盗版软件在中国流行
DDoS (distributed denial of service) attacks have been around for many years, but recently they’ve become more high-profile, hitting bigger targets. It’s now not solely the domain of hacktivist groups — extortion is more often the name of the game.
DDoS(分布式拒绝服务)攻击已经存在了很多年,但是最近它们变得更加引人注目,达到了更大的目标。 现在,它不仅是黑客主义者团体的领域-勒索通常是游戏的名称。
Imagine the scenario: you run a site capable of generating a lot of money every hour of the day. One day your site gets taken out by a DDoS attack, and you receive a message saying unless you pay a ransom, your site will remain down indefinitely.
想象一下这种情况:您运行一个站点,该站点一天中的每个小时都能产生大量收益。 有一天,您的站点会受到DDoS攻击的破坏,并且会收到一条消息,指出除非您支付赎金,否则站点将无限期关闭。
What do you do? On the one hand you don’t want to give in to extortion and pay the bad guys, but on the other you really don’t want to lose your site and its income.
你是做什么? 一方面,您不想屈服于勒索并付钱给坏人,但另一方面,您确实不想失去您的网站及其收入。
Just such an attack recently took down Code Spaces, which for seven years had offered source code repositories and project management services to an impressive customer base.
正是最近一次这样的攻击使Code Spaces瘫痪了,七年来,Code Spaces为令人印象深刻的客户群提供了源代码存储库和项目管理服务。
According to a statement from Code Spaces, following a DDoS attack on the site an intruder managed to access its Amazon Web Services control panel. The attacker took control and contacted Code Spaces staff offering to return control of the panel — once they had received a large sum of money. Code Spaces attempted to regain control, and the attacker responded by deleting panel entries at random.
根据Code Spaces的一份声明 ,在站点遭受DDoS攻击后,入侵者设法访问了其Amazon Web Services控制面板。 攻击者取得了控制权,并与Code Spaces工作人员联系,一旦他们收到了一大笔钱,他们就会返回控制面板。 代码空间试图重新获得控制权,攻击者通过随机删除面板条目来做出响应。
Most of the company’s data, backups, machine configurations and offsite backups were either partially or completely deleted by the time they regained control. In 12 hours, the attacker did enough damage to put Code Spaces out of business forever. The damage wasn’t just financial, but human — six people presumably lost their jobs when the business went down.
公司的大多数数据,备份,机器配置和异地备份在恢复控制权时都已部分或全部删除。 在12小时内,攻击者造成了足够的破坏,使Code Spaces 永久停业。 损失不仅是财务上的损失,还包括人员方面的损失-据估计,当企业倒闭时,有六人失业。
To clarify, the AWS servers were never actually hacked, and the Code Spaces’ database wasn’t stolen. What appears to have happened is the attacker found a way to access control panels but didn’t have access to Private Keys.
需要说明的是,AWS服务器从未真正遭到黑客入侵,而且Code Spaces的数据库也没有被盗。 似乎已发生的事情是,攻击者找到了一种访问控制面板的方法,但无权访问私钥。
Was the attack preventable? It’s not clear what steps Code Spaces took to regain control, just that significant damage was done while the team was locked out. What’s clear is that it’s a bad idea to rely on just one service for your whole infrastructure.
攻击可以预防吗? 目前尚不清楚Code Spaces采取了什么步骤来重新获得控制权,只是在团队被锁定期间造成了重大损失。 显然,对于整个基础架构仅依赖一项服务是一个坏主意。
Code Spaces don’t believe the attack was perpetrated by an ex- or current employee, so 2FA (two-factor authentication) may also have prevented the attack. They also didn’t have a disaster/incident response plan in place. If they had moved quickly and informed AWS early, it’s highly probable they could’ve saved the day — and the business.
代码空间不认为该攻击是由前雇员或当前雇员实施的,因此2FA(两因素身份验证)也可能阻止了该攻击。 他们还没有制定灾难/事件响应计划。 如果他们Swift采取行动并及早通知AWS,那么他们很有可能挽救了这一天以及整个业务。
There are many different types of DDoS attack, but some are more common than others. The most common are:
DDoS攻击有很多不同类型,但有些比其他更普遍。 最常见的是:
CP Connection Attacks – these attempt to use all of the available connections and connect to infrastructure devices such as load balancers, app servers and firewalls.
CP连接攻击 –这些尝试使用所有可用的连接并连接到基础结构设备,例如负载平衡器,应用程序服务器和防火墙。
Volumetric Attacks – these consume bandwidth within the target network and/or between the network and the rest of the internet.
批量攻击 –这些攻击消耗了目标网络内和/或网络与Internet其余部分之间的带宽。
Fragmentation Attacks – these send a flood of UCP or TCP fragments to the target network/victim which overwhelm the ability to reassemble the streams, which in turn reduces performance significantly.
碎片攻击 –这些攻击将大量的UCP或TCP碎片发送到目标网络/受害者,从而淹没了重组流的能力,从而大大降低了性能。
Application Attacks – these can be effective even without a huge botnet, just a few attacking machines are necessary to carry out the attack as they attempt to overwhelm a specific part of an app or service.
应用程序攻击 -即使没有庞大的僵尸网络,这些攻击也可以有效,因为只有少数几台攻击机器才能进行攻击,因为它们试图压倒应用程序或服务的特定部分。
NTP-based Attacks are becoming more common and can amplify traffic requests in much the same manner as a fragmentation attack by using the NTP protocol to request large replies.
基于NTP的攻击正变得越来越普遍,并且可以通过使用NTP协议来请求大量答复,从而以与碎片攻击大致相同的方式放大流量请求。
The above shows a map of global DDoS attacks taking place in real time – attacks are displayed as dotted lines and show the source and destination countries of attack traffic.
上面显示了实时发生的全球DDoS攻击的地图-攻击以虚线显示,并显示攻击流量的源国和目的地国。
Sadly, Code Spaces is far from an isolated case and DDoS attacks are extremely difficult, if not nigh on impossible, to detect and prevent. According to the latest Quarterly Global DDoS Attack Report commissioned by Prolexic, compared to the same period in 2013, there’s been a 22% increase in attacks in 2014.
遗憾的是,Code Spaces远非孤立的情况,DDoS攻击非常难以检测和预防, 即使不是几乎不可能 。 根据Prolexic委托发布的最新的《 全球DDoS季度攻击报告》 ,与2013年同期相比,2014年的攻击增加了22%。
These days, the majority of attacks use botnets. They are the most effective form of attack, they distribute the attack completely and they are relatively simple to perform. Most botnets recruit Windows computers as bots, but in 2012 the Flashback botnet infected more than 600,000 Macs.
如今,大多数攻击都使用僵尸网络。 它们是最有效的攻击形式,它们可以完全分发攻击,并且执行起来相对简单。 大多数僵尸网络会以Windows计算机作为僵尸网络,但是在2012年, 闪回僵尸网络感染了60万台Mac。
A botnet can act as an amplifier to increase the efficacy of an attack as shown in the image above
僵尸网络可以充当放大器,以提高攻击效率,如上图所示
Not every cyber-attacker will own a botnet, but you can rent them by the hour for as little as $200 per day. Ideal for a couple of afternoon’s work extorting cash from website owners.
并非每个网络攻击者都会拥有一个僵尸网络,但是您可以按小时租用,每天的费用仅为200美元 。 是下午的一些工作从网站所有者那里勒索现金的理想选择。
The perfect solution would be to eliminate botnets, but since we’re not winning the fight against cybercrime as malware authors become increasingly sophisticated, this doesn’t look likely.
完美的解决方案是消除僵尸网络,但是由于恶意软件作者变得越来越老练,我们无法赢得与网络犯罪的斗争,因此这似乎不太可能。
One simple way to avoid an attack is simply to buy more bandwidth, but this isn’t enough to stop a large scale attack. It’s better, where possible, to have a number of servers scattered throughout multiple data centers and to use good load balancing which can be provided through cloud services such as that offered by Rackspace.
避免攻击的一种简单方法就是简单地购买更多带宽,但这不足以阻止大规模攻击。 在可能的情况下,最好将多个服务器分散在多个数据中心中,并使用良好的负载平衡,这可以通过Rackspace等云服务来提供 。
There are commercial services available from a few companies that can help to mitigate the risk and to clean up quickly when one of their customers is attacked. Again, this is achieved by having a large scale network and it’s safe to assume that these may be priced too highly for many smaller businesses or individuals.
一些公司提供了一些商业服务,可帮助降低风险并在其客户之一受到攻击时Swift清除。 同样,这是通过拥有大规模网络来实现的,可以放心地认为,对于许多小型企业或个人而言,这些产品的定价可能过高。
CDNs (content delivery networks) can also be used to send files to customers in a distributed manner, which can also help to protect against DDoS attacks.
CDN(内容交付网络)还可以用于以分布式方式将文件发送给客户,这也有助于防止DDoS攻击。
Tie your network down as much as possible to help prevent attacks. Ensure routers are properly configured, drop junk packets and if you don’t need certain protocols such as ICMP to be running, then stop them. You should also have a high-quality hardware firewall in place and ensure that all connected machines are running security software and have all of the latest software patches applied for both the OS and other, third-party software, such as Office, Adobe products and Java.
尽可能束缚您的网络,以帮助防止攻击。 确保路由器配置正确,丢弃垃圾数据包,并且如果不需要运行某些协议(例如ICMP),则将其停止。 您还应该拥有高质量的硬件防火墙,并确保所有连接的计算机都在运行安全软件,并为操作系统和其他第三方软件(例如Office,Adobe产品和Java。
Since many modern websites use dynamic resources, this makes it more difficult to mitigate risk. This often leads to database failure when an attack takes place, even if it’s relatively small scale. Consider the use of caching servers to provide static content where possible.
由于许多现代网站使用动态资源,因此降低风险变得更加困难。 即使发生规模较小,这通常会在发生攻击时导致数据库故障。 考虑在可能的情况下使用缓存服务器来提供静态内容。
It’s also a good idea to have a monitoring system in place, as DDoS attacks tend to get gradually worse as the attack takes hold. The earlier that you can be alerted and take action, the better chance you have. Monitors should first be put in place to record what’s considered to be ‘normal traffic’ for the network. Then alerts should be set up so that if an increase in bandwidth and network traffic is detected, the IT admin can be notified and try to mitigate the attack.
部署监控系统也是一个好主意,因为随着攻击的发生 ,DDoS攻击趋于逐渐恶化。 越早收到警报并采取措施,您的机会就越大。 首先应该放置监视器,以记录网络的“正常流量”。 然后应设置警报,以便如果检测到带宽和网络流量增加,则可以通知IT管理员并尝试减轻攻击。
Early detection is key if a full-scale attack is to be avoided and even then, it’s difficult to do much about it without a greater bandwidth than the attacker. The worst thing is that currently, the size of individual DDoS attacks is also increasing.
如果要避免全面攻击,早期检测是关键,即使这样,如果没有比攻击者更大的带宽,则很难做很多事情。 最糟糕的是,当前,单个DDoS攻击的规模也在增加。
In order to be able to respond quickly to any threat and especially loss of data an incident response plan is vital to a business’s survival. While many companies don’t employ a plan, they’re not difficult to write and implement but are a key part of getting systems back to normal quickly.
为了能够快速响应任何威胁,尤其是数据丢失, 事件响应计划对于企业的生存至关重要。 尽管许多公司没有采用计划,但是它们并不难编写和实施,但它们是使系统快速恢复正常状态的关键部分。
The document should cover:
该文件应涵盖:
Emergency response plan: This should cover what needs to be done immediately in order to set the plan into action. If authority is needed in order for the plan to be launched, then contact information and procedures should be listed here first.
紧急响应计划 :这应包括立即采取行动以使计划生效的计划。 如果需要授权以启动该计划,则应首先在此处列出联系信息和过程。
People: A list of important contacts such as the IT support company used and the key contact person should be provided. Additionally, it’s important to assign at least one person who deals with backup and recovery so that systems can be brought online again with a minimum of downtime. If the company employs a DDoS protection service, then these should also be on the list as well as the names of the key internal IT staff and those responsible for implementing business continuity plans.
人员 :应该提供重要联系人的列表,例如所使用的IT支持公司和主要联系人。 此外,重要的是,至少要指派一名负责备份和恢复的人员,以使系统可以重新上线,并减少停机时间。 如果公司采用了DDoS保护服务,则还应在清单上以及这些关键内部IT员工的名称以及负责实施业务连续性计划的人员的姓名。
Documentation: This should list where all the relevant documentation can be found for any given situation. Remember that incident response plans will cover things such as fire and theft too, so it’s important that all information, even that kept offsite, can be accessed for all eventualities.
文档 :应列出在任何给定情况下可以找到所有相关文档的位置。 请记住,事件响应计划也将涵盖火灾和盗窃之类的内容,因此重要的是,所有意外事件都可以访问所有信息,即使是不在现场的信息也是如此。
Backup and recovery procedures: This should cover how the data is backed up and where it’s stored, as well as who is responsible and what rules have to be followed with regards to regulations for things like PCI DSS.
备份和恢复过程 :这应该涵盖如何备份数据以及将数据存储在何处,以及由谁负责以及在诸如PCI DSS之类的法规方面必须遵循哪些规则。
Alternative downtime technology: In the event of downtime, loss in revenue is often made worse as staff can’t physically work at their machines as usual. With this in mind, it’s a good idea to make provisions so that work can continue as much as possible away from the network. This could mean employees working from home while the system is recovered, or the setting up of backup systems for key personnel.
另类的停机技术 :发生停机时,由于员工无法像往常一样在机器上进行实际工作,收入损失通常会更加严重。 考虑到这一点,最好做好准备以使工作可以在尽可能远离网络的情况下继续进行。 这可能意味着在恢复系统的同时在家工作的员工,或为关键人员设置备份系统。
Policies and procedures: To prevent people running around like headless chickens, it’s important to set up step-by-step procedures for them depending on their role. For example, IT staff should inform support companies and supplies, and there should be clear instructions and contacts contained within the document which enable them to do so quickly and confidently.
政策和程序 :为防止人们像无头的鸡一样四处奔走,请务必根据其角色设置分步程序。 例如,IT员工应告知支持公司和供应商,并且文档中应包含清晰的说明和联系方式,以使他们能够Swift而自信地这样做。
It’s important staff are aware of the plan and what their particular role requires them to do. It’s also vital to revisit the plan regularly as new practices within the company come into play to ensure it’s always up-to-date.
重要的是,员工必须了解计划以及他们所扮演的特殊角色。 随着公司内部新实践的出现,定期重新审查该计划也很重要,以确保该计划始终是最新的。
Aside from locking down our own networks as much as possible, blocking those ports at firewall level that don’t need to be routing traffic, and monitoring bandwidth and files, there’s not a great deal the average person can do. However, as a community, it’s easiest to fight back through education. DDoS attacks are much higher in the public consciousness since Anonymous and LulzSec began to appear more regularly in the news, especially when they hit large targets such as PayPal.
除了尽可能地锁定我们自己的网络,在防火墙级别阻止不需要路由流量,监视带宽和文件的那些端口之外,普通人没有什么可做的。 但是,作为一个社区,通过教育进行反击是最容易的。 自从Anonymous和LulzSec开始在新闻中更经常出现以来,DDoS攻击在公众意识中要高得多,尤其是当它们击中PayPal等大型目标时。
These hacktivist groups are all but dead in the water now since the FBI and other international law enforcement agencies prosecuted many of the groups’ leaders. But they have meant that more people are aware of the existence of such attacks.
自从FBI和其他国际执法机构起诉了许多黑客组织领导人以来,这些骇客主义者组织几乎全部陷入水中。 但是,这意味着更多的人意识到这种攻击的存在。
It’s the responsibility of the internet community to be vigilant and to do what they can to educate people about malware. About 80,000 people per day still fall for phishing scams, which often seem very obvious to the knowledgeable.
互联网社区有责任保持警惕,并尽其所能来教育人们有关恶意软件的知识。 每天仍有约80,000人因网络钓鱼诈骗而堕落,对于知识渊博的人来说,这往往非常明显。
We can tell our clients — after all, a business client that understands how their profits might be affected is likely to listen — how to protect themselves. We can tell family and friends and ensure that we get involved in discussion. Social media is a great channel and there are online resources which alert people to common scams such as Hoax Slayer and Snopes, which can help to boost education.
我们可以告诉客户-毕竟,了解自己的利润可能受到如何影响的商业客户很可能会听取-如何保护自己。 我们可以告诉家人和朋友,并确保我们参与讨论。 社交媒体是一个很好的渠道,在线资源可以使人们警惕常见的骗局,例如Hoax Slayer和Snopes ,它们可以帮助促进教育。
Good protection at individual machine and network level is vital to overcoming the issue in the long term. Prevention, network protection, and a robust incident response plan can help keep you safe. But the issue is wider than that: Unless the wider community is aware of the dangers, they’ll continue to be infected with malware, recruited to botnets, and DDoS attacks will continue to damage businesses.
从长远来看,在单个计算机和网络级别上提供良好的保护对于解决此问题至关重要。 预防,网络保护和强大的事件响应计划可以帮助您确保安全。 但是问题远不止于此:除非更广泛的社区意识到危险,否则他们将继续感染恶意软件,被招募到僵尸网络,DDoS攻击将继续损害企业。
Have you prepared an incident response plan? What have your experiences dealing with online threats taught you?
您是否准备了事件响应计划? 您在处理在线威胁方面的经验教给了您什么?
翻译自: https://www.sitepoint.com/surviving-age-internet-pirates/
盗版软件在中国流行
相关资源:jdk-8u281-windows-x64.exe