威瑞森:谴责网络间谍活动不能光盯着中国
|
又是一年春来到,黑脉金斑蝶开始向北迁徙,威瑞森(Verizon)的数据泄露报告又出台了,使全球各地已经深陷恐慌的企业信息安全总监们又恐慌了一次。 威瑞森的年度报告调查分析了全球约50家企业的63000多起信息安全事件(以及1300多起已经得到确认的数据泄露事件)。今年这篇长达60页的报告一共归纳了九种攻击模式,包括对零售终端的入侵、拒绝服务攻击以及网络间谍活动等等。据威瑞森公司表示,在2013年发生的全部信息安全性事件中,有94%都可以归入这九大类。 下面我们将各大企业面临的九大最紧迫的信息安全威胁简要总结如下: 1. 网络应用袭击 它是数据泄露最常见的形式之一。据威瑞森公司的报告指出,网络应用依旧是“众所周知的互联网沙袋”。那么坏人们是怎样发动袭击的?答案是通过钓鱼技术、安装恶意软件,再就是猜中你们设置的那些过于简单的密保问题,比如你的第一个玩具娃娃叫什么名字、你表哥的眼睛是什么颜色、你六年级时的昵称是什么。不过威瑞森也指出,现在已经有了更好的方法来防范网络应用袭击,第一步就是采用双因子验证。 2. 网络间谍活动 2013年,与国家行为有关的未经授权的网络或系统访问行为激增了三倍。威瑞森公司表示,网络间谍活动所展示出的“威胁举动”的方法超过了其它任何一种袭击模式,发动袭击者一旦获取了访问权限,就会在系统中为所欲为,进行从扫描整个网络到输出数据的各种活动。威瑞森公司警告称,我们在这个问题上不能总是谴责中国——至少是不能光是谴责中国。有记录的网络间谍活动中,现在约有21%是从西欧国家发动的。 3. 入侵零售终端 最典型的例子就是最近塔吉特百货(Target)数据泄露的案例,黑客侵入塔吉特百货的系统之后,获取了大约4000万名顾客的信用卡号。入侵零售终端似乎已经成了近期流行的一种袭击方式。不过威瑞森公司指出,入侵零售终端系统的活动与前几年相比实际呈下降趋势。这份报告的作者写道:“最近被广泛报道的几家大型零售商的泄密事件把POS系统推到了风口浪尖上,但是事实上,这个问题已经存在好几年了。”但不管怎样,零售企业和酒店等还是要特别关注这种袭击模式。只需要一次大型的零售终端入侵事件就足以吓跑顾客和投资人——塔吉特百货就是个活生生的例子。 4. 支付卡套卡机 盗刷支付卡的行为主要发生在ATM机和加油站,而且它是一种相对粗糙的入侵形式,需要一台盗刷设备(即俗称的“套卡机”)与机器进行连接才能实现盗刷。这已经不是什么新招术了,但是如今黑客收集被“盗刷”的卡片数据的方式却又“花样翻新”了。过去犯罪分子必须要亲自回收“套卡机”,但现在他们可以利用蓝牙或者其它无线通讯技术收集卡片的数据。虽然如今更加现代化的ATM机在设计上已经可以抵御套卡盗刷,但是它在全球其他一些地方仍然是个大问题,比如保加利亚和亚美尼亚等国家。 5. 内部滥用 光看标题你可能还不清楚这部分讲的是什么。大家可以想想斯诺登的爆料,或者任何未经批准而恶意使用一个组织的资源的例子。最常见的情况就是企业内部员工利用明令禁止的设备(比如USB存储设备)或服务把情报资源发送到他们自己的个人账户——又或者是假装成另一名用户发送信息,好让某个同事被公司炒鱿鱼。据威瑞森公司表示,从事这些犯罪活动的人中有很多是支付链上的人员或者终端用户,但前几年也有不少企业高管干这种事。教训是:不要相信任何人。 6. 犯罪软件 这个类别包括除了间谍行为或入侵零售终端行为以外的任何恶意软件事件。犯罪软件的目的一定是为了进行某种非法活动,比如窃取用户的网络银行证书等。大多数恶意软件都是从下载或者所谓的“偷渡式感染”开始的,也就是说病毒可能是在用户不自觉地点击了一个隐藏弹窗时被下载到了电脑上。那么企业应该如何对抗这种类型的攻击呢?首先要及时更新浏览器等软件。
|
It's that time of year again: Spring is in the air, Monarch butterflies are traveling north, and Verizon's (VZ) data breach report is making the rounds, freaking out already freaked-out chief information security officers around the globe. The annual report compiles and analyzes more than 63,000 security incidents (as well as 1,300 confirmed data breaches) from about 50 companies worldwide. This year's 60-page document identified nine main patterns of attack, including point-of-sale intrusions, denial-of-service attacks and acts of cyberespionage. According to Verizon, 94% of all security incidents in 2013 can be traced to these nine basic categories. (As for the other 6% of threats facing corporate America, well, ignorance is bliss, right?) Here, our summary of the most pressing security threats for major companies: 1. Web app attacks Hands down, this is the most common type of data breach. According to Verizon's report, web applications remain the "proverbial punching bag of the Internet." How do the bad guys do it? Phishing techniques, installing malware, and, yes, correctly guessing the name of your firststuffed animal, your oldest cousin's eye color and your nickname in sixth grade. There are ways to better protect Internet-facing applications, Verizon insists, and it starts with two-factor authentication. 2. Cyberespionage Incidents of unauthorized network or system access linked to state-affiliated actors have tripled -- that's right, tripled -- over the last year. Espionage exhibits a wider variety of "threat actions" than any other attack pattern, Verizon says, which means that once intruders gain access, they're making themselves comfortable and partaking in all sorts of activities, from scanning networks to exporting data. Verizon warns that we can't keep blaming China, though -- at least not just China. About 21% of reported incidents are now being instigated from Eastern Europe. 3. Point-of-sale intrusions Given the recent high-profile Target (TGT) breach, in which hackers gained access to the credit card numbers of some 40 million customers, this may seem like the attack pattern du jour. But Verizon claims point-of-sale intrusions have actually been trending down over the last several years. "Recent highly publicized breaches of several large retailers have brought POS compromises to the forefront," the report's authors write. "But at the risk of getting all security-hipster on you -- we've been talking about this for years." Still, retailers and hotel companies in particular need to be concerned about this kind of attack. It only takes one massive point-of-sale intrusion to scare away customers and investors -- just ask Target. 4. Payment card skimmers Skimming mainly affects ATMs and gas pumps, and is a relatively crude form of attack that requires a skimming device to be physically added to a machine. It's hardly a new tactic, but what's different today is the way that the data from "skimmed" payment cards is collected. Before, a criminal had to retrieve the skimming device; now, a thief can remotely collect the data using Bluetooth or other wireless technologies. More modern ATMs are designed to be relatively tamper-free, but this is still a big problem in some parts of the world, such as Bulgaria and Armenia. 5. Insider misuse Not sure what falls under this category? Imagine someone akin to the rebel NSA defense contractor Edward Snowden, or pretty much any unapproved or malicious use of organizational resources. The most common examples of this are employees using forbidden devices (e.g. USB drives) or services to send intellectual property to their personal accounts -- or, more deliberately, posing as another user and sending messages aimed at getting a colleague fired. According to Verizon, many of the people committing these crimes are payment chain personnel and end users, but C-suite managers were more to blame in prior years. Bottom line: Trust no one. 6. Crimeware This category includes any malware incident that doesn't fit into the espionage or point-of-sale buckets. The goal is always some kind of illicit activity, such as stealing users' online banking credentials. Most forms of crimeware start with web activity such as downloads or so-called drive-by infections, where a virus can be downloaded when a user unknowingly clicks on a deceptive pop-up window. What can corporations do to combat these types of attacks? Keep software such as browsers up to date. |
