Abstract: The evolution of network security strategies in the financial industry, Windows SMB service 0-day vulnerability warning, new "fileless" ransomware Sorebrect evolution attack warning, anti-fraud challenges and methodology of inclusive finance, Gartner: 2017 China Emerging Technology Hype Cycle
[This week's headlines]
The evolution of cybersecurity strategies in the financial industry. Click to view the original text
Summary: The challenges faced by the financial industry are more complex and changeable, such as data security, IoT security, ransomware, stricter compliance requirements, etc. Correspondingly, the cybersecurity protection methodology of the financial industry also needs to evolve accordingly. The "isolated" intrusion prevention method and the traditional terminal protection are gradually weakened. The financial industry should pay more attention to these three capabilities: accurate detection and identification, rapid incident response, and threat intelligence.
Comments: Fortinet's views are in common with the four security "new perceptions" proposed by Alibaba Cloud Security at the Security Summit. When the security boundary disappears, what should be done for industry security is not to "build walls from the outside", but to "deploy from the inside": for example, do a good job in east-west traffic monitoring, defense strategy and network access control automation. In addition, in the building of financial security capabilities, financial security should also pay attention to the power of people. No matter how good products, threat intelligence capabilities and detection technologies are, if there are no elites to operate, it is difficult to implement security strategies. Finally, the blue army system and algorithm capabilities are also a breakthrough in the security defense ceiling of the financial industry.
【Related security incidents】
Windows SMB service 0day vulnerability warning. Click to view the original text
Summary: Recently, at the 2017 DEF CON hacker conference held in Las Vegas, United States, foreign security researchers announced a vulnerability on Windows systems that had not been discovered for 20 years. The vulnerability is named "SMBLoris". This vulnerability can easily be exploited with a short 20-line code to launch a DoS attack and cause system memory resource exhaustion. This vulnerability affects the SMBv1 protocol of Windows 2000 and above systems.
Comments: Microsoft officially stated that it does not plan to release a patch to fix this vulnerability. Alibaba Cloud recommends strengthening the system in the following ways to reduce risks: first, if you do not need to use network file sharing services, it is recommended to disable the SMB protocol; second, use the security group policy to prohibit the public network and the internal network from entering port 445 traffic.
New "fileless" ransomware Sorebrect evolution attack warning . Click to view the original text
Summary: The new ransomware Sorebrect is breaking out. The ransomware obtains account and password information through RDP brute force cracking, and then enters the system, injects malicious code into the legitimate program svchost.exe, and then destroys the virus files to avoid the detection of anti-virus software. Sorebrect uses Microsoft's Sysinternals PsExec command to encrypt local files, and uses the built-in scanning function to scan for and encrypt network shared files. Sorebrect ransomware is the first ransomware to evade detection by destroying virus files, and it has high security risks.
Comments: Alibaba Cloud recommends that system administrators and security engineers can take the following precautions: prohibiting port 3389 from being opened to the outside world, and recommending the use of VPN and bastion host for safe operation and maintenance management; strengthening Windows operating system account passwords and enabling the log audit function, Improve system security; close network shared folders, set user read and write permissions for folders with high security requirements; regularly update operating system software patches; perform regular backups of all important files and documents, and back up data to infrequent connections The external storage device of the computer; install anti-virus software, do not click on unknown links at will; cloud shield situational awareness and security knight currently provide automatic detection and defense.
【Financial Security Dynamics】
Fanpujinke: Anti-fraud challenges and methodologies for financial inclusion. Click to view the original text
Summary: Fanpujinke CEO Yang Fan believes that the biggest enemy of Internet financial companies is fraud. Fraud gangs are developing rapidly in the direction of technology, scale and systemization. The algorithm is the magic weapon for its financial risk control. Through data cleaning, data processing, and data processing, the scattered data is turned into variables; the risk control efficiency is improved by automatically modeling robots.
【View on the cloud】
Gartner: Hype Cycle of Emerging Technologies in China in 2017. Click to view the original text
Summary: Blockchain and the Internet of Things are in a "expansion period", and data financial services are already in a "disillusionment period". In terms of technological importance, the Internet of Things, cloud computing, big data, deep learning, blockchain and autonomous driving are side by side as transformative technologies. Important technologies include 5G, LPWA, new digital e-commerce platforms and digital finance, SaaS and PaaS, etc.
Comments: The traditional financial industry has never been a follower of new technologies in the early days. As the revolution of new finance is coming, traditional finance has gradually embraced and tried new technologies. In the security field, cloud security and situational awareness have gone through the "overheating period" and have begun to move from a recovery period to a mature period. More and more financial customers are gradually becoming accustomed to operating security on the cloud, and using cloud security to strengthen and optimize their own protection capabilities.
Original link: http://click.aliyun.com/m/28084/