Go homepage(回首页)
Upload pictures (上传图片)
Write articles (发文字帖)

The author:(作者)归海一刀
published in(发表于) 2013/11/14 3:25:01
Malware Analyst： data breach incidents by business cover

Malware Analyst: data breach incidents by business cover-data leakage, vulnerability, cyberattacks-IT information Malware Analyst: data breach incidents by business cover

A newly baked ThreatTrack safety survey found that data breaches malware analysts dealing with security incidents, with 57% not being disclosed in a timely manner. Given such enterprises cover attitude--perhaps to protect their reputations or to avoid sharp questions from clients and investors – we found two interesting phenomena: data breach incidents spread a wider scope than expected of the enterprises involved, and enterprise's contribution in the fight against cyber attacks is much lower than the ordinary user's cognitive impressions.

Security vulnerabilities and network attack activities have emerged as major challenges faced by global companies. Event of a data breach, a corporate network is likely to become a hacker in the eyes of the orphan treasures. All customer information--including phone numbers, addresses, and credit card information--especially sensitive information would face serious potential risks, some of this information could even affect public safety . This year has been exposed several high profile breach, being implicated, including LivingSocial, Evernote and the Fed.

Verizon companies in 2013 in the data breach investigations report stated that 2012 confirmed the data breach at 621. But if you consider the ThreatTrack data said the number of employees in enterprises with more than 500, 66% correlation of person went undisclosed security issue, then clearly this number 621 is being severely underestimated.

By Opinion Matters in October published a study this year, the survey of 200 guests from the United States conducted a survey of enterprise security experts.

"Despite numerous malware analysts for companies not reporting data leaks are frustrated, but for the incident itself, we are not surprised," ThreatTrack CEO Julian Waits says. "Every day, the malware is becoming more complex, United States enterprises continues to focus its attention on espionage from overseas competitors and foreign Governments themselves. According to this study, malware analysts have been keenly aware of the threats to the current, and despite the many security practitioners have been fighting network attacks and achieved success by stages, but its resources and tools are still relatively scarce. ”

As expected, 40% per cent of respondents indicated that their role is complementary skills resources the biggest challenges facing too nervous. Many malware analyst also said the current situation has an interesting twist: because executives surfing habits change--such as browsing pornographic Web sites, click phishing emails and install malicious applications that allow the malware to penetrate to the network-security staff had to spend most of their time in terms of cleaning up the mess for them.

According to the survey data, executive management chain of the apparatus has been exposed to malicious software from infecting mainly include the following:

· To access pornographic Web sites (40%)

· Click on malicious links in phishing emails (56%)

· To allow family members to use company-owned equipment (45%)

· Install malicious mobile applications (33%)

When asked about the challenge help protect corporate networks from attack, 67% respondents felt that the highly complex nature of modern malware is the most critical factor 67% indicates that the most direct attack frequency, 58% pointed out that the market is flooded with a large number of invalid solutions the most headaches.

This study also summarizes malware analysts views on Government-sponsored Cyber espionage. By combining, 37% respondents believed that United States is the most Cyber-espionage activities carried out at national, while China's support was ranked the second with 33%.

恶意软件分析师：数据泄露事故被企业遮掩 - 数据泄漏,安全漏洞,网络攻击 - IT资讯
恶意软件分析师：数据泄露事故被企业遮掩

一份新近出炉的ThreatTrack安全调查发现，在数据泄露恶意软件分析师处理的安全事故中，有57%未受到及时披露。鉴于企业方面的这种遮掩态度——也许是为了保护自身声誉或者避开来自客户及投资者的尖锐质询——我们发现两种有趣的现象：数据泄露事故的传播范围比当事企业的预期更广、而企业在对抗网络攻击者方面的贡献则远低于普通用户的认知印象。

安全漏洞与网络攻击活动已经成为全球企业所面临的重大难题。一旦发生数据泄露事件，企业网络很可能沦为黑客分子眼中的无主宝藏。所有客户信息——包括电话号码、地址以及银行卡信息——特别是敏感信息将面临严峻潜在风险，其中某些信息甚至可能影响到公共设施安全。就在今年之内已经曝光过多起高调泄露事件，受到牵连的则包括LivingSocial、Evernote以及美联储等。

Verizon公司在2013年《数据泄露调查报告》中指出，2012年经过证实的数据泄露事件达到621起。不过如果考虑到ThreatTrack曾公布数据称在员工数量超过五百位的企业中，有66%的相关分析人士经历过未披露安全问题，那么这621起的数量显然是被严重低估了。

由Opinion Matters于今年十月公布了一份研究结果，这份调查对200位来自美国企业的安全专家进行了调查。

“尽管众多恶意软件分析人士对于企业瞒报数据泄露事故的行为感到沮丧，但对于事故本身的发生我们并不感到意外，”ThreatTrack公司CEO Julian Waits表示。“每过一天，恶意软件都变得更为复杂，而美国企业仍然把关注重点放在来自海外竞争对手及外国政府的间谍活动身上。这份研究报告显示，恶意软件分析师们已经敏锐地意识到当前所面临的威胁，而且尽管很多安全从业者已经在与网络攻击活动的对抗中取得阶段性成果、但其资源及工具仍然比较匮乏。”

不出所料，40%的受访者表示其角色所面对的最大难题在于辅助技能资源太过紧张。很多恶意软件分析师还表示，目前形势出现了有趣的转折：由于高管人员上网习惯的改变——例如浏览色情网站、点击钓鱼邮件并安装允许恶意软件向网络渗透的恶意应用等——安全人员不得不将大部分时间用在替他们收拾烂摊子方面。

根据调查数据，高管人员令管理链设备遭受恶意软件感染的方式主要有以下几种：

• 访问色情网站（40%）

• 在钓鱼邮件中点击恶意链接（56%）

• 允许家庭成员使用公司拥有的设备（45%）

• 安装恶意移动应用（33%）

在被问及帮助企业网络抵御侵袭方面的难题时，67%的受访者认为现代恶意软件的高度复杂性是最关键的因素；67%表示攻击活动频率影响最为直接；58%则指出市场上充斥的大量无效解决方案最令人头痛。

此项研究还汇总了恶意软件分析师们对于政府资助网络间谍活动的看法。通过汇总，37%的受访者认为美国是最善于进行网络间谍活动的国家，而中国则以33%的支持率位列第二。

赞