本
文
摘
要
数十年来犯罪技术经历了怎样的演变,如何防控网络犯罪分子袭击?IBM在近日发布的2020年威胁情报指数报告中做出解答。
请看详细报道↓↓↓
IBM Security 近日发布了2020年IBM X-Force 威胁情报指数报告。报告重点阐述了数十年来犯罪技术经历了怎样的演变,在此期间网络犯罪技术非法访问了数百亿条企业记录和个人记录,并利用了数十万个软件缺陷。
IBM Security released the IBM X-Force Threat Intelligence Index 2020, highlighting how cybercriminals techniques have evolved after decades of access to tens of billions of corporate and personal records and hundreds of thousands of software flaws.
报告显示,在首次遭受攻击的受害者中,有60%是源于过往被盗凭证或已知软件漏洞,攻击者无需大费周章实施诈骗就能获得访问权限。
According to the report, 60% of initial entries into victims networks that were observed leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access.
IBM X-Force威胁情报指数报告重点介绍了促成这一演变的因素,包括最主要的三大初始攻击媒介:
IBMs X-Force Threat Intelligence Index highlights contributing factors to this evolution, including the top three initial attack vectors:
网络钓鱼是一种成功概率较高的初始入侵媒介,占被监测事件的近1/3,而 2018年,这一比例更是高达一半。
Phishing was a successful initial infection vector in less than one-third of incidents (31%) observed, compared to half in 2018.
漏洞的扫描和利用占被监测事件的30%,而2018年的占比仅为8%。事实上在2019年,年代久远的已知Microsoft Office和Windows Server Message Block的漏洞被利用率依然很高。
Scanning and exploitation of vulnerabilities resulted in 30% of observed incidents, compared to just 8% in 2018. In fact, older, known vulnerabilities in Microsoft Office and Windows Server Message Block were still finding high rates of exploitation in 2019.
过往被盗凭证也逐渐成为首选“突破口”,占全年被监测事件的29%。
The use of previously stolen credentials is also gaining ground as a preferred point-of-entry 29% of the time in observed incidents.
报告指出,仅2019年泄露的记录就超过85亿条——报告的数据泄露量同比增长200%,被盗凭证数量随之增加,这为网络犯罪分子带来了可乘之机。
Just in 2019, the report states more than 8.5 billion records were compromised— resulting in a 200% increase in exposed data reported year over year, adding to the growing number of stolen credentials that cybercriminals can use as their source material.
IBM X-Force 威胁情报部门副总裁Wendi Whitmore表示:“我们发现,被泄露的记录数量众多,这意味着网络犯罪分子掌握的信息量越来越大,如同手握进入我们住宅和企业的钥匙一般。”
"The amount of exposed records that were seeing today means that cybercriminals are getting their hands on more keys to our homes and businesses. " said Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence.
攻击者不用花时间设计复杂方案来入侵企业,只需利用已知实体即可发起攻击,比如使用被盗凭证登录。
Attackers wont need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials.
他强调说:“要保障企业网络永续安全和确保用户数据的安全和隐私性,采用多因子认证、单点登录等保护措施至关重要。”
"Protection measures, such as multi-factor authentication and single sign-on, are important for the cyber resilience of organizations and the protection and privacy of user data." he said.
IBM X-Force 在130多个国家或地区每天监测到了700亿起安全事件,并根据对这些事件的洞察和观察开展了分析。
IBM X-Force conducted its *** ysis based on insights and observations from monitoring 70 billion security events per day in more than 130 countries.
此外,还从多个来源收集数据并开展分析及公开披露的数据泄露信息。
In addition, data is gathered and *** yzed from multiple sources and publicly disclosed data breach information.
同时,IBM X-Force 每天在全世界运行数千个垃圾邮件陷阱,监控数千万个垃圾邮件和钓鱼攻击,同时分析数十亿个网页和图像,以检测欺诈活动和品牌滥用情况。
IBM X-Force also runs thousands of spam traps around the world and monitors tens of millions of spam and phishing attacks daily while *** yzing billions of web pages and images to detect fraudulent activity and brand abuse.
报告揭示的部分要点如下:
Some of the reports key highlights include:
配置十分关键——IBM分析发现,在2019年报告的超过85亿条泄露记录中,有70亿条记录(占总数的 85% 以上)源于云服务器配置错误及其他系统配置不当。这与2018年的情况截然不同,当时此类记录所占的比例还不及总数的一半。
Configure it Out— IBMs *** ysis found that of the more than 8.5 billion breached records reported in 2019, seven billion of those, or over 85%, were due to misconfigured cloud servers and other improperly configured systems — a stark departure from 2018 when these records made up less than half of total records.
银行业备受勒索软件困扰——今年的报告显示,一些极为活跃的银行木马程序为全面勒索软件攻击搭建了舞台。
Banking on Ransomware— Some of the most active banking trojans found in this years report, such as TrickBot, were increasingly observed to set the stage for full-on ransomware attacks.
事实上,与报告中讨论的其他恶意软件变体相比,银行木马程序和恶意软件使用的新奇代码位居榜首。
In fact, novel code used by banking trojans and ransomware topped the charts compared to other malware variants discussed in the report.
网络钓鱼滥用科技信任——IBM X-Force 的报告发现,技术、社交网络和内容流的知名品牌成为“十大”被仿品牌,它们被网络攻击者在实施网络钓鱼时争相模仿。
Tech Trust Takeover for Phishing— The IBM X-Force report found that tech, social media and content streaming household brands make up the "Top 10" spoofed brands that cyber attackers are impersonating in phishing attempts.
这一转变似乎表明,人们对于技术提供商的信任度越来越高,超越过去信赖的零售和金融品牌。攻击中冒用的主要品牌包括谷歌、YouTube和苹果。
This shift could demonstrate the increasing trust put in technology providers over historically trusted retail and financial brands. Top brands used in squatting schemes include Google, YouTube and Apple.
勒索软件攻击不断演变
Ransomware Attacks Evolve
报告揭示了全球公私领域的勒索软件攻击趋势。
The report revealed trends in ransomware attacks worldwide, targeting both the public and private sectors.
据报告显示,2019年勒索软件活动呈上升趋势。IBM X-Force 面向全球13个不同行业部署恶意软件事件响应团队,用实际行动再次印证此类攻击与行业并不存在关联。
The report shows an uptick in ransomware activity in 2019 with IBM X-Force deploying its incident response team to ransomware incidents in 13 different industries worldwide, reaffirming that these attacks are industry agnostic.
IBM X-Force 发现,去年,有100家美国 *** 实体遭受勒索软件攻击,零售业、制造业和运输业同样遭到巨大冲击——这些行业要么持有大量具有盈利价值的数据,要么依赖过时技术运转,因而导致安全漏洞肆意蔓延。
While over 100 U.S. government entities were impacted by ransomware attacks last year, IBM X-Force also saw significant attacks against retail, manufacturing and transportation —which are known to either hold a surplus of monetizable data or rely on outdated technology and, thus, face the vulnerability sprawl.
实际上,在监测到的勒索软件攻击中,80%的攻击者利用Windows Server Message Block漏洞,即WannaCry传播战术。2017年,WannaCry攻击曾使150个国家或地区的企业遭受重创。
In fact, in 80% of observed ransomware attempts, attackers were exploiting Windows Server Message Block vulnerabilities, the same tactic used to propagate WannaCry, an attack that crippled businesses across 150 countries in 2017.
2019年,勒索软件攻击造成的经济损失超过75亿美元,犯罪分子敛取了巨额财富,他们在 2020 年绝不会就此偃旗息鼓。
With ransomware attacks costing organizations over $7.5 billion in 2019, adversaries are reaping the rewards and have no incentive to slow down in 2020.
通过与Intezer的合作,IBM报告称,45%的银行木马程序和36%的勒索软件中发现了新的恶意软件代码。
In collaboration with Intezer, IBMs report states that new malware code was observed in 45% of banking trojans and 36% of ransomware.
这表明,攻击者正在积极开发新的代码,继续大力规避监测。
This suggests that by creating new code attackers are continuing to invest in efforts to avoid detection.
IBM X-Force 还发现,勒索软件与银行木马程序存在着紧密的联系,银行木马程序常被用来为有针对性、高风险的勒索软件攻击开路,从而丰富了勒索软件的部署模式。
Concurrently, IBM X-Force observed a strong relationship between ransomware and banking trojans with the latter being used to open the door for targeted, high-stakes ransomware attacks, diversifying how ransomware is being deployed.
在网络钓鱼攻击中,犯罪分子冒充科技企业和社交媒体企业
Adversaries Spoof Tech and Social Media Companies in Phishing Schemes
随着消费者对网络钓鱼电子邮件的了解日渐深入,网络钓鱼攻击手段的针对性越来越强。
As consumers become more aware of phishing emails, phishing tactics themselves are becoming more targeted.
通过与Quad9的合作,IBM发现网络钓鱼活动出现了冒用趋势:攻击者利用诱人的链接冒充消费技术品牌——通过科技、社交媒体和内容流媒体企业,诱导用户点击网络钓鱼攻击活动提供的恶意链接。
In collaboration with Quad9, IBM observed a squatting trend in phishing campaigns, wherein attackers are impersonating consumer tech brands with tempting links – using tech, social media and content streaming companies to trick users into clicking malicious links in phishing attempts.
在公认的十大被仿冒品牌中,谷歌和YouTube域名的被仿冒比例占近60%,同时苹果(15%) 和 亚马逊(12%)域名也常被攻击者用于窃取具有盈利价值的用户数据。
Nearly 60% of the top 10 spoofed brands identified were Google and YouTube domains, while Apple (15%) and Amazon (12%) domains were also spoofed by attackers looking to steal users monetizable data.
IBM X-Force 评论称,这些品牌之所以成为被仿冒目标,是因为它们掌握着大量具有盈利价值的数据。
IBM X-Force assesses that these brands were targeted primarily due to the monetizable data they hold.
由于攻击者常常重用凭证来访问帐户,力求攫取更多的利益,IBM X-Force 表示,频繁重用密码可能是导致这些品牌成为攻击目标的潜在原因。
As attackers often bet on credential reuse to gain access to accounts with more lucrative payouts, IBM X-Force suggests that frequent password reuse may be what potentially made these brands targets.
事实上,IBM未来身份研究发现,41%的千禧一代多次重复使用同一密码,而 Z 世代平均仅使用五个密码,种种迹象表明重用率较高。
In fact, IBMs Future of Identity Study found that 41% of millennials surveyed reuse the same password multiple times and Generation Z averages use of only five passwords, indicating a heavier reuse rate.
识别欺骗性域名可能极为困难,攻击者笃定用户无法正确识别。
Discerning spoofed domains can be extremely difficult, which is exactly what attackers bet on.
报告中列出的十大被仿冒品牌总计拥有近百亿个帐户,这对攻击者来说意味着巨大的目标池,而毫无戒备的用户点击看似无害的被仿冒品牌链接的概率也会随之增加。
With nearly 10 billion accounts combined1, the top 10 spoofed brands listed in the report offer attackers a wide target pool, increasing the likelihood that an unsuspecting user clicks an innocent-seeming link from a spoofed brand.
该报告使用了IBM在2019年期间收集的数据,发布关于全球威胁领域的深层洞察,告知安全专家与他们的企业最相关的威胁。
The report features data IBM collected in 2019 to deliver insightful information about the global threat landscape and inform security professionals about the threats most relevant to their organizations.
来源:经济日报
