每日安全简讯(20161113)

1、知名博客MMD关闭，抗议NSA实施网络攻击
2、恶意软件变种和垃圾邮件在10月增长迅速
3、研究者称IoT恶意软件即将扩大感染范围
4、俄罗斯五家主流大型银行受僵尸网络攻击
5、美国国标研究院发布小微企业网络安全指南
6、研究者称超声波将成黑客窃取隐私新途径

【安天】搜集整理（来源：securityaffairs、scmagazine、securityweek、easyaq、nist、indiatimes）

1、知名博客MMD关闭，抗议NSA实施网络攻击
标题：MalwareMustDie is closed for protest against the NSA

作者信息：November 10, 2016  By Pierluigi Paganini

//BEGIN
The Legendary Blog of MalwareMustDie is closed for protest against NSA hacking trace of educational and public servers of harmless countries.
MMD是Malware Must Die 恶意代码必须消灭，或者人人共诛恶意代码。
最近MMD关闭了，原因是抗议NSA对一些无辜的教育和一些国家的公共设施的网络系统进行攻击。

//END
The title of the Blog is clear, and the position of MalwareMustDie it’s clear as well: using malware is any activity with any kind of purpose, is just not
accepted. “What is BAD stays BAD, no matter who you are. And if we can not do things strictly right, we can never stop “wrong” or “bad” things in the
internet”. And it’s correct, because, really, malware must die.
MMD博客的主题表明得很清晰，其定位也极其精准：那就是恶意代码就是我们的敌人，不能以任何理由来使用它进行非法活动，不管是谁。坏的就是坏的，不管谁用都是坏的。州官(百姓)放火都是一个性质。如果我们在网络上黑白不分，不坚守底线，那么网络将永无宁日。

//下载： MalwareMustDie is closed for protest against the NSA.pdf (750.5 KB, 下载次数: 50)

2016-11-13 20:44 上传

点击文件名下载附件

文件名：MalwareMustDie is closed for protest against the NSA.pdf
文件大小：768，512 bytes
MD5     : C3E9E6CAABA26AA3F3ABB3F256F99994

点评：这个行动虽然微弱，但是也许是正向的。

2、恶意软件变种和垃圾邮件在10月增长迅速
标题：Malware variants and spam rates skyrocket in October

作者信息：November 11, 2016 by Doug Olenick

//BEGIN
Fueled by the Mirai botnet Symantec's October 2016 intelligence report saw the number of unique malware variants experience a massive uptick, while at the same time the lead up to the presidential election helped power a spike in election-related spam.
安全公司Symantec上月的情报报告显示在双重因素的作用下，恶意代码的变种数量大幅增长。这双重因素是：物联网IoT恶意代码Mirai和美国总统大选相关的垃圾邮件主题。

//END
The run up to the presidential election helped boost the amount of spam related to that even with Symantec seeing the global spam rate hit 54.1 percent, the highest level in a year. This means more than half of all email sent was spam.
However, despite that very high spam rate there was some good news regarding phishing attacks for the month. The rate of phishing emails dropped to one in 5,313. The business sector with the highest rate was public administration with one in 2,814 and business with between 1,501 and 2,500 employees that saw one in every 3,037 emails being a phishing attempt.
On the mobile front no new Android malware families were discovered in October, but the number of variants per family did increase with Android.Lockscreen which used a new technique to get around auto start restrictions by pretending to be a launcher.
根据赛门的监测，在美总统选举期间的10月份，垃圾邮件的比例甚至超过正常邮件。可见其猖狂的程度。尽管如此，钓鱼邮件的比例却是显著降低平均5313封邮件才有1封；而公共管理部门的比例是平均2814封邮件有1封是钓鱼邮件；商业用户中大约3037封邮件其中1封是钓鱼邮件。
移动恶意代码方面，没有新的种类出现，但是发现了很多变种的增加。

点评：物联网的安全依然是话题的主角。

3、研究者称IoT恶意软件即将扩大感染范围
标题：IoT Malware Will Soon Surround Us: Researcher

作者信息：November 11, 2016 By Ionut Arghire

//BEGIN
When it comes to Internet of Things (IoT) devices, everything from smart glasses to connected cars is susceptible to malware infection if not properly
secured, Fortinet senior researcher Axelle Apvrille said in a presentation at the DefCamp 2016 security conference in Bucharest, Romania this week.
来自传统安全公司Forinet的研究人员最近在安全峰会DefCamp2016（2016年11月10-11日在罗马尼亚首都布加勒斯特举行）上表示：恶意代码已经盯上了物联网IoT设备：从智能眼镜到智能汽车等等与人们的日常生活密切相关的设备都上榜。

//END
“There is a new path of least resistance, which Mirai so well illustrated. Consumer connected devices are generally not built with security in mind. The
software that powers these devices isn’t tested to the same level that a financial institution will test a Web application. The hardware, firmware, and OS
isn’t sufficiently hardened against attack. If a password exists, it is weak and widely published in support documentation that is broadly available on the
Internet,” Cigital’s Jim Ivers noted in a recent SecurityWeek column.
Because of these vulnerabilities and lack of security standards, any IoT device in a smart home could represent a vulnerable entry point for a malware
attack. By compromising a toothbrush, a toaster, or a refrigerator, an attacker could then spread malware to other devices on the network, including
computers and smartphones.
近期的Mirai（未来）物联网恶意代码被连篇累牍，特别是与最终客户相关的物联网设备的安全特性非常之少，而且物联网设备的出厂测试过程也非常简单：更多的是功能性的测试，而没有安全性的详尽测试，现实情况是与网银等的应用投入的精力差别很大。当然物联网设备安全涉及到硬件、固件、操作系统等一整个链条。一个简单的例子是有时某些设备的使用是需要密码的，不过这些密码被写在说明书和宣传册，几乎人人尽知。
智能家居的安全薄弱环节可能成为被入侵的入口，通过感染智能牙刷、智能电冰箱、智能炊具等，恶意代码然后能横向移动感染其他智能设备或者手机和电脑。

点评：物联网安全之智能家居安全.....

4、俄罗斯五家主流大型银行受僵尸网络攻击
{CHN}
标题：俄罗斯五家大型银行遭受30个国家的DDoS攻击

作者信息：2016-11-11 10:29 By E安全

//BEGIN
E安全11月11日讯 俄罗斯银行遭受强大的DDoS攻击，但庆幸的是，攻击得到缓解。俄罗斯五家大型银行遭受强大DDoS攻击 - E安全
周二下午，俄罗斯五家主流大型银行遭遇长达两天的DDoS攻击。来自30个国家2.4万台计算机构成的僵尸网络持续不间断发动强大的DDOS攻击。但是，银行设法阻止网上客户服务受到影响。
其中一个银行发布新闻稿表示：“这一系列攻击源自几万台计算机构成的僵尸网络，这些计算机分布在几十个不同的国家。我们记录的第一起攻击发生在清晨…之后数波攻击在晚上接踵而至，每一波的攻击力是上一波的两倍。银行的网络安全人员及时关注并定位了攻击。客户网上服务目前未出现问题 ”。
此次攻击十分强大，并且每起攻击的强度在不断增强。更重要的是，此次攻击不间断持续了2天时间。
另一受害银行Alfabank遭受的攻击相对较弱，银行代表表示：“我方银行确实遭受了攻击，但攻击强度相对较弱，未影响到Alfabank的业务系统”。

//END
按照卡巴斯基实验室提供的分析，超过一半的僵尸网络位于以色列、台湾、印度和美国。每波攻击持续至少一个小时，最长的不间断持续超过12个小时。攻击的强度达到每秒发送66万次请求。卡巴斯基实验室还指出，有些银行反复遭受被攻击。
卡巴斯基实验室发表声明，指出：“此类攻击很复杂，互联网提供商使用的标准手段几乎无计可施”。
俄罗斯中央银行代表指出，该僵尸网络不仅包含计算机，还包括物联网设备。安全专家表示，这些物联网设备包括闭路电视摄像头（大部分），不仅如此，微波炉之类的家用电器也牵扯其中，波及的设备范围极其广泛。
这类家用电器及其它设备被用来构成僵尸网络如此简单的原因在于，设备用户联网使用设备时，仍使用默认密码。

点评：5家银行和30个国家未见其详....

5、美国国标研究院发布小微企业网络安全指南
标题：New NIST Guide Helps Small Businesses Improve Cybersecurity

作者信息：November 10, 2016 By Evelyn A Brown

//BEGIN
Small-business owners may think that they are too small to be victims of cyber hackers, but Pat Toth knows otherwise. Toth leads outreach efforts to small businesses on cybersecurity at the National Institute of Standards and Technology (NIST) and understands the challenges these businesses face in protecting their data and systems.
很多小企业主认为自己的企业规模小，网络黑客们可能不会关注。但是安全专家们可不这样看。NIST发布了一个专门的报告，以让小企业主能意识到他们的数据和系统所面临的风险。

//END
NIST has been in the business of helping small businesses with information security since 2001 when it joined forces with the U.S. Small Business
Administration (link is external) and the Federal Bureau of Investigation’s InfraGard (link is external) program to provide introductory cybersecurity
workshops to small businesses.
NIST从2001就开始关注小企业的信息安全，并与一些政府主管部门合作，给小企业提供网络和信息安全指南。

//下载： Small Business Information Security-Fundamentals.pdf (1.02 MB, 下载次数: 49)

2016-11-13 20:51 上传

点击文件名下载附件

文件名：Small Business Information Security-Fundamentals.pdf
文件大小：1，066，854 bytes
MD5     : 775C3ABD8B050AF032F1A6F76FE43073
备注：小企业信息安全基础。

下载： cybersecurity-framework-021214.pdf (930 KB, 下载次数: 47)

2016-11-13 20:51 上传

点击文件名下载附件

文件名：cybersecurity-framework-021214.pdf
文件大小：952，319 bytes
MD5     : 3D0961FF522D959647BF1370506B51FE
备注：2014年网络安全构架

点评：麻雀虽小，五脏俱全。

6、研究者称超声波将成黑客窃取隐私新途径
标题：ULTRASOUND: THE NEW HACKING TOOL

作者信息： Nov 12, 2016, 08.54 AM IST By Mumbai Mirror

//BEGIN
Ultrasound apps are still niche, but it could be an attractive technology for use in the internet of things. The apps can collect information about users
without them knowing.
Sometimes it feels as if they are watching you. You idly check out some clothes online one morning, and for the rest of the week, they follow you across the internet, appearing in adverts on every website you visit.
超声波APP大有潜力，特别是在IoT物联网领域有很广阔的前景。采用该技术的APP能在用户不知情的情况下搜集用户信息。有时您会感觉到被监视了，即使您只是上网购物或者在网上闲逛。


//END
Before ultrasound goes mainstream, Mavroudis says, we must work out how to regulate it and keep it from being hijacked for malicious purposes. “Ultrasound beacons don’t have specs yet,” he says. “There are no rules about how to build or connect ultrasound beacons. This is kind of a grey area where no one wants to take responsibility.” He and his colleagues are agitating for standards similar to those that exist for Bluetooth. They have also developed countermeasures you can use in the meantime, including an ultrasound-filtering browser extension for Google Chrome that blocks any beacons embedded on a website from sounding. “It’s going to get worse unless we fix it,” says Mavroudis. SALLY ADEE/(C) 2016/ DISTRIBUTED BY TRIBUNE CONTENT AGENCY, LLC
安全专家表示：在该技术成为主流之前，必须提前想办法以免被恶意利用。比如在标准方面，目前还没有统一的规范超声波的发送和建立，这还是一个灰色地带，没有人管。应该像蓝牙一样，逐步建立起一套广为接受的技术标准。

点评：无规矩不成方圆。