Ten years ago, smartphones were not widely popularized, Windows 7 had just been released, and network security was a niche circle, far from being a frequent visitor to media reporters today.
From an isolated island to a small world of its own. In the past 10 years of network security, there have been ups and downs, there have been glories, we have been at the bottom, and we have seen the rise of high buildings. A group of white hats, from loners and knights to being under the control of a company or embarking on an entrepreneurial path, fight for the security of the online world. There are also a group of people who have become separated and become black hats, hanging out with black industries and the dark web, and hiding and seeking in the safe world. A group of network security companies, from 0 to 1, have witnessed network security moving towards compliance and industrialization, and interspersed among them are security incidents that you may still vaguely remember in the past 10 years...
In 2020, when network security starts again, the author wants to walk through these 10 years with you again.
ten
In the summer of 2010, the Stuxnet virus was discovered for the first time. In September, Iran's nuclear facilities were suddenly attacked by the Stuxnet virus. Thousands of centrifuges at the Natanz centrifuge enrichment plant were scrapped. As a result, Iran's nuclear The planning process was set back two years.
Stuxnet, which quickly swept through the global industry, became a lingering shadow for network security professionals in 2010. As of 2011, Stuxnet had infected more than 45,000 networks and 60% of personal computers around the world. Before this, no one could have imagined that a virus would dominate headlines around the world. This first worm to specifically attack physical world infrastructure seemed to pave the way for attacks on critical infrastructure in the following decade.
Nine
In 2011, there were many new online games in China, and the industry scale reached 41 billion. At the same time, the Internet industry, which is in the process of transformation, has also begun to move towards multi-line development business models such as online games, film and television, and online communities. When the entire online game industry is improving, June 15th is an ordinary Wednesday. You may have forgotten this day, but for the hacker organization Lulz Sec, this is almost their busiest day.
Lulz Sec attacked the gaming magazine The Escapist website, the IT security company Finfisher, and the login servers of online games "EVE Online", "League of Legends" (Eve of Legends), and "Minecraft" (Minecraft), successfully completing five kills .
This day, LulzSec calls it "Titanic Takeover Tuesday". Multiple game login servers were attacked, and the Minecraft game was completely brought down.
Every time a hacker succeeds, it is a wake-up call for corporate security.
This year, not only online game servers were attacked, but also the famous Sony PSN 2011 hacking incident and DigiNotar penetration incident.
In the spring of 2011, hackers stole the details of 77 million Sony PlayStation Network users. 77 million is inconspicuous in today's data leakage incidents that often cost hundreds of millions, but 9 years ago, this was one of the largest hacking incidents in the world.
In order to fix the vulnerability, Sony shut down the PlayStation Network, which took a full 23 days to repair. The corporate losses caused by the Sony data breach have made some companies begin to pay attention to the fact that necessary security investments should be made. Likewise, almost since then, more and more companies have added terms of service that allow users to waive their right to sue after similar security incidents.
Two months later, Dutch CA security certificate provider DigiNotar revealed that eight certificate servers had been hacked. Hackers issued fake CA certificates for 531 websites, including Google.com. This attack set off a complete revolution in the issuance of SSL/TLS certificates, and many of the procedures implemented at that time are still in use today...
eight
By 2012, with the popularization of smartphones, the emergence of a large number of tablet devices, and the release of the operating system Windows 8, the "Decision of the Standing Committee of the National People's Congress on Strengthening Network Information Protection" was also reviewed and approved. The gears of the network IT industry were in Keep moving forward.
In March, the well-known hacker organization Anonymous strongly opposed the US anti-piracy bill "SOPA" and even threatened to take down the entire Internet. In August, the WikiLeaks website suffered a continuous DDOS attack. For more than a week, you were unable to log in to the WikiLeaks website or the website responded very slowly. The Flame worm is raging in the Middle East, and even some areas in North Africa are not immune.
seven
On June 9, 2013, Edward Snowden, the former technical assistant of the CIA, took the initiative to contact the media and disclosed Project Prism, which dropped a nuclear bomb on the global network security circle. This project has been carried out by the National Security Agency (NSA) since 2007. The top-secret electronic surveillance program implemented since the George W. Bush era has almost refreshed our understanding of network information security. Nine international Internet giants, including Microsoft, Yahoo, Google, Apple, etc., have been involved.
User privacy protection and Internet sovereignty have been put on the table by various countries. The Ministry of Foreign Affairs of the People's Republic of my country established the Network Affairs Office, the "Internet Access Service Specifications" formulated by the Ministry of Industry and Information Technology were officially implemented, and the first batch of 4G licenses were officially issued. This year, our country began to accelerate the construction of independent and controllable information security and improve protection capabilities. .
six
In 2014, it was also known as a bloody battle triggered by a movie.
Sony Pictures, a subsidiary of Japan's Sony in the United States, produced a movie "The Interview" (also known as: The Assassination of Kim Jong-un). It was this movie that triggered a series of events that made relations between the United States and North Korea increasingly tense. In mid-November, Sony Pictures, which produced the film, suffered a hacker attack and rogue software was implanted into the company's computers. The software subsequently destroyed the data in the computers and caused the company's system to crash. North Korea has become the main suspect in the hacking incident. The then US President Obama even stated that he would consider adding North Korea back to the list of "state sponsors of terrorism".
By then, the North Korean nuclear issue is still in a deadlock, new hacker issues have surfaced, and the situation on the Korean Peninsula is developing with trepidation at every step.
five
On December 23, 2015, residents of the Ivano-Frankivsk region in far western Ukraine finished their day's work, and the operation and maintenance personnel in charge of the local power supply control center were about to complete their shifts. Suddenly, an The person on duty suddenly found that the cursor on his computer screen began to move around, and clicked on the dialog box - disconnect the circuit breaker - to confirm. Malicious specters in every device left more than 230,000 residents without power.
This was the Ukrainian power grid intrusion in 2015 and the first successful attack on the power network. Unfortunately, it was not the last. Since then, hackers seem to have further discovered the power of attacking critical infrastructure. In January, February, and December of 2016, Ukraine suffered multiple attacks on power facilities. Later, the victims ranged from Ukraine to Venezuela. La and other countries.
Of course, if Venezuela is too far away, then maybe you still remember the fear of being hit by the Apple iOS virus XGhost incident in September? At that time, the release of Apple 6S and the push of iOS 9 system made Apple proud. Users were warming up with their newly purchased Apple 6s. As a result, less than half a month later, Apple announced on its official website for the Chinese market that a large number of apps were infected by viruses. The incident affected nearly 100 million users.
Various security teams analyzed the XGhost virus behavior, transmission method, impact area from different angles, and even leaked the author’s information. In the past, this virus incident was caused by App developers using the Xcode development environment downloaded through third-party channels (not Apple's official channels) and downloading the iOS application development tool Xcode that was implanted with malicious code. Let developers pay more attention to security in product development and design.
Four
On July 20, 2016, Wuyun website was closed. Wu Di said: Wuyun has completed its mission.
This is an era when the Internet is developing explosively, but no one pays attention to network security. It is difficult to distinguish between white hats and hackers, and there are even a group of "zebras" mixed in. The white hats were caught after submitting the Jiayuan vulnerability. Who made the mistake? It can be said that with the increasing number of cyber crimes, no one tells the public how they are being violated, and no one tells white hats how to detect and publish vulnerabilities.
Dark clouds closing the site seems to indicate that this era of network security chaos is coming to an end. The good and evil of loopholes may be waiting for a trial, and as a result, in 2020, you may have an answer.
three
In 2017, it was a ransomware virus. On May 12, the WannaCry ransomware broke out globally, quickly triggering a "biochemical crisis" in the Internet industry.
The result of this wave of "Equation Group" and "Shadow Brokers" battles was that within a few hours, worm-like ransomware spread through the high-risk Eternal Blue vulnerability attacked hundreds of thousands of computers in 150 countries. The medical system, express delivery companies, schools, banks, and large petroleum and petrochemical companies have all been infected. For security companies, panic, emergency warnings, and urgent protection... are also overwhelming and deeply memorable.
The following June, Petya, a new ransomware virus similar to "WannaCry", also used the Eternal Blue vulnerability to spread, causing many large enterprises in many countries to be attacked, and governments, banks, power systems, etc. were all affected.
Around 2017, there was a brief period of large-scale ransomware outbreaks, such as TeslaCrypt, Ryuk, BadRabbit, etc. It was also during this period that the safety issues of industrial computers caused by Eternal Blue began to attract the attention of relevant national departments.
two
By the first half of 2018, more than 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions had been attacked by at least one malware attack. As more and more APT attacks are disclosed, the proportion of industrial control system computers being attacked by cyberattacks is also worrying. At this time, although ransomware attacks have declined significantly, customized attacks targeting specific targets are on the rise, and the proportion of cryptojacking is also growing rapidly.
When it comes to 2018, the Cambridge Analytica scandal must be indispensable. The data of as many as 87 million Facebook users was leaked, the US election was guided by data analysis, and a private company used big data to get involved in the center of the media storm. The power of data is once again vividly demonstrated. Using data as a weapon to interfere with current affairs has since then become a means for countries to blame each other.
Whether it is the increasing frequency of supply chain attacks, including backdoors in ShadowPad, expertr, and CCleaner, or the face-changing app: ZAO, which triggers in-depth discussions on privacy, or the ElasticSearch server data leakage of 42 million Chinese user resumes, and Apple's permanent hardware vulnerability , are all popular events this year, but 2019 is still a special time node: 5G is coming. Our country has experienced 1G blank, 2G follow-up, 3G breakthrough, 4G synchronization, and now it has finally ushered in 5G leadership.
After 5G was officially commercialized, 5G-related smart devices were quickly deployed. In November 2019, it was revealed that researchers had discovered 11 new vulnerabilities in the 5G protocol, which quickly drew public attention to 5G security. It can be said that this year, the threats faced by the network security field are diverse.
10 years back to 0, network security will start again in 2020! Looking back at the second decade of the 20th century, we will find that the changes in network security seemed to have laid the groundwork for the seemingly ordinary days of these 10 years.
1. Starting from the earliest "Stuxnet", network attacks against industrial infrastructure have become more targeted and customized. 2. Wannacry, which has swept the world, has opened a new era of cyber attacks. A large number of ransomware such as Petya and Ryuk have entered the public eye, and the targets of attacks have gradually shifted from individuals to enterprises. 3. From the NSA Prism program to the Sony data leak to the Cambridge Analytica scandal, historical security incidents have witnessed that data leaks have become normalized and large-scale, and the magnitude of leaked data has increased exponentially. …
If we say that 10 years ago, white hats had no idea where to go, and 4G had not yet been realized, a data leak of 77 million was already a major event. Now, we can smoke a cigarette and talk about APT and cyber warfare as usual, and talk about the 5G network, which company has recently leaked hundreds of millions of data... Although we cannot predict the specific situation in the new decade. What will happen, but starting from the present, we can know:
With the development of big data, privacy data security and compliance will still be hot topics in network security; the craze of ransomware will not subside, and high returns will allow attackers to continue to target specific targets; with the further development of artificial intelligence, hackers' attack techniques and weapons will Becoming more complex; 5G networks are rapidly popularizing, and IOT equipment may usher in an outbreak period; APT attacks have become a common attack method, and industrial control system (ICS) security is a top priority; …
Attackers continue to target specific targets; with the further development of artificial intelligence, hackers' attack techniques and weapons will become more complex; 5G networks are rapidly popularizing, and IOT equipment may usher in an outbreak period; APT attacks have become a common attack method, and industrial control systems (ICS ) Safety is the top priority; …
The second decade has passed. Standing at the intersection of the next decade, we will continue to move forward. The network security story of the 2020s has just begun.
What knowledge do you need to learn to get started with the basics of network security?
Cybersecurity learning route
This is an overview of the learning route outline for network security from basic to advanced. Friends, please remember to click and add it to your collection!
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-v19T846c-1677167179814) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)] Edit
Stage One: Basic Introduction
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-sRoDZu4K-1677167179814) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Introduction to Cyber Security
Penetration Testing Basics
Network basics
Operating system basics
Web security basics
Database basics
Programming basics
CTF basics
After completing this stage, you can earn an annual salary of 15w+
Stage 2: Technical advancement (at this point you are considered a beginner)
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-il25GFVz-1677167179815) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Weak passwords and password blasting
XSS vulnerability
CSRF vulnerability
SSRF vulnerability
XXE vulnerability
SQL injection
Arbitrary file manipulation vulnerability
Business logic vulnerability
The annual salary after studying at this stage is 25w+
Stage three: high-level promotion
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-ITOSD3Gz-1677167179816) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Deserialization vulnerability
RCE
Comprehensive shooting range practical project
Intranet penetration
Traffic Analysis
Log analysis
Malicious code analysis
Emergency Response
Practical training
After completing this stage, you can earn an annual salary of 30w+
Phase 4: Blue Team Course
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-SKCwwld2-1677167179818) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Blue Team Basics
Blue team advanced
This section focuses on the defense of the blue team, the network security engineers who are more easily understood by everyone.
With both offense and defense, the annual salary income can reach 400,000+
Stage 5: Interview Guide & Stage 6: Upgraded Content
You need the network security supporting videos, source codes and more network security related books & interview questions corresponding to the above roadmap.