In recent years, including the rapid development of 4G, cloud services, intelligence operations, and physical interconnection, Big Data, and other new generation of IT applications, "Information Network" has been deeply rooted in the human environment, people at work must link enterprise network systems, Life has a different Internet service provider people.
 |
| Advanced Persistent Threats (APT) |
From a global perspective, advanced persistent penetration attacks (Advanced Persistent Threat, APT) showing a clear upward trend, Bangladesh and the Asia-Pacific region has become the country the number of attacks suffered APT top three,
Therefore, many information security experts to call on the importance of a new generation of information security protection, and APT threat of attack is absolutely necessary for the new generation of IT prudent face.
►Ever-changing, all-pervasive threat of hackers APT :
For today's IT decision you for managers, APT threat of attack is very difficult information security problems, we can use "approach is difficult to detect, difficult to estimate the damage" to describe, APT attacks in the past two years the event has become a new generation of threats to information security The primary focus.
Because today's hackers focus on cybercrime underground can get more valuable economic benefits, so from the national government agencies to the general business and organizational goals can be affected by hack, no matter which industries or size.
In the beginning of this year, the nation's second-largest retailer Target of data leakage incidents, for example, more than 110 million customer information was pen APT attacks to steal, Target and thus pay millions of dollars to their customers, but also led to the share price fell sharply, business Fitch damaged and forced to turn off at least eight stores.
In addition to the 2011 event for the RSA Security is definitely the world's leading information security company, its SecureID dynamic password generator technology is widely used, but also because of the way APT attack was stolen related technical information, the same The company's business losses caused by RSA and reputation damage, but more worrying is the use of RSA cryptography customers will be exposed in the hacker threat.
These events may be the result of leakage of information, but the process is a series of difficult and means perfect "chain of trust storm," according to Websense, Inc. for more than 4.1 billion times 2013 years to prevent attacks analysis found that almost all methods of attack have demonstrated a variety of techniques to bypass traditional safeguards and to invade the system and be able to continue collecting data from the infected network; the attacker to steal information on the perpetrators are not entirely for money for profit purpose, including commissioned to destroy or weaken The purpose of rival companies a competitive advantage, or to the next target set by Council.
Cisco 2014 security report also noted that the organization "vulnerabilities (weak links)" presence, including outdated software, incorrect settings are not correctly handle digital assets, as well as computer users negligence, all will lead to dynamic security threats continue to rise, an attacker can use DNS query, exploit kits, malware, encryption protocol penetration, social engineering, phishing e-mail and other kinds of manipulation test the vulnerability of IT organizations.
►Unexpectedly goal attack mode:
From a global perspective, APT attacks showing a rising trend, the number of targeted attacks in 2013 increased by 91% over the previous year, the duration of the attack is over three times, and India before the Asia-Pacific region has become the number of attacks suffered APT Three of the country. Taiwan ranked fourth. Since the majority of APT attacks is to take the "implicit" approach, often used for the most basic, trust is high, and can not be part of the rapid reaction to proceed, but also caused many IT managers mistakenly APT defense strategy and risk assessment of severity. We can see from the following levels of analysis:
►Channel:
attack patterns in 2012-2013 statistical report shows, HTTP, HTTPS, and DNS as the three major exploitable attack vector communications, these communications have the following characteristics: the networking necessary, wide contact surface, easy altered; in fact, hacker attacks planned APT very clever use of HTTP, HTTPS, and DNS traffic to reach the contact target and reach the goal, including malicious program delivery, the control instruction delivery, capture obtain information and so on; but in disguise illegal and legal effect of trickle transmission, the traditional information security systems and IT monitoring mode is often difficult to identify and correct an effect. For example APT attacks implanted malware and botnets, most of the way and take the DNS hacker relay station (C & C, Command & Control) dynamic contact address, or the use of DNS to launch DDoS attacks.
►System:
APT attacks often exploit weaknesses in the system design customized targeted attacks. Which, Microsoft Systems is the world's highest rates of organizations IT environment, including the PC, the service host, and application system, but occurred in the Microsoft system information security vulnerabilities and risk management has been plagued enterprise IT. The Microsoft Active Directory (referred to as AD) is the focus of the enterprise IT environment must be concerned about, especially since Microsoft AD host plays a very important service to key players in the enterprise, the majority have an account permissions, network core services (DNS / DHCP), and the other services, but also more upgrade installation services relative weakness of the risk of the system host, once Microsoft AD system from APT attacks are for internal IT operations also bound to cause a great impact.
►Object:
APT attack is more focused on the valid target object, rather than undifferentiated computer virus attacks. Where the assistant business executives and mid-level executives, public relations and special privileges managers are the most vulnerable targets, cybercriminals who treat them as a springboard to lock and attack such targets celebrities or corporate executives, and thus obtain The maximum authority and in-depth exposure to the core enterprise systems and data areas.
►Mentality:
Most companies still follow the old concept of information security and protection of investment to face the threat of APT attacks, in fact, strengthen the existing information security systems available to benefit function has been very limited, and the last decade of the traditional information security system design focuses on security and defense technology to detect a single point, in other words is to enhance the specifications and performance. In fact, hackers and more familiar with these detection technology and defense mode, APT attacks reverse use of corporate IT staff's trust in traditional information security systems to touchdowns. According to FireEye research enterprises in the information security status of deployed devices, still more than 67% did not know had been implanted malware or trojan, average latency period can last up to 229 days.
►Food Safety storm watch from information security incidents
Recent domestic food safety problems by oil suffered great harm, excluding the human factors, the main reason causing the storm event can be attributed to the supply chain of trust issues, I believe that most of the manufacturers and consumer users is based on the "certification" of trust directly or indirectly suffer, "certification" may be a system, systems, or equipment, in the same situation for many years to allow interested parties to avoid drilling regulations, in fact, it is well worth the current draw on information security, especially toward the Internet Crime obtain economic benefits of direction, IT decision-making managers more APT must face the threat of attack.
Comments
Post a Comment
Please leave your comments and suggestions here.