As the world enters the new coronavirus raging madness to dark moment, cyber threats have intensified the trend ......
Faced with the sudden outbreak of the novel coronavirus, "Black Swan", the network produced many black organizations to take this "opportunity", hackers are taking advantage of people's fear and confusion under the name of the name "coronavirus" cyber attacks, to more cunning way computer viruses, Trojan horses, and other malicious program disguised as a mobile information contained "cases of pneumonia", "World Health Organization", "masks" and other popular word spread through phishing, malicious links and other means.
Due to the recent hacker attacks caused by information security incidents have:
➤ WHO web site up to more than 2,000 a day are suffering from hacker attacks, hackers try to steal information to posing as the WHO, the virus is sent through the site to the public network, the implementation of phishing scams.
➤ black hat hacker organization Maze ransomware infection with the coronavirus, a research company's infrastructure, thereby trying to steal sensitive data and published.
➤ Indian hackers take advantage of pneumonia epidemic-related topics as bait documents, APT launched an attack on the medical field working to fight the epidemic.
➤ a domestic company's corporate mail was hacked, return to work was just phishing swindle $ 150,000.
Affected by the new outbreak of the crown, setting off a global telecommuting and tele-education boom, the surge in Internet traffic, phishing attacks and malicious software are also becoming more common. Loss of privacy, loss of data, business interruption and other security risks will emerge, healthcare, online education, communication, electricity supplier industry has become the focus of hackers targeted.
Faced with frequent information security incidents and potential security threats, and gradually resumed production complex, teleworking companies how to protect their own safety?
Let's look at the data security infrastructure protection, companies should be what "self precautionary measures" taken?
① transmission end data encryption protection
Private information relating to the user's corporate website, always faced with phishing sites, middle attack, data theft and other potential risk of tampering, personal information and corporate data subject to serious security threats, reduce data security risks that need to transmit encrypted end to end protection, which deployed SSL certificates for the remote transmission of data is encrypted, highly effective protection of the user's data secure, encrypted Internet traffic to ensure that the recipient of the correct object.
② identify phishing messages eyes
According to statistics, 90% of network attacks caused by a phishing e-mail. Whether enterprises, universities, government departments, e-mail is still a very important message to convey channels. During the epidemic, rampant counterfeiting scams and e-mail, e-mail has become one of the main APT attacks. To create the perfect email security system, we must end the e-mail client, every aspect of the mail server security, email service providers to take appropriate technical measures, that have enterprise authentication, signature message content, the encrypted message content, Mail prevent data leakage, prevent identity forgery and other functions.
③ continuous monitoring to ensure the secure transmission of data
SSL vulnerabilities, hackers exploit security certificate expired event data theft, leakage and other private certificate mismanagement caused during the epidemic after another, to the enterprise brand damage, business interruption, loss of funds and other negative effects, but faced with the safe operation and maintenance more difficult challenge. Managers should determine the operational and security policy, the establishment of a comprehensive list of certificates and ownership tracking, continuous monitoring of the operating certificate and security status and implementation of automated certificate management, minimize human error and maximize efficiency.
④ breaking the traditional way to achieve a more secure digital signature
Because developers mismanagement key is stolen by hackers, which means legal digital signature mining implants Trojans and other viruses in the software, the malware propagation resulting in damage to corporate reputation; especially teleworking during the epidemic, but also to inconvenience and serious security risks hardware Ukey this traditional digital signature authentication. Code signing is used to protect intellectual property and reputation, to confirm the identity of software developers to prove that self-signed after the software has not been modified and tampered with, its importance can not be overstated, so we need a more secure authentication method: can not be copied, non-repudiation, integrated with the universal system ease of use. Protect the key in the highly secure encryption engine to protect the life cycle and sales applications.
