1.1 Information Security Overview

  • Source code leaks accelerated malware release cycles

    攻擊者創造新的變種惡意軟體(malware variants)

    包含新的characteristics、signatures、evasive capabilities等


  • Old school malware techniques made a comeback

    現今技術如anti-virus applications、IDS、firewall能夠偵測出新的cyber-crime techniques

    迫使攻擊者使用人工(manual)且較花時間(time consuming)的舊惡意軟體感染(infection)和擴散(propagation)技術來躲避進階的偵測

  • Growth of 64-bit malware increased


  • Malware researcher evasion became more popular
  • Mobile SMS-forwarding malware are becoming ubiquitous
  • Account takeover moved to the victim's device
  • Attacks on corporate and personal data in the cloud increased


  • Exploit kits continued to be a primary threat for Windows

    由於Windows XP已不再更新,因此很容易遭到攻擊。

  • Attackers increasingly lure executives and compromise organizations via professional social networks


  • Java remains highly exploitable and highly exploited - with expanded repercussions


  • Attackers are more interested in cloud data than your network
  • The sheer volume of advanced malware is decreasing


  • Redkit, Neutrino, and other exploit kits struggled for power in the wake of the Blackhole Author Arrest

    Blackhole exploit kit作者被抓了後,Redkit與Neutrino等其它exploit kits也越來越多人使用。

  • Mistakes are made in "offensive" security due to misattribution of an attack's source
  • Cybercriminals are targeting the weakest links in the "data-exchange chain"


  • Major data-destruction attacks are increasing


Essential Terminology

  • Hack Value: It is notion among hackers that something is worth doing or is interesting


  • Vulnerability: Existence of a weakness, design, or implementation error that can lead to an unexpected event compromising the security of the system

    存在weakness、design、或implementation error,攻擊者可利用這些弱點來入侵系統

  • Exploit: A breach of IT system security through vulnerabilities


  • Payload: Payload is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer


  • Zero-Day Attack: An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability


  • Daisy Chaining: It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information


  • Doxing: Publishing personally identifiable information about an individual collected from publicly available databases and social media


  • Bot: A "bot" is a software application that can be controlled remotely to execute or automate predefined tasks


Elements of Information Security

  • Information security is a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low or tolerable.
  • Confidentiality: Assurance that the information is accessible only to those authorized to have access


  • Integrity: The trustworthiness of data or resources in terms of preventing improper and unauthorized changes


  • Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users


  • Authenticity: Authenticity refers to the characteristic of a communication, document or any data that ensures the quality of being genuine


  • Non-Repudiation: Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message


The Security, Functionality, and Usability Triangle

  • Level of security in any system can be defined by the strength of three components:

    • Functionality (Features)
    • Security (Restrictions)
    • Usablity (GUI)


results matching ""

    No results matching ""