Special commentator Quan Zhi, director of Alibaba Game Cloud:
The first two typical cases reported in this issue, SLockers ransomware virus, and police arrest of Xingdong chess hackers, one is for the C-side, that is, game users, and the other is for the B-side, that is, game companies. Both cases are instructive.
For the gaming industry, competition is fierce. In the early years of the terminal game era, the game industry had a high entry barrier, and no large-scale game company had its own self-built computer room or even an offensive and defensive team, which was relatively resistant to pressure. In the era of mobile games, each game company is small, and companies with thousands of people can be said to be rare. As for the high-cost and difficult-to-measure departments of computer room and security, it is not easy to be taken seriously. Even in the same game company, they are also developers and technicians.
However, the game industry is, after all, an industry with high turnover and high profits. A successful game is like mining a rich gold mine, which makes the game industry a favorite target for hackers.
The second piece of news, mentioned in the DDoS report, "the attack peak started slowly after the middle of the year, but the beginning of the year was a trough", which is understandable from the perspective of the game industry alone. New products from major game companies are usually available in the summer. During the launch of new games, in addition to the playability of the game, the stability of the service is also one of the important reference indicators for game players. So this period also attracted a lot of attacks.
[This week's headlines]
Interpretation of the ransomware SLocker attacking "Honor of Kings" . Click to view the original text
概要:趋势科技研究人员检测到一种新的SLocker变体,它在Android平台上模仿WannaCry加密勒索软件的界面。检测为ANDROIDOS_SLOCKER.OPSCB。文章解释了SLocker如何通过Q Q群聊和手机锁屏功能进行渗透。大部分受害者主要从“王者荣耀”Q Q聊天群购买游戏作 弊工具(例如修改器),从而感染手机勒索病毒。虽然中国警方已经逮捕了该勒索软件所谓的创始人,但其他的SLocker的运营商还没有被抓获。
【游戏安全动态】
绿盟科技发布《2017上半年DDoS与Web应用攻击态势报告》。点击查看原文
概要: DDoS攻击总次数比2016下半年下降30%,攻击总流量下降38.4%。单次攻击平均攻击时长为9小时,有10.6%的目标IP曾经遭受过长达24小时以上的攻击。2017 上半年TOP 5 攻击峰值事件攻击手段均为SYN Flood。
点评:对比阿里云发布的《2017年上半年游戏行业DDoS态势报告》数据(以下简称《游戏DDoS报告》),会有几个发现。首先,《游戏DDoS报告》监测到,游戏行业2017年上半年攻击最频繁的月份为1至3月,与绿盟所观测到的“年初DDoS 攻击放缓,年中攻击活跃”的行业整体趋势不一样。2017年上半年,绿盟所监测到单次最高攻击峰值为418Gbps,而《游戏DDoS报告》中,游戏行业2017年所受到的最大攻击为608G,本身,游戏行业既是DDoS攻击的重灾区。这与游戏行业的业务生命周期短、安全成本高、恶性竞争激烈有关。此外,CC攻击趋势从5月开始上升,是报告未提及的点。
【相关安全事件】
Windows SMB服务0day漏洞预警。点击查看原文
概要:近日,在美国拉斯维加斯举行的2017年度DEF CON黑客大会上,国外安全研究人员公布了Windows系统上的一个长达20年没有发现的漏洞,该漏洞名为“SMBLoris”,黑客可以轻松的使用简短的20行代码利用该漏洞即可发起DoS攻击导致系统内存资源耗尽,该漏洞影响Windows 2000及以上系统的SMBv1协议。
点评:微软官方表示不计划发布补丁修复该漏洞。阿里云建议用以下方式对系统进行强化加固,减小风险:首先,如果不需要使用网络文件共享服务,建议禁用SMB协议;其次,使用安全组策略禁止公网入、内网入445端口流量。
新型 “无文件” 勒索软件Sorebrect进化攻击预警。点击查看原文
概要:新的勒索病毒Sorebrect正在爆发,该勒索病毒通过RDP暴力破解获取账号密码信息后进入系统后会将恶意代码注入合法逬程svchost.exe中,然后销毁病毒文件以躲避杀毒软件的检测。Sorebrect 使用微软的Sysinternals PsExec命令加密本地文件,同时利用自带的扫描功能扫发现和加密网络共享文件。Sorebrect勒索病毒是第一个采用销毁病毒文件方式逃避检测的勒索病毒,存在较高的安全风险。
点评:阿里云建议系统管理员和安全工程师可以采取下列方法进行防范:禁止3389端口对外开放,建议使用VPN和堡垒机的方式进行安全运维管理;加固Windows操作系统账号密码,开启日志审计功能,提高系统安全性;关闭网络共享文件夹,针对高安全要求的文件夹设置用户的读写权限;定期更新操作系统软件补丁;对所有重要的文件和文档进行定期备份,将数据备份到不经常连接计算机的外部存储设备;安装防病毒软件,不要随意点击不明链接;云盾态势感知和安骑士目前提供自动检测和防御。
【云上视角】
Four hackers were caught and sentenced . Click to view the original text
Summary: Yu Mou and Li Mou were arrested by Changchun police on suspicion of his case (which was not verified later) . On May 31, Changchun police arrested Zhang in 1990 again in Henan. On August 16, Zhao, who was in 1995, took the initiative to surrender in Shandong. So far, four "post-90s" hackers have been arrested successively.
Selected Government Security Information Issue 2 2017: UK and US attach importance to IoT security, vulnerability disclosure and security talent training
Selected Financial Security Information Issue 2 2017: Financial cybersecurity and anti-fraud methodology, what is the maturity of emerging financial technologies?
Original link: http://click.aliyun.com/m/28086/