(Whether a hacker uses a computer exploit or malware, their motivations are the same. Understanding why and how hackers hack is key to your defense.)
Understanding hackers and how they attack
无论威胁如何,它都会以两种方式之一到达您的计算机:人类攻击或恶意软件。人类攻击者可以使用成千上万的已知计算机漏洞和攻击方法中的任何一种来破坏计算机或设备。用户应该及时运行补丁程序,确保设备和软件程序的更新。因为即使补丁程序可用,许多计算机和设备也会长时间处于易受攻击状态,这是黑客们喜欢的事实。
(Whatever the threat, it is arriving to your computer in one of two ways: human adversary or malware. Human attackers can use any of the hundreds of thousands of known computer exploits and attack methodologies to compromise a computer or device. People are supposed to run patching routines, and many devices and software programs try their best to automatically update themselves, yet many computers and devices are left vulnerable for long periods of time even after the patches are available, a fact that hackers love.)
恶意软件程序数以亿计,每天创建和发布数以万计的新病毒。三种主要的恶意软件类别是病毒(自我复制),蠕虫(自行旅行)和特洛伊木马程序(需要执行最终用户操作)。当今的恶意软件大多通过网页或电子邮件到达,往往是多个恶意软件类的组合。通常情况下,利用系统的第一个恶意软件程序只是一个“存根下载器”程序,该程序获得初始访问权限,然后“拨号”以获取更多指令并下载并安装更复杂的恶意软件。
(Unique malware programs number into the hundreds of millions, with tens of thousands of new ones created and released each day. The three main malware categories are viruses (self-replicating), worms (self-traveling), and Trojan horse programs (which require an end-user action to execute). Today’s malware, usually arriving via web page or email, is often a combination of multiple malware classes. Often the first malware program to exploit a system is just a “stub downloader” program, which gains initial access and then “phones home” to get more instructions and to download and install more sophisticated malware.)
通常,存根程序会下载十几种不同的新恶意软件变体,每种变体都旨在避免反恶意软件检测和删除。恶意软件编写者维护自己的恶意软件多重检测服务。类似于Google的合法Virus Total,通过连接到一个自动更新的服务,该服务会修改恶意软件,使其无法被当前的反恶意软件引擎检测到。这几乎是瞬间更新,能够导致创建和分发许多“独特”的恶意软件程序。
(Often the stub program will download over a dozen different new malware variations, each designed to avoid antimalware detection and removal. Malware writers maintain their own malware multi-detection services, similar to Google’s legitimate VirusTotal, which is then linked to an automated updating service which modifies their malware to be undetectable by current antimalware engines. It’s this nearly instantaneous updating that causes so many “unique” malware programs to be created and distributed.)
恶意软件编写者或分发者也可能被雇佣来使用完全不同类型的恶意软件感染人们的设备。 这是一个租户的市场,如果恶意软件控制者通过出租受损设备能比制作它们赚取更多的钱,那么他们会愿意做这件事。另外,最终控制器的风险要小得多。
(The malware writer or distributor may also be paid to infect people’s devices with completely different types of malware. It’s a renter’s market out there, and if the malware controller can make more money renting the compromised devices than they can make alone, they will do it. Plus, it’s much less risk for the controller in the end.)
许多黑客(和黑客组织)使用恶意软件访问整个公司或更广泛的目标受害者,然后单独选择一些缺乏保护的目标来花费更多的精力。其他时候,就像大多数勒索软件一样,恶意软件程序是整个蜡球,能够在没有任何恶意领导者的交互的情况下妥协和勒索金钱。一旦释放,黑客所要做的就是收集不义之财。恶意软件通常会被创建,然后被出售或租借给分发和使用它们的人员。
(Many hackers (and hacking groups) use malware to gain access across a company or much broader array of target victims, and then individually select some of the already compromised targets to spend more effort on. Other times, like with most ransomware, the malware program is the whole ball of wax, able to compromise and extort money without any interaction from its malicious leader. Once released, all the hacker has to do is collect the ill-gotten gains. Malware is often created and then sold or rented to the people who distribute and use them.)
Why do hackers hack?
黑客犯罪的原因可以分为以下几类:财务动机;民族国家赞助/网络战;企业间谍活动;纯黑客行为;资源盗窃;玩家问题。
(The reasons why hackers commit crimes fall into these general categories:
· Financial motivations
· Nation-state sponsored/cyberwarfare
· Corporate espionage
· Hackivists
· Resource theft
· Gamer issues)
金融盗窃和民族国家攻击很容易成为网络犯罪的“重灾区”。几十年前,以垃圾食品为动力的孤独青年黑客就是普通黑客的充分代表。 他们有兴趣向自己和其他人展示他们可以窃取内容或创建有趣的恶意软件。他们很少能造成真正的伤害。
(Financial theft and nation-state attacks are easily the largest portion of cybercrime. Decades ago, the lone, solitary youth hacker powered by junk food was an adequate representation of the average hacker. They were interested in showing themselves and others that they could hack something or create interesting malware. Rarely did they do real harm.)
今天,大多数黑客属于专业团体,这些专业团队的动机是窃取有价值的东西,并且经常造成重大伤害。他们使用的恶意软件会尽可能被设计得具有隐蔽性,来在被发现之前尽可能多地窃取价值。
(Today, most hackers belong to professional groups, which are motivated by taking something of value, and often causing significant harm. The malware they use is designed to be covert as possible and to take as much of something of value as is possible before discovery.)
How do hackers hack?
无论他们的动机如何,黑客或其恶意软件通常都会以相同的方式侵入并利用计算机系统,他们使用的漏洞利用和方法也大都相同,其中包括:社会工程学;未修补的软件和硬件漏洞;零日攻击;浏览器攻击;密码攻击;窃听;拒绝服务;物理攻击。
(Regardless of their motivations, hackers or their malware usually break in and exploit a computer system the same way and use most of the same types of exploits and methodologies, including:
· Unpatched software and hardware vulnerabilities
· Zero-day attacks
· Browser attacks
· Password attacks
· Eavesdropping
· Physical attacks)
此列表不包括内部威胁,意外数据泄露,配置错误,用户错误以及与故意黑客行为不直接相关的各种其他威胁。设备受损的最常见方式是未修补的软件和社会工程。这些威胁在大多数环境中危害绝大多数风险(超过95%)。解决这些问题,意味着你将摆脱一大堆风险。
(This list does not include insider threats, unintended data leaks, misconfiguration, user errors, and myriad other threats not connected directly to intentional hacking. The most common ways devices are compromised are unpatched software and social engineering. These threats compromise the vast majority of the risk (over 95 percent) in most environments. Fix those issues and you get rid of a ton of risk.)
零日攻击是黑客或恶意软件程序利用未知的漏洞造成的。它们发生时总是具有很高的新闻价值,因为目前供应商还没有对应的补丁。每年只有少部分被发现。在被发现,分析和修补之前,他们通常只在一家或几家公司。对零日攻击的利用远比我们所知道的更多,特别在民族国家,但因为该类型的黑客使用它们时非常的谨慎,我们很少发现它们,因此它们可以在需要的时候一次又一次地被使用。
(Zero-day attacks, where a hacker or malware program exploits a vulnerability not known by the public, are always newsworthy when they occur because the vendor doesn’t yet have a patch for them. Only a handful of them are discovered each year. Usually, they exploit only one company, or a few companies, before they are found, analyzed, and patched. Far more zero days are probably being used, especially by nation-states, than we realize, but because they are used very sparingly by those types of hackers, we rarely discover them, and they can be used again and again when needed.)
绝大多数恶意漏洞都是通过互联网进行的,并要求用户做一些事情 - 点击链接,下载并执行文件,或者提供登录名和密码 - 恶意行为开始。浏览器安全方面的提升使得“无感知”攻击更为少见,即当用户访问网页或打开电子邮件时,无需任何用户操作即可执行威胁的情况更少。
(The vast majority of malicious exploits come through the internet and require that a user do something — click on a link, download and execute a file, or supply a log-on name and password — for the maliciousness to begin. Browser security improvements have made less common “silent drive-by” attacks, where a threat executes without any user action when a user visits a web page or opens an email.)
Protection from hackers
无论他们的动机如何,击败黑客和恶意软件的关键在于关闭那些让它们成功的漏洞的根源。看看上面列出的导致漏洞的根源,确定哪些攻击对你的组织最致命,然后创建或改进现有的防御措施以最小化它们。如果你能做到这一点,你将构建一道绝对坚实的安全防御。
(A key to defeating hackers and malware, regardless of their motivation, is to close the root cause exploit holes that allow them and their malware to be successful. Take a look at the root cause exploits listed above, determine which ones are used the most against your organization, and then create or improve existing defenses to minimize them. If you can do that, you’ll build a solid security defense second to none.)
了解更多行业资讯,请关注联软科技官方微信