Hackers launching targeted ransomware DDoS attacks have become the new normal, and DDOS protection needs to be paid attention to at all times

The current situation of DDOS protection is not optimistic. Hackers use vulnerabilities in industrial public systems or platforms to invade companies. In 2020, Taiwan has a number of attacks targeting manufacturing industries. In addition to threats to use ransomware to encrypt corporate systems and disks, the attack methods are targeted. In addition to Target Ransom attacks, there are also targeted DDoS (Target DDoS) attacks that target the manufacturing industry. There are even reports of hackers launching DDoS attacks to paralyze the supply chain platform of the manufacturing industry. The other party may think that only threats are victimized. The victim will suffer actual losses, and the victimized company may be willing to pay the ransom, and the hackers’ attack methods, whether it is targeted blackmail or targeted DDoS, will not subside even by 2021.
The method of using ransomware to encrypt data and then threatening the victim to pay the ransom. Since the WannaCry ransomware, this method of intimidating money has not disappeared, but the difference is that early ransomware including WannaCry, the target is general Individual users, even if the victim is a business, are usually caused by unpatched vulnerabilities on the personal computer.
However, since May of last year, oil companies, automation equipment companies, semiconductor packaging and testing companies, PCB companies, and wearable manufacturers have all been attacked by hackers who used ransomware to encrypt corporate data and demanded high ransoms. event.
Chang Yumin, senior associate of Trend Micro's global core technology department, said that the above security incidents can be called targeted ransomware attacks. If you further analyze the hacking methods, you usually use the network, RDP (Remote Desktop Protocol), and VPN (Virtual Private Channel). The weakness, or the use of phishing emails, to invade and lurking in the enterprise, mainly to lock the AD directory service server and spread a large amount of ransomware at a specific point in time. The purpose is to encrypt important host content such as AD servers. Hackers can Take the opportunity to extort a high ransom from the company. Once the company is unwilling to pay the ransom, these hackers will also threaten to make the company's data public on the Internet, or back up the encrypted data, and wait until the company cannot restore the related data because there is no backup data. The hacker can take the opportunity to ask the company to pay a ransom for data. Many application hosting platforms commonly used by developers, such as GitHub and GitLab, have also become channels for hackers to store information stolen from enterprises.
After a large wearable company reported that it was encrypted by hackers and extorted a ransom of up to 300 million yuan in July, it was also reported on November 9 that a computer assembly company was extorted by the hacker organization DoppelPaymer for a high ransom, although the company was not exposed to the public. When it comes to ransomware attacks, it is because the network system is faulty. However, in the blockchain ransomware wallet sent by the hackers, it was found that someone had deposited 28.3 bitcoins (approximately US$500,000), and the anti-money laundering company CipherTrace also carried out cash flow. The analysis found that these deposited bitcoins were purchased through the Over the Counter (OTC) method, but it was impossible to determine whether the bitcoins were paid for the computer assembly company.
According to observations, some hacker organizations lock high-tech companies in Taiwan. They usually find weak websites without DDOS protection to break through. For example, websites with file upload functions are the most attacked, and most anti-virus software can hardly detect smoothly. The malicious Web Shells of these uploading file websites were detected; other common targets are the old systems that forgot to go offline, the test host did not have proper DDOS protection, or the undefended host without masters that forgot to go offline are also hackers’ favorite lock attacks. One of the objects.
Some people continue to point out that after hackers use this to invade the company, they can find the account passwords of high-privileged users by monitoring passwords or moving horizontally, such as the Administrator of the AD server, and even have the opportunity to control the highest-privileged Domain Controller (DC) of the unit; When hackers successfully master the company, they will also install VPN software inside the company, leaving a channel for returning to the company in the future. Once the hacker has successfully mastered the high-privileged users of the hacked company, he can launch a carpet attack. Whether it is lurking inside the company or controlling an important server of the company, it is all within the hacker's mind.
Therefore, doing DDoS protection measures has become very important for the networks or servers of today's Internet companies. With DDoS protection measures, you can maximize your own interests from being infringed.
This article is transferred from: https://www.zhuanqq.com/News/Industry/371.html