If the Internet has one enduring constant, it&aposs that somewhere, somehow, somebody is being hacked. Last month cyberassaults on banks, including BB&T (BBT, Fortune 500), Citigroup(C, Fortune 500), and SunTrust (STI, Fortune 500), made headlines. But a recent Ponemon Institute survey reported that the average company is attacked twice a week and loses $8.9 million a year to cybercrime. Security analysts say the first thing businesses must know is just what types of threats are lurking in the shadows. While many hackers use relatively basic tools, such as phishing or malware, they often wield them with different motives. Here are six of the most fective actors.
如果說互聯(lián)網(wǎng)有一個永恒的主題的話�,那就是總有某些人在某處被黑客以某種方式攻擊了。上個月����,針對銀行發(fā)起的網(wǎng)絡(luò)攻擊再次成為頭條新聞����,受害者包括BB&T公司、花旗集團(Citigroup)和太陽信托銀行(SunTrust)����。不過最近由波尼蒙研究所(Ponemon Institute)所做的一項調(diào)研顯示,各公司每周平均受到兩次攻擊��,每年由于網(wǎng)絡(luò)犯罪損失的金額高達890萬美元�。安全分析師稱,企業(yè)首先要了解藏在暗處的到底是何種威脅���。盡管許多黑客用的只是相對基礎(chǔ)的工具����,比如網(wǎng)絡(luò)釣魚或惡意軟件�����,但他們運用這些工具的目的各有不同。下面我們?yōu)榇蠹冶P點了六類最有攻擊力的黑客����。
1. State sponsored
政府撐腰的黑客
Who: Iran, Israel, Russia, U.S.
身份:伊朗,以色列���,俄羅斯���,美國
Objectives: Intelligence, state secrets, sabotage
目的:情報,國家機密����,破壞活動
Targets: Foreign governments, terrorists, industry
目標:外國政府,恐怖分子����,各種產(chǎn)業(yè)
Signature: Multi-tiered, precisely orchestrated attacks that breach computer systems
特征:精心組織的破壞計算機系統(tǒng)的多層次攻擊
Classic Case: One-fifth of Iran&aposs nuclear centrifuges crashed after Stuxnet, a worm reportedly developed by U.S. and Israeli intelligence, penetrated computers at an Iranian enrichment facility. Iran allegedly retaliated by disrupting access to the websites of J.P.Morgan (JPM, Fortune 500), PNC (PNC, Fortune 500), Wells Fargo (WFC, Fortune 500), and others.
經(jīng)典案例:受到震網(wǎng)病毒攻擊后,伊朗核工廠五分之一的離心機崩潰了�。它是一種蠕蟲病毒,據(jù)稱由美國和以色列情報機構(gòu)開發(fā)��,能侵入控制伊朗濃縮裝置的電腦。而伊朗隨后就發(fā)起了反擊�����,使用戶無法訪問摩根大通銀行(J.P.Morgan)�����、PNC銀行�,富國銀行(Wells Fargo)及其他金融機構(gòu)的網(wǎng)站��。
2. Hacktivist
維權(quán)黑客
Who: Anonymous, AntiSec, LulzSec
身份:匿名組織��,反安全組織����,魯茲安全
Objectives: Righting perceived wrongs, publicity, protecting Internet freedoms
目的:修正已知錯誤,推廣自身�����,保護互聯(lián)網(wǎng)自由
Targets: Bullies, Scientologists, corporations, governments
目標:網(wǎng)絡(luò)壞分子����,科學論派,公司����,政府
Signature: Leaking sensitive information, public shaming, creepy YouTube videos
特征:泄露敏感信息���,公開羞辱,潛入YouTube視頻
Classic Case: The websites of PayPal, Visa (V, Fortune 500), and MasterCard (MA,Fortune 500) were disrupted during Operation Payback, an Anonymous-led fort to punish companies that suspended the accounts of WikiLeaks in 2010. Some $5.6 million was lost by PayPal alone.
經(jīng)典案例:在所謂的“報復(fù)行動”(Operation Payback)中��,貝寶(PayPal)�����、維薩信用卡(Visa)和萬事達信用卡(MasterCard)的網(wǎng)站都遭到了破壞�。這是一次由匿名組織發(fā)起的行動,旨在懲罰那些2010年凍結(jié)維基解密(WikiLeaks)賬戶的公司��。僅貝寶一家公司就因此損失了560萬美元���。
3. Cyber-Criminal
網(wǎng)絡(luò)犯罪
Who: Nigerian "princes," carders, identity thieves, spammers
身份:尼日利亞“王子”��,信用卡盜用者����,身份竊賊��,垃圾郵件制造者
Objective: Treasure
目的:劫財
Targets: The gullible, online shoppers, small businesses, data-rich health care and retail companies
目標:容易上當?shù)娜耍诰€購物者�,小企業(yè),擁有大量數(shù)據(jù)的保健機構(gòu)和零售企業(yè)
Signature: Stealing data, looting bank accounts
特征:盜竊數(shù)據(jù)����,洗劫銀行賬戶
Classic Case: Corlood, malicious software that records keystrokes and passwords, infected 2.3 million computers in 2009, some in police departments, airports, banks, hospitals, and universities. Affected companies suffered six-figure fraudulent wire transfers.
經(jīng)典案例:2009年,專門記錄擊鍵動作和密碼的惡意軟件Corlood感染了230萬臺電腦�����,其中包括一些警察局�、機場�����、銀行���、醫(yī)院和大學的電腦����。受害公司遭到高達6位數(shù)的虛假電子轉(zhuǎn)賬侵襲���。
4. Insider (You)
內(nèi)鬼
Who: Disgruntled employees, contractors, whistleblowers
身份:心懷不滿的員工�,承包商,舉報人
Objectives: Score-settling, leaks, public good
目的:利益之爭����,泄露信息,公共利益
Targets: Large companies, governments
目標:大公司�����,政府
Signature: Document tht
特征:竊取文件
Classic Case: Maroochy Shire, an Australian district along the Sunshine Coast in Queensland, was inundated with millions of gallons of untreated sewage in 2001 when a contractor hacked and took control of 150 sewage pumping stations. He had been passed over for a job with the district. His dirty work cost Maroochy Shire upwards of $1 million.
經(jīng)典案例:馬谷志郡位于澳大利亞昆士蘭州陽光海岸�����。2001年�����,一個承包商用黑客攻擊并控制了當?shù)?50座污水泵站�����,導(dǎo)致該地區(qū)被上百萬噸未處理的污水淹沒����。他這么干的起因是在該地區(qū)的一項業(yè)務(wù)承包中落選。結(jié)果����,這次卑鄙行為讓馬谷志郡損失了超過100萬美元�����。
5. Script Kiddie
腳本小子
Who: Bored youth
身份:無聊的年輕人
Objectives: Thrills, notoriety
目的:尋求刺激�����,博得惡名
Targets: Low-hanging fruit such as unprotected websites and e-mail accounts
目標:容易下手的對象�����,比如沒有保護措施的網(wǎng)站和電子郵件賬戶
Signature: Dacing or dismantling websites
特征:丑化或破壞網(wǎng)站
Classic Case: An e-mail subject-lined I LOVE YOU duped people -- some of them inside the Pentagon -- in 2001. The virus it contained, which originated in the Philippines, destroyed files and simultaneously replicated itself, seeding in-boxes as it went. The so-called Love Bug caused an estimated $10 billion in digital damage and lost productivity.
經(jīng)典案例:2001年��,一封主題為“我愛你”的電子郵件把人們弄得暈頭轉(zhuǎn)向——包括一些五角大樓的人�����。這封信含有來自菲律賓的病毒,它在破壞文件的同時進行自我復(fù)制���,在收件箱里扎根����。所謂的“愛蟲”所引起的數(shù)據(jù)破壞和生產(chǎn)力損失估計高達100億美元。
6. Vulnerability Broker
漏洞經(jīng)紀人
Who: Endgame, Netragard, Vupen
身份:Endgame公司����,Netragard公司,Vupen公司
Objective: Hacking as legitimate business
目的:把黑客行為當成合法生意
Targets: Agnostic
目標:未可知
Signature: Finding so-called zero-day exploits -- ways to hack new software, selling them to governments and other deep-pocketed clients
特征:找到所謂的“零天攻擊”代碼(zero-day exploit)——即攻擊新軟件的方法�,再把它們賣給政府和其他財大氣粗的客戶。
Classic Case: French firm Vupen hacked Google&aposs (GOOG, Fortune 500) Chrome browser at a security conference last March. Rather than share its technique with the company (and accept a $60,000 award), Vupen has been selling the exploit to higher-paying customers.
經(jīng)典案例:去年3月舉行的一次安全會議上�����,法國公司Vupen黑掉了谷歌公司(Google)的Chrome瀏覽器�����。這家公司并沒有(收下6萬美元���,)把這項技術(shù)和谷歌分享���,而是把代碼賣給了出價更高的客戶。
澳際學費在線支付平臺
