1.1 Information Security Overview
Malware Trends in 2014
Source code leaks accelerated malware release cycles
攻擊者創造新的變種惡意軟體(malware variants)
包含新的characteristics、signatures、evasive capabilities等
anti-virus/anti-malware無法偵測
Old school malware techniques made a comeback
現今技術如anti-virus applications、IDS、firewall能夠偵測出新的cyber-crime techniques
迫使攻擊者使用人工(manual)且較花時間(time consuming)的舊惡意軟體感染(infection)和擴散(propagation)技術來躲避進階的偵測
- Growth of 64-bit malware increased
64-bit作業系統越多人使用,惡意軟體作者也寫越多64-bit的惡意軟體而不是較舊的32-bit
- Malware researcher evasion became more popular
- Mobile SMS-forwarding malware are becoming ubiquitous
- Account takeover moved to the victim's device
- Attacks on corporate and personal data in the cloud increased
越來越多公司依賴雲端服務,因此攻擊者往雲端攻擊較有利益
- Exploit kits continued to be a primary threat for Windows
由於Windows XP已不再更新,因此很容易遭到攻擊。
- Attackers increasingly lure executives and compromise organizations via professional social networks
從社交網路獲取或引誘更多機密性資料
- Java remains highly exploitable and highly exploited - with expanded repercussions
使用舊的Java版本易受到攻擊
- Attackers are more interested in cloud data than your network
- The sheer volume of advanced malware is decreasing
攻擊者專注在少量特定目標以保護攻擊的基礎點以及竊取登入憑證
- Redkit, Neutrino, and other exploit kits struggled for power in the wake of the Blackhole Author Arrest
Blackhole exploit kit作者被抓了後,Redkit與Neutrino等其它exploit kits也越來越多人使用。
- Mistakes are made in "offensive" security due to misattribution of an attack's source
- Cybercriminals are targeting the weakest links in the "data-exchange chain"
攻擊者從較弱的環結下手如consultants、contractors和vendors,因為他們通常擁有公司機密性資料。
- Major data-destruction attacks are increasing
以往攻擊者都是竊取機密資料,但現今也有攻擊者是直接破壞資料。
Essential Terminology
- Hack Value: It is notion among hackers that something is worth doing or is interesting
值得做或有興趣做、獲得成就感當其它人辦不到時
- Vulnerability: Existence of a weakness, design, or implementation error that can lead to an unexpected event compromising the security of the system
存在weakness、design、或implementation error,攻擊者可利用這些弱點來入侵系統
- Exploit: A breach of IT system security through vulnerabilities
透過漏洞進行的攻擊,透過惡意軟體或指令造成合法軟體/硬體非預期的行為
- Payload: Payload is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer
Payload是惡意軟體或exploit的一部份,帶有惡意程式的行為,包含建立後門存取受害者的機器、損壞、刪除或資料竊取。
- Zero-Day Attack: An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability
攻擊者在軟體供應商有漏洞的軟體發佈更新之前進行的攻擊行為
- Daisy Chaining: It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information
入侵一台電腦的資訊後,再利用這些資料來對其它電腦進行入侵以取得更多資料
- Doxing: Publishing personally identifiable information about an individual collected from publicly available databases and social media
人肉
- Bot: A "bot" is a software application that can be controlled remotely to execute or automate predefined tasks
攻擊者遠端控制受感染的電腦(bot)進行DDoS等攻擊
Elements of Information Security
- Information security is a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low or tolerable.
- Confidentiality: Assurance that the information is accessible only to those authorized to have access
有權限的人才可存取,機密性
- Integrity: The trustworthiness of data or resources in terms of preventing improper and unauthorized changes
資料的完整性
- Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users
系統的可用性
- Authenticity: Authenticity refers to the characteristic of a communication, document or any data that ensures the quality of being genuine
資料是否為真,鑑別性
- Non-Repudiation: Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message
收、送雙方不可否認有收到或送出資訊,不可否認性,數位簽章
The Security, Functionality, and Usability Triangle
Level of security in any system can be defined by the strength of three components:
- Functionality (Features)
- Security (Restrictions)
- Usablity (GUI)
安全性越高,其功能性和方便性就越低,無法三者兼顧