FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info

FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer InfoFederal Trade Commission experiment lured hackers to learn about how they use stolen consumer information.The Federal Trade Commission (FTC)’s Office of Technology conducted an experiment to learn how hackers use stolen information. Experts created a database of fake consumer credentials and posted them twice on a site that hackers use to make stolen data public.
This false information was made realistic by using popular names based on Census data, US-based addresses and phone numbers, common email address naming strategies, and one of three types of payment info (online payment service, bitcoin wallet, and credit card). Following the second posting of fake data, it took hackers just nine minutes to try and access it.
There were more than 1,200 attempts to access the information, which hackers tried to use to pay for things like food, clothing, games, and online dating memberships. The FTC advises consumers to stay safe with two-factor authentication, which prevented the thieves from gaining access.

处于产业链低端的发展中国家推动信息安全也依赖先进的技术,发达国家对尖端产品设定了出口限制,所以自行研发和制造IT安全产品是必需的,搞开放式标准,建立政府和企业之间的联盟是必要的。
Read more details here.
东诚生化(002675)
中西方用户的弱密码大同小异,安全服务和教育人员的挑战是如何让单纯的用户能为不同的系统设置不同的高复杂度密码,并且能清楚地记住它们。

猜您喜欢

Sphre Air ICO:使用区块链技术解决身份认证难题
针对一线员工的职业卫生安全管理体系培训教程
网络安全法宣传片 002 国家网络安全的现状与重要性概述
韩媒:崔顺实女儿将从丹麦出发 5月31日抵达韩国
SOUNDPICK LADAYOFTHEDEAD
企业安全意识之歌

Android ‘design shortcomings’ allow for Cloak and Dagger series of attacks

A series of “vulnerabilities and design shortcomings” in the Android user interface sets the stage for a new class of attacks called “Cloak and Dagger.”
Discovered by Chenxiong Qian, Simon P. and Chung, Wenke Lee of Georgia Tech and Yanick Fratantonio of UC Santa Barbara, the issues stem from two Android app permissions. The first, SYSTEM_ALERT_WINDOW (“draw on top”), allows an app to draw overlays on top of every other app. The second, BIND_ACCESSIBILITY_SERVICE (“a11y”), is a powerful privilege designed to assist users with disabilities in that it can notify an app of any event that affects the device and access the view tree.
Regarding these app rights, there’s good news and bad news. Both tidbits boil down to Google’s design choices.
First, the good news. Google understands the potential security implications of BIND_ACCESSIBILITY_SERVICE, which explains why the researchers found the privilege requested by only 24 of the top 4,455 apps on Google Play.
But the bad news is that Google grants SYSTEM_ALERT_WINDOW automatically. An attacker can exploit this fact in a malicious app to lure the user into granting a11y, access which they can then leverage to conduct a series of attacks including context-aware clickjacking, security PIN stealing, and the silent installation of a God-mode app.
Here’s a video of one such attack in action.
That’s not even the worst part.

An examination of these so-called “Cloak and Dagger” attacks not only demonstrates their practicality but also reveals most users aren’t the wiser that any malicious activity transpired. As the researchers explain in their paper:
“To test the practicality of these attacks, we performed a user study that consisted of asking a user to first interact with our proof-of-concept app, and then login on Facebook (with our test credentials). For this experiment, we simulated the scenario where a user is lured to install this app from the Play Store: thus, SYSTEM_ALERT_WINDOW is already granted, but BIND_ACCESSIBILITY_SERVICE is not. The results of our study are worrisome: even if the malicious app actually performed clickjacking to lure the user to enable the BIND_ACCESSIBILITY_SERVICE permission, silently installed a God-mode app with all permissions enabled, and stole the user’s Facebook (test) credentials, none of the 20 human subjects even suspected they have been attacked. Even more worrisome is that none of the subjects were able to identify anything unusual even when we told them the app they interacted with was malicious and their devices had been compromised.”
Now that we know the full extent of these attacks, what is Google doing to prevent them?
Well, the tech giant has known about the issues since August 2016. With some of the vulnerabilities, Google has said it simply “won’t fix” them. For some of the other design flaws associated with the Android UI, it could take researchers a while to address them.
According to a statement provided to Softpedia, the company is working on it:
安全狗通过ISO27001认证:更安全、更稳定、更可信赖!
“We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward.”
不管什么系统,都存在一定的安全弱点,用户可通过安装恶意软件扫描、定期检查系统检测并有效预防未来恶意软件的入侵。
That’s great…for Android users who receive OS updates on a regular basis. As we know with other Android security issues, most users don’t get those fixes from their manufacturers until weeks, months, or years after their release. For those unlucky many, they won’t see the “new security protections” built into Android O for quite some time.
While they wait for their share of the pie, all Android users can do is go into their device settings and check to see which apps have “draw on top” and “a11y” access. Not all apps that use these privileges will announce it to you. (Thank Google for that.) For those apps that do show up, think long and hard about keeping them installed on your device.
在设计并开始安全意识教育计划之前,应该先确定安全意识教育项目的目的。

猜您喜欢

“村监委”筑起廉洁”防火墙”
信息安全培训考题
网络安全法网络宣传片 002 国家网络安全的现状与重要性概述
法院发放5亿老赖欠款 壮汉抬钱抬到手酸
DOWNLOADS HARDERTHANITLOOKS
信息安全事件捂着盖着还是立即通报

俄罗斯黑客使用的是谷歌自己的基础设施,破解Gmail用户

对于企业网络的管理人员来讲,一定要提高网络安全意识,加强网络安全技术的掌握,注重对领导和员工的网络安全知识培训,而且更需要制定一套完整的规章制度来规范上网人员的行为。
万达信息(300168)融资融券信息(05-25)

电脑用户应当及时更新软件,使用可靠的安全软件,切勿点击或打开不确定是否安全的链接或文件。

猜您喜欢

2017年第一次食品安全抽检监测信息管理系统联络员会议暨业务培…
国外差旅安全及防灾减灾应急知识培训动画课件,让海外从业人员从容不迫:
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
从艳星到女神的辛酸上位史
BLACK-ROCK 24LIVEBLOG
保密知识云端课程

Draft Hacking Back Bill Gets Modifications Prior to Imminent Introduction

互联网金融移动APP与虚假WIFI的信息安全教训
Rep. Tom Graves (R-Ga.) has released an updated version (PDF) of his draft Active Cyber Defense Certainty (ACDC) Act, incorporating feedback from the business community, academia and cybersecurity policy experts. “I look forward to continuing the conversation and formally introducing ACDC in the next few weeks,” he said yesterday.

The original discussion draft was released in March 2017.
ACDC is designed to amend the existing Computer Fraud and Abuse Act (CFAA). CFAA, enacted in 1986, currently prohibits individuals from taking any defensive actions other than preventative actions; that is, cyber defenders are only legally allowed to defend passively. ACDC would allow controlled ‘active’ defense — something often called, somewhat misleadingly, ‘hacking back’ — by excluding prosecution for the exempted actions under the CFAA.
目前许多受害公司根本不愿意公布被害事件。即便越来越多的公司公布这类事件的细节,大多数企业领导们也会认为这些安全事件不会发生在他们自己身上,直到悲剧在他们身上上演后才相信。
The modifications now introduced are largely designed to tighten control and avoid collateral damage. For example, entities using active-defense techniques will need to report to the FBI. “A victim who uses an active cyber defense measure… must notify the FBI National Cyber Investigative Joint Task Force prior to using the measure.”
Similarly, modifications make it clear that active defense restrictions against causing physical injury include financial injury; and provide additional safeguards for ‘intermediate computers’. The latter term is defined as “a person or entity’s computer that is not under the ownership or control of the attacker but has been used to launch or obscure the origin of the persistent cyber-attack.”
These intermediate computers have always been considered the weak point in any form of hacking back — it is not easy for anyone to be certain of the precise source of an attack, leading to the possibility that active-defense measures could be launched against an innocent target.
National Security Agency and Cyber Command head Admiral Mike Rogers is one of those with such concerns. “My concern is,” he said during testimony before a House Armed Services subcommittee on Tuesday, “be leery of putting more gunfighters out in the street in the Wild West. As an individual tasked with protecting our networks, I’m thinking to myself — we’ve got enough cyber actors out there already.”
Perhaps in recognition of the inherent difficulties in such an Act, Graves has also introduced a sunset clause: “The exclusion from prosecution created by this Act shall expire 2 years after the date of enactment of this Act.”
“Although ACDC allows a more active role in cyber defense,” says an associated statement released yesterday, “it protects privacy rights by prohibiting vigilantism, forbidding physical damage or destruction of information on anyone else’s computer, and preventing collateral damage by constraining the types of actions that would be considered active defense.”
不要贪小便宜。世界上没有免费的午餐,哪怕在流行免费的互联网上也是一样。

猜您喜欢

网络安全宣传动画——勿通过个人手机非法外联
信息安全基础考试
Cyber Security Law 网络安全法宣传视频系列001
砥砺奋进的五年
DIBAMBI MYCARDMENU
从棱镜事件新进展看员工信息安全监管

TX: 2 Additional Cameron Co. Servers Missing

Steve Soliz reports:
Cyber Security Law 网络安全法宣传视频系列001
Cameron County said they’ve mistakenly sold more computer servers than previously thought. Those servers, filled with personal information, were sold off at auctions.

多家金融机构的业务系统同时出现严重故障,巧合程度令人震惊,警方正在积极调查事故原因,初步断定影响巨大,安全专家提醒:业务持续和灾难恢复计划引起高度重视。
CHANNEL 5 NEWS reported how one of those servers was up for sale at a Brownsville flea market.
In a statement, Cameron County Judge Eddie Trevino announced two more servers were sold at an auction in December.
He added the county also auctioned off computers, printers and monitors.
County leaders don’t know whether those two other servers had people’s information in them or where they are, according to Trevino.
 
Read more on KRGV.
信息安全论坛ISF发布未来两年安全威胁态势预测,报告称传统的安全风险管理方法受到了挑战,不能只关注信息安全领域,而是要更多结合组织战略和使用基于业务影响的方法来进行风险管理。

猜您喜欢

安全月员工安全意识教育宣传活动需要有新的故事
针对企业员工的EHS知识启蒙培训
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述
济南私自加建民房坍塌致6死4伤
COINSKY HEARTLANDREALTORS
大数据的成功关键在公众安全信心

Ca: Website hack exposed Prairie Mountain Health  patients personal, medical info

The Brandon Sun reports:
Personal and medical information of more than 1,000 Prairie Mountain Health patients are at risk after an internal website was hacked.
The regional health authority, in a statement Friday, said they do not believe the intent of the hack was to access personal information, but conceded they cannot exclude the possibility that identifiable personal details were viewed or copied.
中兴通讯高级副总裁、首席信息官陈杰 服务”一带一路” 5G和”智慧…

Subscription required to read the full story.
加强安全系统的监控和审计,特别是有部署了数据防泄露系统或安全事件管理平台的要适当调整严格一些设置,防止机密数据被员工离职前带走,此外要做好日志记录,以便审计之用。
Now you shouldnt need a subscription to a news outlet to find out about a breach involving your information, right? So I went to Prairie Mountain Healths site to find a breach disclosure or notice, but NOTHING was mentioned on their site.
Cmon folks: if you can send a press release to your local media, you can post a copy of the damned statement on your web site. In fact, you should be posting something on your web site and notifying patients even before you notify media.
So I tweeted an inquiry to their Twitter team asking where the notification is. If I find out more, Ill update this.
跨国公司要进入母国以外的国家和地区,就要遵守当地的法律法规,普世价值需为特殊国情让路,这是很明智的做法。

猜您喜欢

网络安全公益短片小心披露您的地理位置信息
盒装的“信息安全意识培训系统”上市
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
习近平就埃及遭遇恐怖袭击向埃及总统致慰问电
NINEWEB CABINETPAGES
信息安全爱好者特别是无线网络渗透测试人员、白帽黑客、安卓和苹果应用开发者,如何通过移动设备来控制他人呢?

GDPR Industry Roundup: One Year to Go

GDPR Roundup: New Products, Surveys and Industry Commentary
Thursday May, 25 2017 commenced the final countdown to the General Data Protection Regulation (GDPR): there is just one year before it comes into force. GDPR imposes complex new personal data protection requirements on any organization doing business in or with the European Union; and it is doubtful if many, or any organization is automatically compliant. The result is a serious challenge for business and a major opportunity for the security industry.
What follows is a roundup of this week’s new products, survey and comments on GDPR.
New Products/Services
IBM Resilient – “GDPR is ushering in some of the most important changes to European data privacy regulations in twenty years, much of it involving policies and documentation that are difficult to improve with technology. The Resilient Incident Response Platform is designed to help businesses comply with GDPR. It prescribes and can orchestrate people, process and technology in specific responses to data breaches.”
Forcepoint: GDPR-focused cloud service extensions – “We see the partnership growing between the CIO and CISO to implement solutions that securely enable the business shift to cloud computing while remaining in compliance with data privacy laws such as GDPR.”
Wombat Security: new GDPR training module – “Within this module, end users will learn why they need to be active participants in overall GDPR compliance; how to make the right decisions about the data they create and handle; and what the consequences of non-compliance are for your organization.”
New Surveys/Reports
Varonis: One Year Out: Views on GDPR  – “What’s most worrying about the findings is that one in four organizations doesn’t have a handle on where its sensitive data resides.   These companies are likely to have a nasty wake-up call in one year’s time.  If they don’t have this fundamental insight into where sensitive data sits within their organizations and who can and is accessing it, then their chances of getting to first base with the regulations are miniscule and they are putting themselves firmly at the front of the queue for fines.”
Kaspersky Lab: The IT department’s GDPR journey towards good data health – “With less than a year to go, firms are in various stages of compliance preparation. But the regulation doesn’t have to be a burden on one department alone. Every function in a business – from marketing to legal – has its role to play. Now is the time for IT departments to help them all on a journey towards good data health.”
Blancco Technology Group: EU GDPR: Countdown to Compliance – “If an organization cannot find their customers’ data, how will they be capable of erasing the data and complying with the EU GDPR’s requirement? Once they do finally locate their customers’ data, the next step is erasing the data permanently so that it can never be recovered. But as our study reveals, it’s quite common for organizations to use insecure and unreliable data removal methods, such as basic deletion and free data wiping software, which further undermines their security and compliance to EU GDPR.”
Guidance Software survey – “Only 15.7% of companies surveyed are in advance planning for GDPR, while 24% of organizations say they will not be ready by the May 2018 deadline.”
Trend Micro: WannaCry Highlights Major Security Shortcomings Ahead of GDPR D-Day – “The unpalatable truth is that many of those organizations caught out by WannaCry earlier this month could face punitive fines if the same kind of thing happens again in a year’s time… because an official Microsoft patch was available for weeks before the attack, the victim organizations could be said to have failed to take adequate security measures given the evident risks. Even virtual patching technologies exist to protect unpatched or unsupported systems.”
 Industry Commentary
Dr Jamie Graves, CEO at ZoneFox:
“The starting gun has officially been fired and one thing is for sure: from day one, the EU will not be accepting excuses. They believe organizations have had more than enough time to prepare. Those companies that haven’t started to unravel what GDPR means for them need to get proactive. GDPR is all about data, and that’s where companies need to start. It is imperative that they have a full, 360-degree view of data entering, leaving and being stored within their business. This visibility can then be used as a foundation to assess and restructure processes in order to ensure compliance. Although complicated, GDPR also presents companies with an opportunity. With data breaches becoming increasingly common and personal, by being compliant companies can demonstrate their commitment to data security and privacy. Afterall it’s not just money companies have to lose – their reputations are also on the line.”
Richard Stiennon, chief strategy officer, Blancco Technology Group
On day one of when the law goes into effect (May 25, 2018), a company can be held liable and subject to the fines, which are not specifically enforced for breaches, but for being out of compliance with the various requirements, including failure to appoint a DPO, failure to adhere to the ‘right to be forgotten,’ failure to notify the Supervisory Authorities of a data breach within 72 hours, to name a few.”
Black Duck Software
“If your organization needs to comply with the General Data Protection Regulation, you’ll need to examine the software eco-system you’re using and include open source identification and management in your GDPR security program. As well as examining custom source code for vulnerabilities, ensure that the open source you or your vendor companies use is not introducing hidden security vulnerabilities.”
Jason Hart, CTO, data protection at Gemalto
“Up until the 25th May 2018, EU businesses will be able to get away with keeping breaches from their customers, but this will change as the focus will be on protecting data going forward. Time is running out for businesses to get their house in order before GDPR comes into effect. Once that happens, we’ll start to see the true picture of data breaches within Europe and the impact that will have on the reputation of a multitude of businesses. Companies need to realize that being breached is an inevitability and customers will not put up with those that can’t protect their data. In order to be compliant, business must follow the six-step process outlined in the legislation.”
Ross Brewer, vice president and managing director at LogRhythm
水利部党校第44期进修班顺利完成第二阶段转段
“With only 72 hours to notify authorities and, in some cases those affected, companies will be under greater amounts of pressure to have full insight into the scope and scale of an attack as soon as it’s been identified. Time will be of the essence and it will be essential for organizations to have an accurate idea of the ‘who’, ‘what’, ‘how’ and ‘how big’ within those three days… businesses will require a more coordinated and efficient approach to threat detection that goes far beyond simply deploying firewalls or anti-virus. Having an end-to-end threat lifecycle management process that gives businesses the insight and full facts of a compromise from the offset will be vital, and businesses need to make sure they are adapting their strategies now so that they are fully prepared this time next year.”
Richard Henderson, global security strategist, Absolute
“To describe the new rules as an update or a refinement in the data protection regime is not accurate – this is not a fine-tuning of the law. A far more fundamental change is taking place. Under EU GDPR, businesses will not be able to get away without having complete visibility into endpoint assets at all times so they can identify suspicious activity and take action – whether a device is connected to the corporate network or not. In this hyper-connected world, businesses cannot afford devices to ‘go dark.’ They need to maintain a constant connection, and have the ability to remotely control data stored on endpoint devices to stop them becoming the gateway to a damaging breach, and subsequently protecting themselves from the repercussions of lax security.”
数据丢失情况报告发现年度的资料丢失数量上比往年有了下降,源自内部的威胁上升较多,社会工程学的使用也得到了加强,保障数据安全需从人员的安全管理抓起。
Richard Lack, managing director EMEA, Gigya
“GDPR, love it or hate it, is the EU’s attempt to put consumers back in control of their online data and compel businesses to keep that data safe from hackers. No more obscure service agreements that we all accept with a single click and never read. Consumers know they’re being mistreated and aren’t happy about it; a recent survey by Gigya found 68 per cent of consumers don’t trust brands to respect their privacy. How many will accept the terms to give away their data, given they have no obligation to do so? My prediction is zero… Businesses must, therefore, ensure that they have compliant systems in place to prevent a mass consumer ‘opt-out’ when the new regulations are enforced or even worse, face hefty penalties for non-compliance, with fines as large as four per cent of annual revenue.”
Gerard Allison, VP of EMEA at Gigamon
“While EU GDPR is a positive step forwards in data protection, organizations need to be aware of new ways cyber criminals could take advantage of the situation. Ransomware is a popular tool for hackers yet this tactic could evolve into a different, more dangerous beast. Let’s say for instance a hacker successfully breaches a network, but the business doesn’t have the tools in place to detect the breach or simply doesn’t report it. The hacker could threaten to report the organization to the ICO for non-compliance unless they paid them. Is it likely that a business would rather pay for a hacker’s silence than pay eye watering fines for being non-compliant?”
Mike Palmer, executive vice president and chief product officer, Veritas
“In order to achieve compliance, the biggest challenge for many organizations globally is understanding what data resides in their complex IT environments, how to protect it and delete it from the network when requested or it’s no longer needed. According to Veritas research, 32 per cent of organizations globally do not have the right technology in place to cope with GDPR. With one year to go, organizations should look to establish a clearly-defined governance strategy with data management tools at the core… The clock is ticking and it’s not just fines that are at stake, but jobs, brand reputation and the livelihood of businesses globally.”
Legal Comments
Callington Chambers
“The General Data Protection Regulation (“GDPR”) is the biggest reform of data protection legislation in the last two decades. When it comes into effect on 25 May 2018, in addition to applying to businesses within the EU, the GDPR will also affect any businesses outside the EU that offer products or services to EU customers or monitors EU citizens.”
Pillsbury Winthrop Shaw Pittman LLP
“These new laws will significantly impact any companies doing business in Europe, even those without a physical EU presence (e.g. U.S. companies targeting Europe). If you have a website, use customer or staff data or engage in almost any form of marketing you will likely be caught. The new very high fine levels for breaches and the need to be able to prove compliance mean companies, regardless of size, must take steps now to prepare.”
Article 29 Working Party
The European regulators have published a series of guidelines on data portability, data processing officers, and supervisory authorities; and a draft guideline on impact assessments.
DLA Piper LLP – “The aim is to be compliant by 25 May 2018 but this may be challenging so it is sensible to focus on the most important and risky areas first.”
Ashfords LLP – “The GDPR is an opportunity to streamline data protection practices and should enable organizations to strip back data which is inaccurate, out of date or irrelevant.”
Squire Patton Boggs
“[GDPR] is aimed primarily at commercial progressing of customer data but still has significant ramifications for HR’s handling of employee data… and the new law will represent fertile ground for employees looking to blow the whistle on something. The numbers being waved around as possible fines are enormous, but even though we think they will be the tiny exception rather than the rule, this isn’t an area for HR to treat casually.”
Kingsley Napley
Referencing the UK’s NHS and WannaCrypt, many victims were probably in breach of existing data protection regulations by using unsupported or unpatched Windows systems. “The EU General Data Protection Regulation (the ‘Regulation’) coming into effect on 25 May 2018, which replaces the DPA largely repeats the security principles set out in the DPA. However, the GDPR enforces a much tougher and stricter regime, with more severe penalties for data breaches.”

Squire Patton Boggs
Subject access requests (SARs) from employee to employer are complex. “Breach of the right to access personal data falls under a ‘top tier’ breach carrying a fine of up to €20million or 4% of global turnover (whichever is higher), but it is self-evident that the sort of ordinary slips which employers make in responding to SARs from employees will not get within a hundred miles of this sort of number. Factors that could aggravate the situation are listed under the GDPR to include the intentional or negligent character of the infringement, any previous infringements, any losses or damage to the data subject. The examples of mitigating factors listed, on the other hand, are any actions taken by the controller to mitigate the damage suffered by data subjects and the degree of cooperation with the supervisory authority.”
Osborne Clarke
Profiling: “The interpretation of Article 22 is imperative. Defined broadly, it will place significant burdens on organizations undertaking profiling for advertising and marketing purposes; defined narrowly, there is less cause for concern. We can expect guidance from the Article 29 Working Party later this year. In due course, we might also expect a common standard for measuring the effects of profiling.
In any case, with a year to go, organizations should be reviewing their profiling activities in light of the GDPR, and ensuring that they are taking the necessary steps to ensure compliance from (no later than) 25 May 2018.”
Squire Patton Boggs
“A good way to get started on these tasks is to first educate and obtain C-level buy-in. While the possible sanctions are a strong motivator, it is important that your organization understands that GDPR compliance will add value by ensuring better data management. Once buy-in is secured, you should create a GDPR Core Group consisting of key stakeholders from major departments in your organization. Your GDPR Core Group will be essential in driving these tasks to completion.”
监管机构在管理体系和技术防范上的已经卓有建树,可是效果不够理想,每年仍有这么多的案件,说明对潜伏在人民大众中的犯罪份子的信息安全沟通、感化和教育还不够。

猜您喜欢

[增持评级]通信行业周报:信息安全与卫星导航催化剂众多 物联网持续…
人人需知的环境保护管理体系基础知识
Security-Frontline-安全前线
四川消防精彩大片展示逆行的英雄消防员
BYALLACCOUNTS LACKAWANNACOUNTY
安全意识评估内容及服务

Botnets: Inside the race to stop the most powerful weapon on the internet

The attack attempted to make 100,000s of routers part of a botnet.
Image: iStock
Even one of the simplest forms of cyberattack has the potential to catastrophic damage; a large DDoS attack by an army of hijacked devices is capable of knocking networks offline, leaving organisations and their customers unable to access services.
The impact of such an attack was made clear by the Mirai botnet incident late last year. The Mirai botnet used everyday internet-connected devices, such as routers and security cameras, to bring large chunks of the internet to its knees, slowing or outright bringing down popular websites and services.
Mirai botnet attack hits thousands of home routers, throwing users offline

Germany’s federal security office confirmed that almost a million customers in the country were affected by internet outages as a result of the attack.
网络安全法实施宣传
Read More
But that wasn’t the end of Mirai’s malicious intent. A month later a million internet users in Germany were thrown offline in late November as part of a coordinated cyberattack which also impacted the UK, Ireland, Turkey, Iran, and Brazil, among others.
Internet provider Deutsche Telekom bore the brunt of much of the attack within German borders. Matthias Rosche, SVP of solution sales and consulting at Deutsche Telekom’s telecom security group, described it as “the biggest attack” against the company which had a “major” impact on its customer base.
Almost five percent of its 20 million customers suffered internet outages as a result of the botnet attack, which targeted ZYxel and DLink routers, exploiting an open port. In total, 900,000 routers were affected by the attack.
The attack wasn’t capable of stealing data, but it still created massive problems, resulting in 30 hours of downtime for 900,000 internet connections in homes and businesses across Germany.
“What we saw was that there were specific routers which had issues and problems. Looking at the statistics, we saw that a significant number went down immediately,” Rosche said, speaking at a conference arranged by security company Check Point in Milan.
The malware contained a link designed to upload malicious software to the devices in order to connect them to the botnet, but Deutsche Telekom quickly moved to minimise the potential damage of this threat.
“We started to investigate into the attack and figured out there was a download link embedded to upload to malicious software. So the first thing we did was block that to make sure that even if the infection is successful, nothing can be uploaded from that specific link,” said Rosche.
The company’s security team set up a war room to coordinate activities and block the key target open port across the network, in order to ensure no attack could target it anymore, he explained.
In addition to this, an agreement between Deutsche Telekom and the router vendors meant as soon as the telecoms firm knew how to close the vulnerability, they contacted the vendors and provided them with the information required to update devices and protect them against the botnet.
我们的安全培训方案有40分钟的完整信息安全基础课程,用于对全体员工和新入职员工进行安全意识培训。
“Within 12 hours we had a new software version available for our routers,” said Rosche, adding that users were informed they had to turn routers on and off again and to protect themselves from the attack.
“This was a simple patching process and we were happy this was our worst-case scenario,” he said of the incident.
If the attack had been fully successful, the results would’ve been dire and a danger to the internet.
“It’s a simple calculation. We’d have had a new botnet of 1.8 terabits per second, which is big enough to carry out a DDoS attack against any state in the world. This would’ve been the most powerful weapon on the internet, it would have been incredible,” said Rosche.
“We apologised to our customers and the question we had to ask ourselves was, ‘Can we guarantee that this won’t happen again in the future?’ The answer is ‘probably not’. But we’ll be prepared,” he said.READ MORE ON CYBERSECURITY History repeating: How the IoT is failing to learn the security lessons of the pastInternet-connected devices will always pose a risk, experts say [CNET]Is ‘admin’ password leaving your IoT device vulnerable to cyberattacks? Homeland Security warns of ‘BrickerBot’ malware that destroys unsecured internet-connected devicesEverything old is new again: Experts predict a flood of denial-of-service attacks [TechRepublic]
黑客入侵多家高校网站,知名高校被黑彰显教育行业的信息安全力量薄弱。

猜您喜欢

IDC机房高可用性双总线供电结构的技术研究
全民网络安全意识教育策略与资源
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述
棒打子女母亲情绪崩溃 将做精神鉴定
KLEVU FARNORTHMISSIONARYFELLOWSHIP
安全基础理论课程助力培养全民网络安全意识

分割隧道SMTP利用绕过电子邮件安全网关

天下没有免费的午餐,一个新的弹出窗口可能会免费向您提供计算机的安全扫描,以发现病毒感染情况和未处理的漏洞。不要吃掉这诱饵!如果您允许这种类型的扫描,您可能会让不怀好意的家伙们访问您的个人信息。

Security-Frontline-安全前线
使用可以评价网络信誉的工具,它可以在您进入不可信网站时及时地给您警告。也有不少信誉网站会评判和报告出那些钓鱼网站和传播恶意代码的网站。

猜您喜欢

比特币躺枪?信安股躺赢?一文带你看透勒索病毒WannaCry
安全事故之后的安全流程评审
Security-Frontline-安全前线
芭蕾美女泳装现身茶园
RYANGITTINGS BLULOW
NVIDIA论坛和AMD博客相继被黑给科技公司的启示

How to use Connects to know where your apps are calling out to

打击黑客必须从源头上对黑客工具进行打击,培训网络安全无罪,但提供侵入、控制计算机系统程序、工具是有罪的。
云计算创建灾难恢复与业务连续性的平衡

又有大量敏感信息现身黑客论坛,地下信用卡信息买卖平台交易火爆。

猜您喜欢

案例分享:TT物联网是什么?
地理位置信息泄露
网络安全法宣传视频系列001《网络安全法》背景知识
万万没想到这两国在南海爆发冲突 互相扣押对方人员
NIASHANKS ACTIVEDINER
安全意识教育的商业价值