媒介查询_2016年最主要的网络攻击媒介

媒介查询

It is a very unique time in history in the sense that criminals are now using technology to their advantage. Gone are the days of traditional criminals. Technology has enabled for crimes to be committed on a much greater, more sophisticated scale. This paper intends to examine three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  We will conclude by examining the means of securing and protecting critical systems and information against these types of occurrences.

从罪犯正在利用技术优势的意义上讲，这是历史上非常独特的时期。 传统罪犯的日子已经一去不复返了。 技术使犯罪得以更大，更复杂的规模实施。 本文打算研究三种攻击媒介，特别是恶意攻击，Web应用程序攻击以及基于网络的攻击中使用的不同类型的恶意软件。 我们将通过研究保护和保护关键系统和信息免遭此类事件的方式得出结论。

Whether cyber criminals are looking to infiltrate government, business, or personal use systems, we must now more than ever remain vigilant in defending these attacks According to Mark Ciampa, “information security is intended to protect information that provides value to people and organization” (Ciampa, 2012, p. 12).  These efforts are intended to support the information securities CIA triad.

无论网络罪犯是希望渗透到政府，企业或个人使用系统中，我们现在都必须比以往任何时候都更加警惕地防御这些攻击，根据Mark Ciampa所说，“信息安全旨在保护为人们和组织提供价值的信息”（ Ciampa，2012年，第12页）。 这些努力旨在支持信息证券CIA三合会。

Confidentiality – the C in the CIA triad – is intended to ensure that information is only able to be accessed to authorized individuals. This can be done through implementing different levels authentication is set up to ensure that “the individual is who they claim to be and not an impostor” (Ciampa, 2012 p. 13). Integrity – I in the triad – is meant to prevent any malicious altering of data. The integrity of data can be manipulated by unauthorized individuals accessing and manipulating the data, a disgruntled employee who has authorization, or malicious software. This could be through the introduction of malware. This malware could have unintended results such as making data unavailable, or worse.

机密性（CIA三合会中的C）旨在确保仅授权人员才能访问信息。 这可以通过实施不同级别的身份验证来完成，以确保“个人是他们声称的身份，而不是冒充者”（Ciampa，2012第13页）。 诚信–我在三合会中–旨在防止任何恶意的数据更改。 数据的完整性可以通过未经授权的人员访问和操作数据，心怀不满的拥有授权的员工或恶意软件来操纵。 这可以通过引入恶意软件来实现。 该恶意软件可能会产生意想不到的结果，例如使数据不可用或更糟。

Malware, as defined by Ciampa, is “software that enters a computer system without the user’s knowledge or consent and then performs an unwanted – and usually harmful – action” (Ciampa, 2012, p.43). Malware is generally spread through a number of means. Viruses for example, are contained to the system it infects. Unlike worms, viruses cannot spread to other nodes connected to the same network. Viruses can infect a system a number of ways. They can be appended to a file that when opened, “the jump instruction redirects control to the virus” (Ciampa, 2012, p. 44). The virus essentially reproduces itself over and over again and causes such behavior as reformatting hard drives, changing and/or manipulating a systems security settings, deleting folders and files, and a host of other unauthorized activities that can wreak havoc on a system.

根据Ciampa的定义，恶意软件是“未经用户知情或同意即进入计算机系统，然后执行有害的（通常是有害的）行为的软件”（Ciampa，2012年，第43页）。 恶意软件通常通过多种方式传播。 例如，病毒包含在其感染的系统中。 与蠕虫不同，病毒无法传播到连接到同一网络的其他节点。 病毒可以多种方式感染系统。 可以将它们附加到打开的文件中，“跳转指令将控制权重定向到病毒”（Ciampa，2012，第44页）。 该病毒本质上是一遍又一遍地复制自身，并导致诸如重新格式化硬盘驱动器，更改和/或操纵系统安全性设置，删除文件夹和文件以及许多其他可能对系统造成严重破坏的未经授权的活动。

Worms are another common type of malware used in malicious attacks. Ciampa defines a worm as “a malicious program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer” (Ciampa, 2012, p.48). As mentioned previously, the main distinction between a worm and a virus is that worms have the ability to traverse between nodes connected to a single network. This enables them to move from node to node ultimately self-replicating itself on every machine it is able to penetrate. These attacks are able to slow down networks, manipulate data in folders and files on systems, and have an adverse effect on the system and network performance.

蠕虫是用于恶意攻击的另一种常见恶意​​软件。 Ciampa将蠕虫定义为“旨在利用应用程序或操作系统中的漏洞进入计算机的恶意程序”（Ciampa，2012年，第48页）。 如前所述，蠕虫和病毒之间的主要区别是蠕虫具有在连接到单个网络的节点之间穿越的能力。 这使他们能够从一个节点移动到另一个节点，最终在能够穿透的每台机器上自我复制。 这些攻击能够降低网络速度，操纵系统上的文件夹和文件中的数据，并对系统和网络性能产生不利影响。

These viruses are often called Trojans as they are able to penetrate a system without the use knowing. They often look, feel, and perform like the intended software they are marketed as, however they are infected with malicious code with the hopes of opening a system for transmission of information to the attacker. These types of attacks are “typically executable programs that contain hidden code that launches an attack” (Ciampa, 2012, p. 49).

这些病毒通常被称为特洛伊木马，因为它们能够在不知情的情况下穿透系统。 它们通常看起来，感觉和性能都与销售的预期软件相同，但是它们感染了恶意代码，希望打开一个系统将信息传输给攻击者。 这些类型的攻击是“通常包含执行攻击的隐藏代码的可执行程序”（Ciampa，2012，第49页）。

Other means of gaining access to a system are often also employed by malicious attackers. Rootkits, logic bombs, and backdoors are all commonly employed to gain access to a system. Similar to Trojan attacks, these are employed with the goal of concealing the attack. Backdoors are common practice for developers who intend to “access a program or device on a regular basis” (Ciampa, 2012 (p.52) but these often leave means an opportunity for a malicious attacker to gain access as well.

恶意攻击者还经常采用其他方式来访问系统。 Rootkit，逻辑炸弹和后门通常都是用来访问系统的。 与特洛伊木马攻击类似，它们的用途是隐藏攻击。 对于打算“定期访问程序或设备”的开发人员来说，后门是一种常见做法（Ciampa，2012年，第52页），但这些后门通常也意味着恶意攻击者也有机会获得访问权限。

Web based attacks are generally used to disrupt websites, web applications, and web services. There are a number of methods used to deploy this type of attack. One of the most common types of attacks against web applications is SQL injections. These attacks target relational databases by using Structured Query Language (SQL) scripts to extract or manipulate the stored data. According to the Security Intelligence website, “in 2014, SQL injections, a type of application attack, were responsible for 8.1 percent of all data breaches. That makes it the third most used type of attack, behind malware and distributed denial-of-service attacks (DDoS)” (Ionescu, 2015).

基于Web的攻击通常用于破坏网站，Web应用程序和Web服务。 有许多方法可用于部署这种类型的攻击。 对Web应用程序的最常见攻击类型之一是SQL注入。 这些攻击通过使用结构化查询语言（SQL）脚本来提取或操作存储的数据，从而将目标锁定在关系数据库上。 根据安全情报网站的数据，“ 2014年，SQL注入是一种应用程序攻击类型，占所有数据泄露的8.1％。 这使其成为仅次于恶意软件和分布式拒绝服务攻击（DDoS）的第三大最常用的攻击类型”（Ionescu，2015年）。

Another common type of web based attack is by using an XML injection. Extensible Markup Language (XML) is designed to “carrying data instead of indicating how to display it” (Ciampa, 2012, p.89). An XML injection can cause the insertion of malicious content into the resulting output. A common type of XML injection is a XPath injection. According to the Web Application Security Consortium, a “XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document” (Auger, 2010).

基于Web的攻击的另一种常见类型是使用XML注入。 可扩展标记语言（XML）旨在“携带数据而不是指示如何显示数据”（Ciampa，2012年，第89页）。 XML注入可能导致将恶意内容插入到结果输出中。 XML注入的常见类型是XPath注入。 根据Web应用程序安全联盟的说法，“ XPath注入”是一种攻击技术，用于利用从用户提供的输入构造XPath（XML路径语言）查询的应用程序来查询或导航XML文档。 应用程序可以直接使用它来查询XML文档，这是较大操作的一部分，例如将XSLT转换应用于XML文档，或将XQuery应用于XML文档”（Auger，2010年）。

Symantec defines a network attack as “as an intrusion on your network infrastructure that will first analyze your environment and collect information in order to exploit the existing open ports or vulnerabilities - this may include as well unauthorized access to your resources” (Symantec, n.d.). A common method employed when launching network based attacks is a denial of service (DoS) attack. These attacks can be executed in a myriad of fashions. For example, using a tactic called ping attacking, “a faster, more powerful computer rapidly sends a large number of ICMP echo requests, overwhelming a smaller, slower Web server computer to the extent that the server cannot respond quickly enough and will drop legitimate connections to other clients” (Ciampa, 2012, p.97). This can also be accomplished on a larger scale by using hundreds of compromised systems (known as zombie computers) in a botnet in order to increase the amount of requests on a server. This attack is known as a distributed denial of service attack, or DDoS.

赛门铁克将网络攻击定义为“对网络基础架构的入侵，它将首先分析您的环境并收集信息，以利用现有的开放端口或漏洞-这还可能包括对您资源的未经授权的访问”（Symantec，nd） 。 发起基于网络的攻击时，常用的方法是拒绝服务（DoS）攻击。 这些攻击可以多种方式执行。 例如，使用一种称为ping攻击的策略，“速度更快，功能更强大的计算机会Swift发送大量ICMP回显请求，从而使较小，速度较慢的Web服务器计算机不堪重负，以致服务器无法足够Swift地响应并会丢弃合法连接。给其他客户”（Ciampa，2012年，第97页）。 为了增加服务器上的请求数量，还可以通过在僵尸网络中使用数百个受损的系统（称为僵尸计算机）来大规模实现此目的。 这种攻击称为分布式拒绝服务攻击或DDoS。

While the above described methods are only a handful of tactics employed by malicious attackers, they make up the majority of how attacks are launched. However, a new form of attacks are on the rise and can prove to be disastrous for almost every system user. Ransomware, as defined by Trend Micro, is “a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back” (Trend Micro, n.d.). This relatively new type of attack is at the forefront of every healthcare security professionals mind. A recent Motherboard article poses a situation in which a person's pacemaker is hacked to create chest pain, afterwards receiving a text message: "Want to keep living? Pay us a ransom now, or you die" (Porup, 2015).

尽管上述方法只是恶意攻击者采用的少数策略，但它们构成了发起攻击的主要方式。 但是，一种新的攻击形式正在上升，并且可能证明对几乎每个系统用户来说都是灾难性的。 趋势科技定义的勒索软件是“一种阻止或限制用户访问其系统的恶意软件。 这种类型的恶意软件迫使其受害者通过某些在线支付方式支付赎金，以授予对其系统的访问权限，或取回其数据”（Trend Micro，nd）。 这种相对新型的攻击是每位医疗保健安全专业人员关注的重点。 主板上最近的一篇文章提出了这样一种情况，即一个人的起搏器被砍来造成胸痛，然后收到一条短信：“想继续生活？现在就给我们赎金，否则你就死了”（Porup，2015年）。

Now that we have examined some of these attacks, the question remains, how does an individual or organization mitigate, defend, and recover? Malware has been the main culprit in how these systems become infected. There are a number of commercial and free programs out there specifically for scanning for malware on a user’s system. These programs scan files, folders, email attachments, downloads, disks, and documents to check for anything that resembles malware. Many of these commercial grade programs come with a suite of utilities to add additional levels of security. For example, McAfee products often have additional protections built in to defend against malware, spyware, Trojans, and hacking attempts. They also incorporate anti-virus, anti-spyware, anti-phishing technologies to offer a more robust security solution. Many also include backup options to improve recovery in the event a system is compromised.

现在我们已经研究了其中一些攻击，问题仍然存在，个人或组织如何减轻，防御和恢复？ 恶意软件一直是这些系统如何被感染的罪魁祸首。 那里有许多商业和免费程序，专门用于扫描用户系统上的恶意软件。 这些程序扫描文件，文件夹，电子邮件附件，下载，磁盘和文档，以检查是否有类似于恶意软件的内容。 这些商业级程序中的许多程序都带有一套实用程序，以增加附加级别的安全性。 例如，McAfee产品通常内置有其他保护措施，以防御恶意软件，间谍软件，特洛伊木马和黑客攻击。 他们还结合了防病毒，反间谍软件，反网络钓鱼技术，以提供更强大的安全解决方案。 许多系统还包括备份选项，以在系统受到破坏时提高恢复能力。

Another tactic for defending against malware attacks is ensuring that the operating system (as well as all anti-virus definitions) are up-to-date. Often times, Microsoft releases security patches to ensure that the operating system is able to defend against different types of malware attacks. Attackers are very proactive in finding new vulnerabilities in security patches. This means that vendors of operating systems need to remain just as, if not more so vigilant in providing their users with the most current updates to thwart these particular attacks.

防御恶意软件攻击的另一种策略是确保操作系统（以及所有防病毒定义）是最新的。 Microsoft通常会发布安全补丁程序，以确保操作系统能够防御各种类型的恶意软件攻击。 攻击者非常主动地发现安全补丁中的新漏洞。 这意味着操作系统供应商需要保持警惕，即使不是更加警惕，也要为用户提供最新的更新以阻止这些特殊攻击。

Using cryptography, 64-bit Windows 7 implemented has values “generated for the module by running its code through an algorithm. Only if the code produces the same hash value as the original code compiled by Microsoft is it loaded and run. Any deviation from the hash value means that the code must have been modified and therefore will not load” (Smith, 2012). Since rootkits hide or remove log-in records, entries, and other related processes, this additional security feature enables the system to better ensure that the authenticity and integrity of the operating system. This further ensures that rootkits have a more difficult time replacing and/or modifying operating system files associated with the operating system processes.

使用加密技术，实现的64位Windows 7具有“通过算法运行其代码来为模块生成的值”。 仅当代码产生与Microsoft编译的原始代码相同的哈希值时，才会加载并运行该代码。 哈希值的任何偏差都意味着该代码必须已被修改，因此不会加载”（Smith，2012年）。 由于rootkit隐藏或删除了登录记录，条目和其他相关进程，因此此附加的安全功能使系统可以更好地确保操作系统的真实性和完整性。 这进一步确保了rootkit在更换和/或修改与操作系统进程相关联的操作系统文件方面花费了更多的时间。

Web application attacks are also becoming more and more prominent. Attackers utilize tools that are developed to scan web applications in order to find vulnerabilities. Many of the tools utilized by attackers and penetration testers can be found build into the Kali Linux suite. One of the tools utilized to scan for web application vulnerabilities that is within the Kali Linux toolset is called Grabber. According to the Kali Linux documentation, “Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.” This tool is great for developers to check and see if their systems are both vulnerable and susceptible to these types of attacks. It is interesting to observe the crossover between the white-hat and black-hat approach. Many of the tactics employed by ethical hackers mirror the techniques used by malicious ones.

Web应用程序攻击也越来越突出。 攻击者利用开发的工具来扫描Web应用程序以查找漏洞。 可以发现攻击者和渗透测试人员使用的许多工具都内置在Kali Linux套件中。 Kali Linux工具集中的一种用于扫描Web应用程序漏洞的工具称为Grabber。 根据Kali Linux文档，“ Grabber是一个Web应用程序扫描程序。 基本上，它可以检测您网站中的某种漏洞。 抓取器很简单，不是很快，但可移植并且确实适应性强。 该软件旨在扫描个人网站，论坛等小型网站，这些应用绝对不是很大的应用程序：这将花费很长时间，并且泛滥了您的网络。” 该工具非常适合开发人员检查并查看其系统是否易受攻击并且容易受到此类攻击。 观察白帽和黑帽方法之间的交叉很有趣。 道德黑客采用的许多策略都反映了恶意黑客使用的技术。

When it comes to defending and protecting against SQL attacks, there are tools available that enable for automated scanning for vulnerabilities. While this is only one tactic for defending against these types of attacks, these tools eliminate a lot of labor intensive manual scanning and affords security teams more time to devote to protecting against other risks, vulnerabilities, threats, or attacks. Another tactic is to utilize a Web application firewall. These firewalls (hardware or software based) allow administrators to filter out potentially dangerous requests and to set rules accordingly. One of the most effective ways however, is to restrict database access by assigning roles and permissions. Access control is the most cost-effective and easiest solutions to defend against an unwarranted SQL injection attack. It is also prudent for developers to ensure that SQL queries cannot be accomplished through user input. Lastly, it is also advisable to ensure that anywhere that input can be taken, the characters are monitored to only accept the appropriate characters. Ciampa states that “if the message Server Failure is displayed, it means the user input is not being filtered” (Ciampa, 2012, p.88). This is a perfect catalyst for an attacker to begin their work. This can be accomplished when an attacker uses a single or double quote in their input.

在防御和防御SQL攻击方面，有可用的工具可以自动扫描漏洞。 尽管这只是防御这类攻击的一种策略，但这些工具消除了许多人工密集型的手动扫描，并为安全团队提供了更多的时间专门用于防御其他风险，漏洞，威胁或攻击。 另一种策略是利用Web应用程序防火墙。 这些防火墙（基于硬件或软件）使管理员可以过滤出潜在的危险请求并相应地设置规则。 但是，最有效的方法之一是通过分配角色和权限来限制数据库访问。 访问控制是抵御不必要SQL注入攻击的最经济高效且最简单的解决方案。 对于开发人员来说，确保SQL查询不能通过用户输入来完成也是谨慎的。 最后，还建议确保可以在任何可以输入的地方对字符进行监视，以仅接受适当的字符。 Ciampa指出：“如果显示“服务器故障”消息，则表示未过滤用户输入”（Ciampa，2012年，第88页）。 这是攻击者开始工作的理想催化剂。 当攻击者在输入中使用单引号或双引号时，可以完成此操作。

Defending against XPath injection is essentially similar to defending against SQL injection. It is imperative that all of the user input is sanitized. The application must sanitize user input. Specifically, the single and double quote characters should be disallowed. This is accomplished through setting rules in the web application firewall. Additionally, there are plenty of open source tools available to help facilitate this defense.

防御XPath注入本质上类似于防御SQL注入。 必须对所有用户输入进行清理。 该应用程序必须清除用户输入。 具体而言，应禁止使用单引号和双引号。 这是通过在Web应用程序防火墙中设置规则来完成的。 此外，还有许多可用的开源工具可帮助促进这种防御。

Defending against denial of service attacks should be a major concern for all information security professionals in today’s networked environment. According to a 2014 article in Security Week Magazine, “survey respondents estimated the cost of a successful DDoS attack at $40,000 per hour. A total of 36% of respondents said the per hour cost of a DDoS attack is between $5,000 and $19,999. Others said the cost of an attack per hour is less than $5,000 (15%), between $20,000 and $59,999 (17%), between $60,000 and $99,999 (17%), and over $100,000 (15%)” (Kovacs, 2014). With these attacks on the rise, it is imperative to operations that systems are put into place to mitigate the risk of these types of attacks and minimize the costs of a successful one.

在当今的网络环境中，抵御拒绝服务攻击应成为所有信息安全专业人员的主要关切。 根据《安全周刊》 2014年的一篇文章，“调查受访者估计，成功的DDoS攻击的成本为每小时40,000美元。 共有36％的受访者表示，DDoS攻击的每小时成本在5,000美元至19,999美元之间。 其他人则表示，每小时攻击的成本不到5,000美元（15％），在20,000美元至59,999美元之间（17％），在60,000美元至99,999美元之间（17％），以及超过100,000美元（15％）”（Kovacs，2014年）。 随着这些攻击的增加，必须部署适当的系统来减轻此类攻击的风险并最大程度地降低成功攻击的成本。

One of the best ways to protect against a DoS and a DDoS attack is to utilize a content delivery network (CDN) in order to hide an organizations network connection. Amazon Web Services (AWS) is a secure and cost effective solution to delivering web content. Using this distributed server approach is a great way to deliver content that is both secure and highly available.

防御DoS和DDoS攻击的最佳方法之一是利用内容分发网络（CDN）来隐藏组织的网络连接。 Amazon Web Services（AWS）是用于交付Web内容的安全且经济高效的解决方案。 使用这种分布式服务器方法是交付既安全又高度可用的内容的好方法。

The goal of this paper was to explore different attack vectors most commonly deployed by malicious attackers. Malware, web application attacks, and network attacks seem to be the most prevalent methods of unauthorized access to user’s and organizations alike. Understanding the threat, learning about the tactics needed to combat them, and staying vigilant and proactive are essential to both the security and integrity of information. These tactics of securing systems are all used for continued support of confidentiality, integrity, and availability of information. It is important for all users to stay up to date with the latest efforts employed to gain access to a system and the technology and tactics available to protect against the threat.

本文的目的是探索恶意攻击者最常部署的不同攻击媒介。 恶意软件，Web应用程序攻击和网络攻击似乎是未经授权访问用户和组织的最普遍方法。 了解威胁，了解应对威胁所需的策略，以及保持警惕和积极主动，对于信息的安全性和完整性都是至关重要的。 这些保护系统的策略全部用于持续支持机密性，完整性和信息可用性。 对于所有用户而言，保持最新状态以获取对系统的访问权以及可用来防御威胁的可用技术和策略至关重要。

References

参考资料

Auger, R. (2010, January 5). XPath Injection. Retrieved December 20, 2015

Auger，R.（2010年1月5日）。 XPath注入。 检索2015年12月20日

Ciampa, M. (2012). Security guide to network security fundamentals (4th ed.). Boston, Mass.: Thomson/Course Technology.

Ciampa，M.（2012年）。 网络安全基础知识的安全指南（第4版）。 马萨诸塞州波士顿：汤姆森/课程技术。

Grabber | Penetration Testing Tools. (n.d.). Retrieved December 20, 2015.

抓斗| 渗透测试工具。 （nd）。 于2015年12月20日检索。

Ioescu, P. (2015, April 8). The 10 Most Common Application Attacks in Action. Retrieved December 20, 2015.

Ioescu，P.（2015年4月8日）。 行动中最常见的10种应用攻击。 于2015年12月20日检索。

Kovacs, E. (2014, November 12). DDoS Attacks Cost $40,000 Per Hour: Incapsula | SecurityWeek.Com. Retrieved December 20, 2015.

Kovacs，E.（2014年11月12日）。 DDoS攻击每小时花费40,000美元： SecurityWeek.Com。 于2015年12月20日检索。

Porup, J. (2015, November 19). Ransomware Is Coming to Medical Devices. Retrieved December 20, 2015.

Porup，J.（2015年11月19日）。 勒索软件即将用于医疗设备。 于2015年12月20日检索。

Ransomware. (n.d.). Retrieved December 20, 2015.

勒索软件。 （nd）。 于2015年12月20日检索。

Smith, R. (2006, May 14). Defending Against Rootkits. Retrieved December 20, 2015

史密斯河（2006年5月14日）。 防御Rootkit。 检索2015年12月20日

Z, S. (2013, December 12). Security 1:1 - Part 3 - Various types of network attacks. Retrieved December 20, 2015.

Z，S.（2013年12月12日）。 安全1：1-第3部分-各种类型的网络攻击。 于2015年12月20日检索。

翻译自: https://www.experts-exchange.com/articles/29266/The-Most-Dominant-2016-Cyber-Attack-Vectors.html

媒介查询