A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorized actions on the victim’s system. 恶意软件(a.k.a. 病毒)包含许多特定类型的攻击,例如 ransomware,间谍软件,命令和控制,等等.
犯罪组织, 国家的演员, 即使是知名企业也被指责(和), 在某些情况下, 发现)部署恶意软件. 像其他 网络攻击的类型, some malware attacks end up with mainstream news coverage due to their severe impact.
一个著名的恶意软件攻击的例子是 WannaCry勒索软件攻击.
关于恶意软件的讨论通常包括三个主要方面:
Here’s a breakdown of some of the objectives and delivery mechanisms observed in malware.
恶意软件是有目的的. While it could be said that the objective is “limited only to the imagination of its creator,” this will focus on some of the most common objectives observed in malware.
漏出的信息
窃取数据、凭证、支付信息等. 是网络犯罪领域反复出现的主题吗. Malware focused on this type of theft can be extremely costly to a person, 公司, 或者政府目标成为受害者.
中断操作
Actively working to “cause problems” for a target’s operation is another objective seen in malware. From a virus on a single computer corrupting critical OS files (making that one system unusable) to an orchestrated, 在一个装置中许多系统的物理自毁, “破坏”的程度各不相同. And there’s also the scenario where infected systems are directed to carry out large-scale distributed denial of service (DDOS) attacks.
要求付款
Some malware is focused on directly extorting money from the target. Scareware uses empty threats (ones which are unsubstantiated and/or couldn’t actually be carried out) to “scare” the target into paying some money. Ransomware is a type of malware that attempts to prevent a target from accessing their data (usually by encrypting files on the target) until the target “pays up.” While there is debate over whether victims of ransomware should or should not pay, it has become enough of a threat that some companies have preemptively purchased Bitcoin just in case they get hit with ransomware and decide to pay the ransom.
有三种主要类型的恶意软件攻击媒介:
多年来, malware has been observed to use a variety of different delivery mechanisms, 或者攻击向量. While a few are admittedly academic, many attack vectors are effective at compromising their targets. 这些 attack vectors generally occur over electronic communications such as email, 文本, 易受攻击网络服务, 或者被攻破的网站, 恶意软件的传播也可以通过物理媒介(如网络)来实现.g. u盘,CD/DVD等.).
The following best practices can help prevent a malware attack from succeeding and/or mitigate the damage done by a malware attack.
持续的用户教育
培训用户避免恶意软件的最佳做法.e. 不要下载和运行未知的软件, 不要盲目地将“找到的媒体”插入您的计算机), 以及如何识别潜在的恶意软件(如.e. 网络钓鱼电子邮件, unexpected applications/processes running on a system) can go a long way in protecting an organization. 周期, 突然的练习, 比如故意的网络钓鱼活动, 能帮助用户保持警觉和观察力吗. 了解有关安全意识培训的更多信息.
使用信誉良好的A/V软件
当安装, a suitable A/V solution will detect (and remove) any existing malware on a system, as well as monitor for and mitigate potential malware installation or activity while the system is running. It’ll be important to keep it up-to-date with the vendor’s latest definitions/signatures.
确保你的网络安全
Controlling access to systems on your organization’s network is a great idea for many reasons. Use of proven technology and methodologies—such as using a firewall, “诱导多能性”, id, and remote access only through VPN—will help minimize the attack “surface” your organization exposes. 物理系统隔离 is usually considered an extreme measure for most organizations, 并且仍然容易受到某些攻击向量的攻击.
定期进行网站安全审计
浏览组织的网站 定期针对漏洞(i.e. 有已知bug的软件, server/service/application misconfiguration) and to detect if known malware has been installed can keep your organization secure, 保护你的用户, 并保护面向公众的网站的客户和访客.
创建常规的、已验证的备份
有规律的.e. current and automated) offline backup can be the difference between smoothly recovering from a destructive virus or ransomware attack and stressful, 疯狂的混乱与代价高昂的停机时间/数据丢失. The key here is to actually have regular backups that are verified to be happening on the expected regular basis and are usable for restore operations. 老, 过期的备份没有最近的备份有价值, 不能正确恢复的备份是没有价值的.
Malware takes on many different forms and attacks in different ways. 但经过深思熟虑的准备和流程改进, 以及正在进行的用户教育, your organization can gain-and-maintain a solid security stance against malware attacks.