一个网络攻击 – also known as a cybersecurity attack – is any form of malicious activity targeting IT systems 和/or the attackers or threat actors using them to gain unauthorized access to systems 和 data they contain.
Criminals typically are looking to exploit an attack for financial gain, but in other cases the aim is to disrupt operations by disabling access to IT systems. Threat actors can be anyone from a single person attempting to obtain stolen credentials 和 hold them for ransom to a 国家资助的 特遣队想要破坏外国领土上的行动.
不管是什么动机, most IT networks – 和 the people that maintain them – will experience some type of attack over the course of their lives 和 must be prepared.
在深入研究特定类型的网络攻击之前, let's first discuss some of the motivations behind why threat actors would look to wreak havoc on a security organization.
This category includes efforts by threat actors to profit from malicious attacks, 并且可以细分为直接财务盗窃等行为, 使用偷来的信用卡信息, 暗网 通过数据泄露获取信息的市场, or even hijacking computing resources for activities like crypto-jacking to mine cryptocurrencies.
This category includes attempts to disrupt the operations of organizations by attacking their IT 和 operational technology (OT) infrastructure to damage it, 暂时关闭, 或者拿着它索要赎金.
This category includes cyberattacks backed by state agencies that are part of broader intelligence 和/or military activities. This can cover actions like spying on a foreign government to steal confidential data to further strategic or financial advantages.
根据网络安全 & 基建保安局(CISA),此类别包括:
Often there is considerable overlap between these top-level categories. 例如, state-based operatives frequently h和 over newly obtained documents or discovered vulnerabilities to cybercriminals to use in malware, ransomware, 以及其他网络攻击.
当一个罪犯试图入侵一个组织时, 除非绝对必要,否则他们不会尝试新鲜事物. They draw upon common hacking techniques that are known to be highly effective, 比如恶意软件或网络钓鱼.
Whether you're trying to make sense of the latest data-breach headline in the news or analyzing an incident in your own organization, 它有助于理解不同的网络攻击媒介.
恶意软件 refers to various forms of harmful software, such as viruses 和 ransomware. 一旦它进入你的电脑, 它可以造成各种各样的破坏, 控制你的机器, 监视您的操作和击键, to silently sending all sorts of confidential data from your computer or network to the attacker's home base.
Attackers will use a variety of methods to get malware into your computer, but at some stage it often requires the user to take an action to install the malware. 这可以包括单击链接下载文件, or opening an email attachment that may look harmless (like a document or PDF), 但实际上包含一个隐藏的恶意软件安装程序.
Ransomware 是一种加密受感染IT系统数据的恶意软件. It dem和s a ransom in exchange for a code that will – hopefully – decrypt the infected system. The ransom payment usually goes to an anonymous address using Bitcoin.
广告软件 is a type of malware that displays unwanted ads on end-user devices to generate revenue from advertisers. It often will be installed on user devices after tricking people into clicking a link. 广告软件 then displays the ads 和 simulates user clicks to defraud advertisers into thinking that legitimate users are interacting with their ads. 然后他们为这些点击付钱给网络犯罪分子.
Crypto-jacking is a type of malware that uses the resources of the infected IT systems to “mine” for cryptocurrencies. This steals the attacked system's computing resources by running at a high load to generate income for the remote attackers. They’ll then make money from the sale of the cryptocurrencies generated on the infected system.
在一个 钓鱼攻击, an attacker may send you an email that appears to be from someone you trust, 比如你的老板或与你做生意的公司. The email will seem legitimate, 和 it will have some urgency to it (e.g. 在您的账户上检测到欺诈活动). 在电子邮件中,可能有一个附件要打开或链接要点击.
Upon opening the malicious attachment, you'll unknowingly install malware in your computer. 如果你点击链接, it may send you to a legitimate-looking website that asks you to log in to access an important file – except the website is actually a trap used to capture your credentials.
鱼叉式网络钓鱼 is a highly targeted variant of phishing that uses a fake email or message from a supposedly important individual to trick a person within the same organization or a partner organization. 鱼叉式网络钓鱼 attempts hope to use the extra authenticity – albeit imposter authenticity – of the sender to trick people into providing information they shouldn't.
A 结构化查询语言注入攻击 specifically targets servers storing critical website 和 service data. It uses malicious code to get the server to divulge information it normally wouldn’t. SQL是一种用于与数据库通信的编程语言, 和 can be used to store private customer information such as credit card numbers, 用户名和密码(凭证), or other personally identifiable information (PII) – all tempting 和 lucrative targets for an attacker.
跨站点脚本(XSS)攻击 还包括向网站注入恶意代码, 但在这种情况下,网站本身并没有受到攻击. 而不是, the malicious code only runs in the user's browser when they visit the attacked website, 它在哪里直接针对访问者.
One of the most common ways an attacker can deploy an XSS attack is by injecting malicious code into a comment or a script that could automatically run.
僵尸网络攻击 are widespread groups of devices that have been compromised 和 hijacked by cybercriminals. The threat actors use them to target IT systems with distributed DoS attacks or other attack types.
拒绝服务(DoS)攻击 用超出网站承载能力的流量淹没网站, thereby overloading the site’s server 和 making it near-impossible to serve content to visitors. It’s possible for a denial-of-service to occur for non-malicious reasons. 例如, if a massive news story breaks 和 a news organization’s site is overloaded with traffic from people trying to learn more about the story.
A 中间人攻击(MITM occurs when cybercriminals intercept 和 alter network traffic flowing between IT systems. The MITM attack impersonates both senders 和 receivers on the network. It aims to trick both into sending unencrypted data that the attacker intercepts 和 can use for further attacks or financial gain.
Session hijacking occurs when an attacker hijacks a session by capturing the unique – 和 private – session ID 和 poses as the computer making a request, allowing them to log in as an unsuspecting user 和 gain access to unauthorized information on the web server. 如果在任何互联网会话中一切正常, web servers should respond to your various requests by giving you the information you're attempting to access.
Credential reuse occurs when someone uses the same credentials on multiple websites. It can make life easier in the moment, but can come back to haunt that user later on. Even though security best practices universally recommend unique passwords for all applications 和 websites, 许多人仍然重复使用他们的密码. This is a fact attackers will readily exploit, thereby turning those reused passwords into 妥协的凭证.
并非所有的网络威胁都来自外部. Data 和 other sensitive information like login credentials can leak from inside organizations. This can occur via malicious staff activity or – more frequently – due to an unintended action. An example of such a mistake could be sending an email containing an unencrypted attachment to the wrong recipient.
We could cover thous和s of tactics 和 tips for preventing cyberattacks at scale, 但让我们放大来看一些关键的例子:
Educate employees on why phishing is harmful 和 empower them to detect 和 report phishing attempts. 这种类型的培训包括电子邮件 模拟网络钓鱼活动 to employees, monitoring results, reinforcing training, 和 improving on simulation results. 对员工进行持续的安全意识培训也至关重要, so they know how to spot the most recent versions of suspicious emails, 消息, 或网站.
All data at rest on servers or devices 和 in transit over the network should be encrypted. 如果攻击者能够访问或拦截数据, 强加密应该使其不可读.
利用 用户和实体行为分析 为网络上的正常活动创建基线. 然后, 监视管理员和服务帐户的使用情况, 哪些用户不恰当地共享凭据, 和 whether an attacker is already expanding from initial network compromise to move around 和 infiltrate other systems.
Implementing multi-factor authentication (MFA) for all systems is a crucial best practice. Requiring an additional piece of information in combination with a username 和 password protects systems if login details are exposed to cybercriminals. 额外的标记, 具体设备要求, 和 biometrics are all examples of MFA that can be leveraged when logging into IT systems.
制定一个三点计划来 防止勒索软件攻击. 这包括最小化 攻击表面, 一旦检测到暴露,减轻潜在影响, 并进行汇报,以查明现有计划的差距. 从那里, 团队可以重建系统, 检疫端点, 更改凭证, 锁定受损账户.
终端用户经常成为网络罪犯的目标, 无论是在他们的设备上还是通过社会工程攻击. 所有终端用户设备都应该有 终端安全 部署的防护软件. 这应该与一个更宽的集成 安全信息和事件管理(SIEM) tool that allows for organization-wide monitoring 和 analyses of threats.
建立一个过滤策略,外部数据将通过该策略. This will help to catch malicious scripts before they can become a problem. This leads into creating a wider content security policy that can leverage a list of trusted sources that are able to access your web applications.
Create a central hub that feeds all security-organization functions with knowledge 和 data on the highest-priority threats. 组织严重依赖自动化来帮助扩展a 威胁情报计划 通过不断地将数据输入安全设备和过程, 不需要人为干预.
欺骗技术 implement onto a network “dummy” applications, databases, 和 other IT systems. Any cyberattackers who breach the external firewalls will be tricked into thinking they have access to internal systems. 实际上,虚拟系统的目的是 “粘蜜罐” to allow security teams to monitor the attacker's activities 和 gather data without exposing the production systems.
A lot of business activity now happens on laptops, smartphones, 和 tablets. 此外,许多人在工作中使用笔记本电脑. The mobile nature of all these devices means they are at high risk for being lost 和/or stolen. All mobile devices (including laptops) should be enrolled 和 managed in a mobile device management (MDM) solution. 如果设备丢失或被盗, it can be quickly wiped so that unauthorized users cannot access any data.