正文
6类顶级黑客大盘点
If the Internet has one enduring constant, it's that somewhere, somehow, somebody is being hacked. Last month cyberassaults on banks, including BB&T (BBT, Fortune 500), Citigroup(C, Fortune 500), and SunTrust (STI, Fortune 500), made headlines. But a recent Ponemon Institute survey reported that the average company is attacked twice a week and loses $8.9 million a year to cybercrime. Security analysts say the first thing businesses must know is just what types of threats are lurking in the shadows. While many hackers use relatively basic tools, such as phishing or malware, they often wield them with different motives. Here are six of the most effective actors.
如果说互联网有一个永恒的主题的话,那就是总有某些人在某处被黑客以某种方式攻击了。上个月,针对银行发起的网络攻击再次成为头条新闻,受害者包括BB&T公司、花旗集团(Citigroup)和太阳信托银行(SunTrust)。不过最近由波尼蒙研究所(Ponemon Institute)所做的一项调研显示,各公司每周平均受到两次攻击,每年由于网络犯罪损失的金额高达890万美元。安全分析师称,企业首先要了解藏在暗处的到底是何种威胁。尽管许多黑客用的只是相对基础的工具,比如网络钓鱼或恶意软件,但他们运用这些工具的目的各有不同。下面我们为大家盘点了六类最有攻击力的黑客。
1. State sponsored
政府撑腰的黑客
Who: Iran, Israel, Russia, U.S.
身份:伊朗,以色列,俄罗斯,美国
Objectives: Intelligence, state secrets, sabotage
目的:情报,国家机密,破坏活动
Targets: Foreign governments, terrorists, industry
目标:外国政府,恐怖分子,各种产业
Signature: Multi-tiered, precisely orchestrated attacks that breach computer systems
特征:精心组织的破坏计算机系统的多层次攻击
Classic Case: One-fifth of Iran's nuclear centrifuges crashed after Stuxnet, a worm reportedly developed by U.S. and Israeli intelligence, penetrated computers at an Iranian enrichment facility. Iran allegedly retaliated by disrupting access to the websites of J.P.Morgan (JPM, Fortune 500), PNC (PNC, Fortune 500), Wells Fargo (WFC, Fortune 500), and others.
经典案例:受到震网病毒攻击后,伊朗核工厂五分之一的离心机崩溃了。它是一种蠕虫病毒,据称由美国和以色列情报机构开发,能侵入控制伊朗浓缩装置的电脑。而伊朗随后就发起了反击,使用户无法访问摩根大通银行(J.P.Morgan)、PNC银行,富国银行(Wells Fargo)及其他金融机构的网站。
2. Hacktivist
维权黑客
Who: Anonymous, AntiSec, LulzSec
身份:匿名组织,反安全组织,鲁兹安全
Objectives: Righting perceived wrongs, publicity, protecting Internet freedoms
目的:修正已知错误,推广自身,保护互联网自由
Targets: Bullies, Scientologists, corporations, governments
目标:网络坏分子,科学论派,公司,政府
Signature: Leaking sensitive information, public shaming, creepy YouTube videos
特征:泄露敏感信息,公开羞辱,潜入YouTube视频
Classic Case: The websites of PayPal, Visa (V, Fortune 500), and MasterCard (MA,Fortune 500) were disrupted during Operation Payback, an Anonymous-led effort to punish companies that suspended the accounts of WikiLeaks in 2010. Some $5.6 million was lost by PayPal alone.
经典案例:在所谓的“报复行动”(Operation Payback)中,贝宝(PayPal)、维萨信用卡(Visa)和万事达信用卡(MasterCard)的网站都遭到了破坏。这是一次由匿名组织发起的行动,旨在惩罚那些2010年冻结维基解密(WikiLeaks)账户的公司。仅贝宝一家公司就因此损失了560万美元。
3. Cyber-Criminal
网络犯罪
Who: Nigerian "princes," carders, identity thieves, spammers
身份:尼日利亚“王子”,信用卡盗用者,身份窃贼,垃圾邮件制造者
Objective: Treasure
目的:劫财
Targets: The gullible, online shoppers, small businesses, data-rich health care and retail companies
目标:容易上当的人,在线购物者,小企业,拥有大量数据的保健机构和零售企业
Signature: Stealing data, looting bank accounts
特征:盗窃数据,洗劫银行账户
Classic Case: Coreflood, malicious software that records keystrokes and passwords, infected 2.3 million computers in 2009, some in police departments, airports, banks, hospitals, and universities. Affected companies suffered six-figure fraudulent wire transfers.
经典案例:2009年,专门记录击键动作和密码的恶意软件Coreflood感染了230万台电脑,其中包括一些警察局、机场、银行、医院和大学的电脑。受害公司遭到高达6位数的虚假电子转账侵袭。
- 上一篇
- 下一篇