网络安全威胁检测与威胁溯源_网络安全威胁2018及如何确保安全

网络安全威胁检测与威胁溯源

Cyber security has consistently hit the headlines during 2017, especially the spate of large-scale WannaCry and Petya ransomware attacks. There have also been some notable hacks on businesses and government systems too, including the theft by North Korea of the US and South Korea’s war plans. Predictions for 2018, continue to be gloomy, with the added concern that Wi-Fi networks could be the next big target.

网络安全一直是2017年的头条新闻，尤其是大规模的WannaCry和Petya勒索软件攻击。 在企业和政府系统上也存在一些明显的黑客攻击，包括朝鲜盗窃美国和韩国的战争计划 。 对于Wi-Fi网络可能成为下一个主要目标的担忧，2018年的预测仍然令人沮丧。

In what ways will cyber-attacks develop in 2018?

2018年网络攻击将以何种方式发展？

As technology develops, it opens new ways for cybercriminals to hack and infect systems. As we shift ever more towards mobile internet usage and begin to use more and more Internet of Things (IoT) devices, it is these areas where vulnerabilities are likely to be found. And, of course, where there are vulnerabilities, you’ll find hackers trying to exploit them.

随着技术的发展，它为网络犯罪分子入侵和感染系统开辟了新途径。 随着我们越来越转向移动互联网使用并开始使用越来越多的物联网(IoT)设备，很可能在这些领域中发现了漏洞。 而且，当然，在存在漏洞的地方，您会发现黑客试图利用它们。

That doesn’t mean that criminals will abandon their traditional tactics altogether. Whilst ransomware hasn’t been in the news for a few months, it doesn’t mean it has gone away. New and more potent versions of the software are being developed and it is only a matter of time before we see another large-scale attack.

这并不意味着犯罪分子将完全放弃其传统战术。 尽管勒索软件已经几个月没有出现在新闻中了，但这并不意味着它已经消失了。 正在开发该软件的新版本和更强大的版本，我们看到另一次大规模攻击只是时间问题。

The same applies to other forms of hacking. Cybercriminals are constantly developing more sophisticated methods for breaking into systems and spreading malicious code. Perhaps most frighteningly, though, is that with the expansion of the dark web, there is a marketplace from which they can sell them on to any criminal gang willing to pay for their services.

其他形式的黑客攻击也是如此。 网络罪犯正在不断开发更复杂的方法来侵入系统并传播恶意代码。 不过，也许最令人恐惧的是，随着暗网的扩展，有一个市场可以将其出售给愿意为服务付费的任何犯罪团伙。

A KRACK in the Wi-Fi armour

Wi-Fi装甲中的KRACK

Perhaps the scariest threat facing us in 2018 is the recent discovery of a vulnerability in the security protocol of Wi-Fi systems. Nearly everyone uses Wi-Fi, whether on a home network, business network or one of millions of Wi-Fi hotspots we rely on in public places. We also use Wi-Fi with a lot of different devices: laptops, tablets, phones, wrist devices and IoT equipment. We use it for every conceivable kind of purpose, too – including sending sensitive information, logging into accounts and for financial transactions.

也许我们在2018年面临的最可怕的威胁是最近发现的Wi-Fi系统安全协议中的漏洞。 几乎每个人都使用Wi-Fi，无论是在家庭网络，企业网络还是我们在公共场所依赖的数百万个Wi-Fi热点之一。 我们还将Wi-Fi与许多不同的设备一起使用：笔记本电脑，平板电脑，电话，手腕设备和IoT设备。 我们也将其用于各种可能的目的，包括发送敏感信息，登录帐户以及进行金融交易。

It is not good news, then, that the vulnerability known as KRACK works against all modern Wi-Fi networks. At present, no network or device that uses Wi-Fi is safe. Hackers can exploit the vulnerability by intercepting the authentication process that takes place when your device connects to a protected Wi-Fi network. This enables attackers to eavesdrop on all the data you send and receive over the network, including credit card numbers, passwords, chat messages and emails. Not only can this be used for theft, it can also be used for blackmail and other types of crime.

那么，被称为KRACK的漏洞可用于所有现代Wi-Fi网络并不是一个好消息。 目前，没有使用Wi-Fi的网络或设备是安全的。 黑客可以通过拦截设备连接到受保护的Wi-Fi网络时发生的身份验证过程来利用此漏洞。 这使攻击者能够窃听您通过网络发送和接收的所有数据，包括信用卡号，密码，聊天消息和电子邮件。 这不仅可以用于盗窃，还可以用于勒索和其他类型的犯罪。

The vulnerability also lets hackers use what is known as HTTP content injection. This basically means they can sneak malicious code into the websites you’re surfing and infect your devices with ransomware or viruses.

该漏洞还使黑客能够使用所谓的HTTP内容注入。 这基本上意味着它们可以将恶意代码潜入您正在浏览的网站，并用勒索软件或病毒感染您的设备。

There are four pieces of advice to help protect you from KRACK attacks:

有四点建议可帮助您保护免受KRACK攻击：

• Make sure all your devices’ operating software or firmware is up-to-date
  确保您所有设备的操作软件或固件都是最新的
• When surfing on W-Fi networks, only visit sites with HTTPS connections
  在W-Fi网络上冲浪时，仅访问具有HTTPS连接的网站
• If possible, use a VPN to connect to the internet – it’s safer
  如果可能，请使用VPN连接到互联网-这样更安全
• Make sure your anti-virus software is up-to-date
  确保您的防病毒软件是最新的

 

 

Traditional hackers going for the big fish

传统黑客争夺大鱼

Attacks on small and medium-sized businesses will continue to rise in 2018 simply because many of owners do not have adequate security in place. This is partly because they believe they have nothing worth stealing. Whilst it might be true that your data has no value, hacking your system or website means it can be used for all kinds or underhand purposes, such as spreading malware or sending out thousands of spam emails.

仅仅由于许多所有者缺乏适当的安全保护，2018年对中小企业的攻击将继续增加。 部分原因是他们认为自己没有值得偷的东西。 尽管您的数据可能毫无价值，但对系统或网站进行黑客攻击意味着它可以用于各种目的或不正当目的，例如传播恶意软件或发送数千封垃圾邮件。

It looks, however, that even robustly defended enterprises are going to come under more sophisticated attack during 2018 – especially if the data they hold is valuable. The recent case of the Equifax hack which, according to the Washington Post, resulted in the theft of the personal details of 143 million Americans and according to The Telegraph, 44 million Britons, is a prime example.

然而，看起来，即使防御能力强的企业也将在2018年遭受更复杂的攻击-尤其是如果它们拥有的数据有价值。 一个典型的例子就是最近发生的Equifax骇客事件，据《 华盛顿邮报》报道 ，该事件导致1.43亿美国人的个人信息被盗，而根据《电讯报》报道，有4,400万英国人。

Equifax is a credit rating agency, it’s role is to help loan companies, banks and other businesses decide how financially secure you are when you apply for credit. To do this, it needs to collect and hold all kinds of extremely sensitive information about you in order to provide a credit score. It will have details about your income, your current and past loans, your monthly direct debits, your bank and credit cards accounts, as well as bad debts, missed payments, overdrafts, county court judgements and all manner of other things. It will also keep details on who you are financially linked with and their financial security.

Equifax是一家信用评级机构，其作用是帮助贷款公司，银行和其他企业确定您申请信贷时的财务安全程度。 为此，它需要收集和保存有关您的各种极其敏感的信息，以便提供信用评分。 它将包含有关您的收入，您当前和过去的贷款，您每月的直接借方，您的银行和信用卡帐户以及坏账，未付款项，透支，县法院判决和所有其他方式的详细信息。 它还将保留有关与您有财务联系的人及其财务安全的详细信息。

This data is now in the hands of cybercriminals.

这些数据现在掌握在网络罪犯手中。

The implications of this are huge. But for other companies out there who hold data about their customers, it is absolutely crucial that during 2018, you ensure it is as securely protected as possible. Failure to do so can result in law suits by those whose data has been stolen and, after the GDPR regulations come into force in May, you could be fined up to  4% of global annual turnover or €20 million – whichever is the highest.

这意味着巨大的意义。 但是对于那里拥有客户数据的其他公司来说，至关重要的是，在2018年期间，确保确保对其进行尽可能安全的保护。 不这样做可能会导致数据被盗的人提起诉讼，在GDPR法规于5月生效后，您可能会被处以高达全球年营业额4％或2000万欧元的罚款–以最高者为准。

Cybercriminals now using artificial intelligence

网络犯罪分子现在使用人工智能

Cybercriminals are now using artificial intelligence to scam businesses. One example is the Business Employee Compromise (BEC) scam which uses machine learning to send fraudulent emails which trick employees into wiring company funds to the attacker’s bank account.

网络犯罪分子现在正在使用人工智能来欺骗企业。 一个示例是企业员工妥协(BEC)骗局，该骗局使用机器学习来发送欺诈性电子邮件，从而诱骗员工将公司资金汇入攻击者的银行帐户。

With the BEC scam, artificial intelligence is used to employ sophisticated social engineering techniques. It helps attackers identify potentially vulnerable employees and manipulates them into sending the money.

通过BEC骗局，人工智能被用于采用复杂的社会工程技术。 它可以帮助攻击者识别潜在的弱势员工，并操纵他们进行汇款。

According to McAfee, the availability of these AI tools on the dark web means that we are likely to see a significant rise in their use. What helps this, is that that much of the data needed to provide the intelligence about specific businesses and their employees is available in the public domain. Online publication of names, roles, email addresses and employee profiles, together with social media information from sites liked LinkedIn and Facebook, makes it easier to gather the data needed.

根据McAfee的说法，这些AI工具在暗网上的可用性意味着我们很可能会看到它们的使用率显着上升。 有助于这样做的是，提供有关特定企业及其员工的情报所需的大量数据可在公共领域获得。 在线发布姓名，职务，电子邮件地址和员工资料，以及来自LinkedIn和Facebook等网站的社交媒体信息，可以更轻松地收集所需数据。

10 tips to secure your system in 2018

2018年保护系统安全的10个技巧

To protect against the increased threat of hacking in 2018, we recommend you take the following steps:

为防止2018年黑客攻击的威胁增加，我们建议您采取以下步骤：

1. Update to the latest versions of your software

1.更新到最新版本的软件

Legacy software is an open door to attackers who have the web monitoring tools to find companies using vulnerable apps. Always update to the latest version.

旧版软件为攻击者敞开了大门，他们拥有网络监控工具，可以使用易受攻击的应用程序查找公司。 始终更新到最新版本。

2. Keep up to date with developers’ guidelines

2.与开发人员指南保持同步

For increased security, always follow the software developers’ guidelines for keeping their application safe. Make sure you are signed up to receive email updates so if a vulnerability is found you can take action quickly.

为了提高安全性，请始终遵循软件开发人员的指南以确保其应用程序安全。 确保您已注册以接收电子邮件更新，因此，如果发现漏洞，则可以快速采取措施。

3. Switch to HTTPS with site-wide SSL or TLS

3.使用站点范围的SSL或TLS切换到HTTPS

With Wi-Fi vulnerability likely to be a big concern in 2018, it’s even more crucial that you enable site-wide SSL (Secure Sockets Layer) to encrypt links between a server and a client. Even more secure is Transport Layer Security (TLS) which splits encrypted communication between two servers so, even if data intercepted and unencrypted, only part of the data will be present. Both SSL and TLS can be used with HTTPS.

由于Wi-Fi漏洞在2018年可能是一个大问题，因此启用站点范围的SSL(安全套接字层)来加密服务器和客户端之间的链接就显得尤为关键。 传输层安全性(TLS)更加安全，它可以在两个服务器之间拆分加密的通信，因此，即使截获和未加密的数据也仅会出现部分数据。 SSL和TLS均可与HTTPS一起使用。

4. Make sure you use intrusion prevention tools

4.确保使用入侵防御工具

Intrusion prevention tools can offer robust protection for some of your apps and can be enabled using cPanel or Plesk.

入侵防御工具可以为某些应用程序提供强大的保护，并且可以使用cPanel或Plesk启用。

5. Use .htaccess file to keep your site secure

5.使用.htaccess文件来保护您的网站安全

Adding a few lines of instructions to your .htaccess file can block unauthorised access to the database and admin area of your website, whilst stopping unauthorised directory browsing and the access to files.

在.htaccess文件中添加几行说明可以阻止对网站的数据库和管理区域的未经授权的访问，同时停止未经授权的目录浏览和文件访问。

6. Ensure you use a vulnerability scanner

6.确保您使用漏洞扫描程序

Vulnerability scanners such as MTvScan can ensure your site is continually monitored for software holes, malware and intrusions.

诸如MTvScan之类的漏洞扫描程序可以确保持续监控您的站点是否存在软件漏洞，恶意软件和入侵。

7. Regularly backup your data

7.定期备份您的数据

Not being able to recover quickly from loss of data or website content can put you out of business. The best way to protect yourself is to regularly backup your website and database files. This way, if you are hacked, you can restore your website quickly and inexpensively.

无法从数据或网站内容丢失中快速恢复可能会使您破产。 保护自己的最好方法是定期备份您的网站和数据库文件。 这样，如果您被黑客入侵，则可以快速，经济地恢复您的网站。

8. Enable your application firewall

8.启用您的应用程序防火墙

A securely configured firewall can protect you from cross-site scripting and SQL injection attacks. It will block malicious HTTP requests which don’t conform to your pre-set rules.

安全配置的防火墙可以保护您免受跨站点脚本和SQL注入攻击。 它将阻止不符合您的预设规则的恶意HTTP请求。

9. Use a high-performance network firewall

9.使用高性能网络防火墙

A network firewall can protect your website from sophisticated cyber-attacks. At eUKhost, we use a Next Generation Network Security (NGNS) platform from Fortigate.

网络防火墙可以保护您的网站免受复杂的网络攻击。 在eUKhost，我们使用Fortigate的下一代网络安全(NGNS)平台。

10. Forget passwords – use a credential vault

10.忘记密码–使用凭证保险库

One of the biggest security weaknesses faced by many companies is poor password management One of the best ways to achieve password security is to use a credential vault. These create highly secure passwords for users but the users themselves never know what the password is. Instead, they just need to validate their credentials. Doing this guarantees that the user can’t lose or give the password away.

许多公司面临的最大安全弱点之一是密码管理不善。实现密码安全性的最佳方法之一是使用凭证保险库。 这些为用户创建了高度安全的密码，但是用户本身永远都不知道密码是什么。 相反，他们只需要验证其凭据即可。 这样做可以确保用户不会丢失或丢失密码。

Conclusion

结论

2018 is going to see a widening of scope in where cybercriminals attack. Weaknesses in Wi-Fi, hardware and IoT devices will give rise to new ways for criminals to hack, steal and spread malicious software. At the same time, advances in hacking technology, such as in AI and machine learning, will make criminals have even more sophisticated tools at their disposal.

2018年，网络犯罪分子的攻击范围将会扩大。 Wi-Fi，硬件和物联网设备的缺陷将为犯罪分子提供新的方式来入侵，窃取和传播恶意软件。 同时，诸如AI和机器学习之类的黑客技术的进步将使犯罪分子拥有更加先进的工具。

In response, we may see some of the security firms developing specialisms to deal with the widening nature of threats. With governments being targeted even more, we may also see increased government funding for fighting cybercrime and bigger penalties for those who carry it out.

作为回应，我们可能会看到一些安全公司正在开发专门知识来应对威胁不断扩大的性质。 随着政府成为更多目标，我们可能还会看到政府增加了打击网络犯罪的资金，并加大了对网络犯罪者的处罚力度。

eUKhost provides a wide range of effective security measures to protect our clients, including SSL, website backup, SpamExperts email protection, site monitoring and intrusion protection, Mtvscan vulnerability scanning, 24×7 support staff and Fortigate firewalls.

eUKhost提供了一系列有效的安全措施来保护我们的客户，包括SSL，网站备份，SpamExperts电子邮件保护，站点监视和入侵保护，Mtvscan漏洞扫描， 24×7支持人员和Fortigate防火墙。

If you are concerned about your organisation’s website security or want to know how eUKhost can protect your organisation, get in touch on 0800 862 0380 or book a free consultation.

如果您担心组织的网站安全，或者想知道eUKhost如何保护您的组织，请致电0800 862 0380或预订免费咨询 。

翻译自: https://www.eukhost.com/blog/webhosting/cyber-security-threats-2018-and-how-to-stay-secure/

网络安全威胁检测与威胁溯源