勒索软件攻击
A ransomware attempt on Tesla, confirmed by Elon Musk, which ended with the Russian perpetrator being arrested by the FBI after a company employee rejected his million-dollar offer to help hack into the company’s computer systems, highlights the increasing level of professionalism of the crooks dedicated to this aspect of cybercrime: a carefully planned attack using social engineering — trying to obtain the collaboration of a fellow Russian employee by using another person of the same nationality — and directed at one of the world’s best-known companies of the moment.
一对特斯拉勒索企图 ,以证实伊隆·马斯克 ,这与俄罗斯肇事者结束被联邦调查局逮捕后公司员工拒绝了他的数百万美元的报价 ,以帮助黑客进入公司的计算机系统,突出的专业水平不断提高的骗子专门针对网络犯罪的这一方面:使用社会工程学精心策划的攻击-试图通过使用另一个具有相同国籍的人来获得俄罗斯雇员的合作-并针对当前世界上最知名的公司之一。
The early ransomware scenarios typically involved spam messages sent en masse to try to catch out unwary people who, when they opened the file and clicked on it, installed a virus that allowed the encryption scheme to be set up. It was, so to speak, like throwing seeds into the wind to see if any would fall on fertile ground, and there were usually small profits to be made from individuals who did not want to lose their data. The idea was to gain “a lot of little”, with a very moderate effort and fairly low exposure.
早期的勒索软件场景通常包含大量发送的垃圾邮件,以试图找出那些粗心的人,当他们打开文件并单击该文件时,他们安装了允许设置加密方案的病毒。 可以这么说,就像把种子撒在风中,看看有没有种子会落在肥沃的土地上,而那些不想丢失数据的人通常会从中获利。 这个想法是通过非常适度的努力和相当低的风险获取“很多”。
The second scenario, which we have been seeing for some time now, has nothing to do with the previous one. This is highly organized crime focused on businesses: any company is susceptible to this type of attack, although well-known, prestigious or successful outfits are targeted more often. These carefully planned schemes require a great deal of prior research to identify both the company and potential employees who might collaborate, and with ways of contacting them that can range from email or telephone to, as in the case of Tesla, schemes reminiscent of spy movies. Recent cases such as Garmin or, in Spain, the leader insurance company Mapfre, show the increase in the frequency of this type of criminal schemes.
我们已经看到一段时间的第二种情况与前一种情况无关。 这是针对企业的高度有组织的犯罪活动:任何公司都容易受到此类攻击,尽管更常见的是针对知名,久负盛名或成功的公司。 这些精心计划的计划需要大量的事先研究,以识别可能合作的公司和潜在员工,以及与他们联系的方式,从电子邮件或电话到特斯拉(例如特斯拉),都让人联想到间谍电影。 。 Garmin或西班牙领先的保险公司Mapfre等最近的案例表明,这类犯罪计划的发生频率正在增加。
How should companies protect themselves against these increasingly common crimes? The first thing is to understand that the threat is there, and that there is an increasing chance that someone is designing an attack specifically against us. This type of spear phishing or whaling schemes (depending on whether the target is just a worker in the organization or a top level manager) are much more difficult to protect and involve educating the workforce.
公司应如何保护自己免受这些日益常见的罪行的侵害? 第一件事是要了解威胁已经存在,并且有人在设计针对我们的攻击的可能性越来越高。 这种鱼叉式网络钓鱼或捕鲸计划(取决于目标是组织中的工人还是高层管理者)更加难以保护并需要对员工进行教育。
Educate, educate, educate. Everybody in the organization must understand not only the mechanics of this type of attack and how easy it is to be tricked, but also be perfectly clear that, if they collaborate with criminals, their chances of a positive outcome are practically nil. In many cases, criminals try to work with disgruntled employees who are unhappy in the company, using, for example, their LinkedIn profiles and finding out, via a premium license, if they are looking for another job. It is extremely important that employees understand that collaborating with criminals will not be understood as a mistake made in good faith, an oversight or ignorance. We are talking, in many cases, about the offer of money in exchange for collaboration, which is criminal behavior and must be treated as such.
教育,教育,教育。 组织中的每个人不仅必须了解这种攻击的机制以及被欺骗的难易程度,而且还必须清楚地知道,如果他们与犯罪分子合作,获得积极结果的机会几乎为零。 在许多情况下,犯罪分子会尝试与不满公司的不满员工合作,例如使用他们的LinkedIn个人资料,并通过高级许可证查找是否正在寻找其他工作。 员工了解与犯罪分子的合作不会被理解为善意,疏忽或无知的错误,这一点极为重要。 在许多情况下,我们都在谈论以金钱换取合作,这是犯罪行为,必须被视为犯罪。
In addition, we must increase practical training: all employees must understand the precautions to take when dealing with an email, with possible links or files included in it, or with possible contacts through instant messaging. Everything works here: from exercises or simulations, to contests or workshops. Social networks like WhatsApp, generally used for internal communication in many companies but not controlled by the IT department, are very good for contacting potential candidates, since all that’s needed to start a conversation is a cell phone number. Everybody must understand that a link in an email is not always what it seems, or that an attachment may contain an executable file even if it looks like a photo, a regular Word document or a spreadsheet.
此外,我们必须加强实践培训:所有员工必须了解在处理电子邮件,电子邮件中可能包含的链接或文件,或通过即时消息进行联系时应采取的预防措施。 一切都在这里起作用:从练习或模拟,到比赛或研讨会。 诸如WhatsApp之类的社交网络通常在许多公司中用于内部通信,但不受IT部门的控制,因此非常适合联系潜在的候选人,因为开始对话所需的全部是手机号码。 每个人都必须了解,电子邮件中的链接并不总是看起来正确,或者附件可能包含可执行文件,即使它看起来像照片,常规的Word文档或电子表格。
It is also important to create verification protocols. Attacks are being carried out, for example, by using algorithms imitating people’s voices: a call supposedly from the company’s CEO, who asks someone from the accounting department, typically an intern or someone with little experience, to make a certain transfer. Not exactly organized crime, but a quick hit that can provide significant benefits.
创建验证协议也很重要。 例如,攻击是通过使用模仿人们声音的算法来进行的 :据称来自公司首席执行官的电话,后者要求会计部门的人员(通常是实习生或经验不足的人员)进行一定的转移。 不是完全有组织的犯罪,而是可以提供重大利益的快速打击。
As well as training, rigorous backup routines will need to be implemented, with files stored outside the corporate environment that allow a very recent copy to be restored in the event of encryption of our systems. Besides that, we will need proper risk assessment, and adequate protection for each of these risk levels.
除培训外,还需要实施严格的备份例程,文件存储在公司环境之外,如果对我们的系统进行加密,则可以还原最近的副本。 除此之外,我们将需要适当的风险评估,并为每个风险级别提供充分的保护。
In addition, we will need well-designed contingency plans: having the right technology won’t work when an employee participates in the criminal scheme, nor, in most cases, will it prevent disruptions in service or coordination problems derived from the rebuilding of the system from a backup. Most companies today operate in real time, and getting all the transactional functionality back from a backup, even if it is a very recent one, is not easy and will take some time. Contingency plans need to address these operational issues.
此外,我们将需要设计周密的应急计划:当员工参与犯罪计划时,拥有正确的技术将无法正常工作,在大多数情况下,也无法防止因重建医院而导致的服务中断或协调问题从备份系统。 如今,大多数公司都是实时运行的,并且从备份中恢复所有事务功能(即使是最近的备份)也不容易,而且会花费一些时间。 应急计划需要解决这些运营问题。
We should also remember that payment does not always solve the problem: in many cases, after receiving payment, criminals simply disappear without a trace, or after the ransom is paid, a second attack takes place in which the criminal asks for money again, but this time in exchange for not making the sensitive data obtained public. As always, the less we have to talk to criminals like these, the better.
我们还应该记住,付款并不能总是解决问题:在许多情况下,罪犯在收到付款后根本就消失得无影无踪,或者在支付赎金之后,发生了第二次攻击,罪犯再次要求钱,但是这次以不公开获取的敏感数据为交换。 与往常一样,我们与这类罪犯交谈的次数越少越好。
Finally, a challenge for international justice: the feeling of impunity the people who commit this type of crime, typically from jurisdictions with different legal frameworks and diffuse powers is encouraging others. Creating supranational institutions that function quickly and unhindered is increasingly important if the World Wide Web is not to end up like the Wild Wild West.
最后,对国际正义的挑战:逍遥法外的人们感到有罪不罚,这种人通常来自具有不同法律框架和权力分散管辖区的司法管辖区,这令人鼓舞。 如果万维网不像狂野的西部那样终结,建立起能够Swift运作且不受阻碍的超国家机构就变得越来越重要。
For security professionals, this means scaling up the methodologies used to protect against it as well. However, we must also bear in mind that no matter how good the technology we use is, it is essential to get the workforce on board through continual training, awareness campaigns and communication.
对于安全专业人员来说,这也意味着扩大用于防御它的方法。 但是,我们还必须牢记,无论我们使用的技术多么出色,通过不断的培训,提高认识的活动和沟通,让员工入伍至关重要。
勒索软件攻击
扫一扫
236
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
