报告
2017:
文件名:2017-sonicwall-annual-threat-report-white-paper.pdf
文件大小:4,450,815 bytes
MD5 : 81B0979043924600B105D0F7705588D8
2016:
文件名:2016-sonicwall-security-annual-threat-report-white-paper.pdf
文件大小:2,512,384 bytes
MD5 : F443FA3F468D709D20252DA9F4818CFB
点评:对付勒索软件,建议采用备份备份再备份的3B原则:Backup、Backup、Backup(Beifen、Beifen、Beifen)。 3、“超级隐身”(无文件实体)恶意代码成为主流
标题:Say Hello to the Super-Stealthy Malware That’s Going Mainstream
作者信息:02.09.17 ByLILY HAY NEWMAN
//BEGIN
TYPICAL ANTI-MALWARE SOFTWARE scans hard drives in search of malicious files, and then flags them for removal. That strategy breaks down, though, when there’s no file to find on the system in the first place. And that’s exactly how an increasingly popular type of attack has stymied the defenses of dozens of banks around the world.
典型的传统的反恶意代码的软件的做法是:扫描整个硬盘的所有文件,并试图从重找出恶意代码来。如果成功发现了的话,就试图清除它们。但是显然这种办法对于没有实际文件实体但却存在于主机中的恶意代码是无法检测的。而在过去的一年中,正是这种无文件实体(一种可能是存在于内存RAM中)在过去的2016年中,对世界各地银行系统造成了严重的威胁。
//END
Between fileless malware and the increasing popularity of ransomware it feels like malware has morphed into a new phase. (There’s even fileless ransomware.) That’s not cause for despair, though; it’s just all the more reason to keep up with the evolving landscape, and not rely on outdated tools. And now, looking for intruders where you least expect them.
当下甚至还出现了无文件实体的勒索软件!可以很明显的看到,有害代码正在发生很大的变革:从无文件实体的恶意代码到勒索软件的极度流行都似乎在印证着这一点。但是我们也不必过于悲观,我们唯有紧紧跟随变革,甚至提前布局,才能立于不败之地,只是不要墨守成规。
//下载:
原Bit9,现在的CB公司2017年威胁报告
文件名:16_1214_Carbon_Black-_Threat_Report_Non-Malware_Attacks_and_Ransomware_FINAL.pdf
文件大小:1,397,572 bytes
MD5 : 660DBA3B48BF43E0A5178FFB314EF3F0
点评:传统反恶意代码的方法需要不断进化和演变。 4、日立支付系统感染恶意软件致32万银行卡被盗
标题:Hitachi Payment accepts malware hit
作者信息:Feb 10, 2017, 04.00 AM IST By TNN
//BEGIN
Mumbai: The mystery behind the breach at a private bank's ATM network last year that led to 32 lakh debit cards being exposed, forcing banks to replace most of them, has been solved. Hitachi Payment Services — the company to which Yes Bank had outsourced processing of ATM transactions — has said that investigations show that its systems were hit by a sophisticated malware attack and it is not possible to say how many cards' details have been extracted.
来自印度孟买的消息:去年一个被盗的私人银行的ATM网络系统导致320万银行卡用户数据泄露,逼迫该银行不得不更换其大多数的银行卡。这个系统就是日立支付系统Hitachi Payment Services。日立称该系统遭到了一个复杂的恶意代码攻击,其实到目前为止并不清楚到底有多少用户的卡片信息被泄露。
//END
He added that Hitachi Payments also partnered with banks to ensure the safety of their customers' sensitive data. "As a result, the extent of the compromise was limited and we have not seen any further misuse due to containment measures deployed by Hitachi Payment Services."
日立支付系统Hitachi Payment Services与相关银行携手工作,尽最大的努力以减少给客户造成的损失。目前为止影响的范围还是很有限的,同时由于采取了一些补救措施,因此避免了影响的进一步扩大。
点评:恶意代码的眼中只有钱!可不管是啥支付系统。 5、安全厂商预测2017年网络安全:安全意识觉醒
标题:Cyber security predictions for 2017: Increased awareness, new threats
作者信息:Feb 09, 2017 By Doug Clare
//BEGIN
In the world of cyber security, 2016 was a banner year––and not in a good way. From the Bank of Bangladesh/SWIFT heist in February to the Dyn DDoS attack a few weeks ago, the year’s wild attacks have one thing in common: they were proof that hacker innovation is on a growth trajectory.
就网络安全领域而言,2016年是一个标志性的一年,不幸的是,并不是什么好的标志性。从2016年2月份初的银行惊天大案到年底的Dyn遭到的DDoS攻击等,这一切都在清晰的表明,攻击者,也就是网络安全从业者的对手们,其技术“创新”脚步正在快速步入上升通道!
//END
Prediction: Consumers will care a lot more about the security of the companies they do business with.
Prediction: Consumers will care a lot more about their own cyber security.
Prediction: Businesses will care a lot more about the cyber security of the companies they do business with.
Prediction: Consumers and businesses will finally recognize the threat potential of IoT devices.
Prediction: Biometric security data may become the biggest security vulnerability of all.
2017年的五大预测:
第一:顾客们会越来越关心其生意合作伙伴的安全问题。
第二:顾客们会越来越关心其自己的网络安全问题。
第三:商业公司会越来越关心其商业合作伙伴的网络安全问题。
第四:不管是一般的客户还是商业公司,最终都会发现物联网设备的巨大安全风险。
第五:生物指纹信息等安全问题,将会成为我们每一个人的最大安全漏洞和隐患所在。
//下载:
文件名:17_Financial_Crime_Predictions_for_2017.pdf
文件大小:1,108,847 bytes
MD5 : 9E9E240EB32113170D04CC87ACB188F7
点评:第一点和第三点预测还是挺有意思的。 6、Gartner预测今年全球物联网设备数量将达84亿
{CHN}
标题:【市场报告】Gartner:2017年全球物联网设备数量将达84亿
作者信息:2017-02-10 By X战略
//BEGIN
Gartner预测,在2017年,全球将有84亿连入物联网的设备投入使用,这一数字较2016年上涨了31%,且到2020年这一数字将达到204亿。2017年全球在物联网终端和服务上的支出将达到近2万亿美元。
Gartner forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020. Total spending on endpoints and services will reach almost $2 trillion in 2017.
Regionally, Greater China, North America and Western Europe are driving the use of connected things and the three regions together will represent 67 percent of the overall Internet of Things (IoT) installed base in 2017.
//END
主导物联网服务的是专业的物联网运营服务,在此类服务中,服务提供商帮助商业用户设计、部署及运营用户的物联网系统,”Gartner研究总监Denise Rueb补充道。“但是,互联互通服务和针对消费者的服务将增长得更快。针对消费者的物联网服务虽然面市时间段[此处应为:时间短===Wenster注],但是规模已经不小。同样的,随着成本的降低和新应用的涌现,互联互通服务也在蓬勃发展。”
原文:https://www.helpnetsecurity.com/2017/02/07/connected-things-worldwide-2017/
8.4 billion connected things will be in use worldwide in 2017
原文:http://www.gartner.com/newsroom/id/3598917
Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016
Consumer applications to represent 63% of total IoT applications in 2017
From 2018 onwards, cross-industry devices, such as those targeted at smart buildings (including LED lighting, HVAC and physical security systems) will take the lead as connectivity is driven into higher-volume, lower cost devices. In 2020, cross-industry devices will reach 4.4 billion units, while vertical-specific devices will amount to 3.2 billion units.
Business IoT spending to represent 57% of overall IoT spending in 2017
While consumers purchase more devices, businesses spend more. In 2017, in terms of hardware spending, the use of connected things among businesses will drive $964 billion. Consumer applications will amount to $725 billion in 2017. By 2020, hardware spending from both segments will reach almost $3 trillion.“IoT services are central to the rise in IoT devices,” said Denise Rueb, research director at Gartner. Total IoT services spending (professional, consumer and connectivity services) is on pace to reach $273 billion in 2017.
“Services are dominated by the professional IoT-operational technology category in which providers assist businesses in designing, implementing and operating IoT systems,” added Ms. Rueb. “However, connectivity services and consumer services will grow at a faster pace.
Consumer IoT services are newer and growing off a small base. Similarly, connectivity services are growing robustly as costs drop, and new applications emerge.”
点评:IoT是Internet of Things 还是Internet of Trouble?
页:
[1]