国防部、微软等等!
当我们接近2024年的一半, we have already witnessed several significant cyber incidents that have had far-reaching impacts on major global organisations. 这些事件导致了类似MITRE的事件, 微软甚至国防部(MoD), 不得不回答十大网博靠谱平台这些事件是如何发生的令人不安的问题.
在这个博客中, 我们将重点介绍今年迄今为止发生的五大网络事件, 检查发生了什么, 谁受到了影响, 的影响, 以及对网络安全实践的更广泛影响. 与我们一起报道这些重大的网络事件,并探讨我们可以从中吸取的教训.
中国政府发起的网络攻击活动
Hackers backed by China’s government spy agency have been accused by the US and UK of conducting a year-long cyber-attack campaign, 针对政客, 记者, 和企业. 这个活动, 被认为是中国政府支持的黑客组织所为, 旨在窃取敏感信息, 破坏关键基础设施. These coordinated cyber attacks reveal the growing threat posed by nation-state actors and the need for international cooperation to combat hostile nation states or state backed cyber threats effectively. [来源:英国《十大网博靠谱平台》]
这些攻击表明,网络威胁并不仅仅来自投机取巧的网络罪犯, 他们背后还有民族国家的力量. Organisations need to ensure they are regularly reviewing their cyber security posture to ensure that cyber defences are up to date and current best-practices are followed. A 网络安全态势评估 can highlight the strengths of your organisation’s defences and also indicate where you should focus for improvement.
国防部数据泄露
在本月初报道的一起重大数据泄露事件中, personal information of an unknown number of serving and former UK military personnel was accessed through a payroll system used by the Ministry of Defence (MoD). 泄露的数据包括姓名、银行详细信息,在某些情况下还包括个人地址. 违反, 哪个目标是由外部承包商管理的系统, 没有涉及任何国防部的操作数据吗. 我们立即采取行动关闭了该系统,调查仍在进行中. 国防部长格兰特·沙普斯将概述一项应对计划, 其中包括保护受影响个人的措施.
然而,谁是这次袭击的幕后主使仍未被披露, this incident highlights the importance of securing supply chains and systems managed by external contractors and demonstrates how easily vulnerable products can leave even the most mature organisations exposed to persistent threat actors.
网络安全的10个步骤:供应链安全
保罗克兰普顿, Partner Services Manager at IASME joins the 10 Steps to Cyber Security Video Series to deep dive into Supply Chain Security.
主教法冠R&D网络渗透
这是另一个十大网博靠谱平台供应链安全的不幸故事, MITRE在2024年4月披露了一次重大的网络攻击, orchestrated by state-sponsored hackers that exploited zero-day vulnerabilities in Ivanti VPN software.
MITRE是R中的关键角色&D为美国政府项目和广泛采用的MITRE ATT的作者&CK框架 . 这次袭击, 被认为是中国网络间谍组织UNC5221所为, 目标是MITRE的NERVE(网络实验), 研究, 和虚拟化环境)用于研究和开发的非机密网络.
黑客利用漏洞CVE-2023-46805和CVE-2024-21887, 部署复杂的恶意软件,如BrickStorm和BeeFlush, 并使用泄露的管理员凭证创建恶意虚拟机.
这一漏洞再次强调了供应链安全的重要性, 第三方产品的漏洞可能成为重大网络攻击的切入点. Organisations looking to prevent these types of attacks should have rigorous vulnerability management and ensure they are using supply chain risk assessments to determine the best third-parties to work with.
尽管在神经基础设施内保持持续性并尝试横向运动, 攻击者访问其他资源失败。处理步骤. 这突出了架构和配置的重要性,就像黑客入侵了一样, their movement within the network was restricted and therefore reduced the damage these cyber criminals could do.
微软Azure数据泄露
根据香料工厂发布的一篇文章, 微软的顶级云服务, Azure, 2024年2月遭遇数据泄露,影响了数百个Azure高管账户, 引发了对大型云平台安全性的担忧. 这次入侵暴露了微软安全措施中的关键漏洞, 与之前的事件类似.
攻击者利用了一个零日漏洞, cve - 2024 - 21410, 在Microsoft Exchange服务器中, which allowed them to access and misuse Windows NT Lan Manager (NTLM) hashes to impersonate legitimate users. 多达97,000台Exchange服务器容易受到此漏洞的攻击,其严重等级为9.1. 另外, 微软披露了另外两个零日漏洞:CVE-2024-21412, 安全特性绕过, 和cve - 2024 - 21351, SmartScreen绕过漏洞. 这些问题影响了2月13日更新之前的Exchange服务器版本.
The perpetrators are believed to be hacking groups from Nigeria and Russia using proxy services and phishing links embedded in documents, 主要针对中高层管理人员. 这种攻击, 涉及用户模拟, 数据提取, 金融欺诈, 这是首次在Azure平台上发生此类泄露事件.
Microsoft has since implemented measures to mitigate the impact of the breach and enhance the security of its cloud services. This incident brought Microsoft back under fresh scrutiny as a similar incident occurred in 2023 where Chinese-backed hackers were able to access sensitive data stored within the Azure platform [source: NPR]
这两起事件强调了经常性的重要性 漏洞扫描 补丁管理. Organisations looking to mitigate risks from outdated software and zero-day vulnerabilities should ensure they have a robust patch management process and conduct regular vulnerability scans across their infrastructure and applications to maintain the integrity of their estate.
拥有如此庞大且不断发展的可定制产品和功能套件, 要跟上最新的Microsoft 365安全建议是很困难的. 在一个 微软365安全评估, CyberLab can help you ensure security in your day-to-day operations by reviewing your MS365 configuration against industry-standard benchmarks from the Centre for Internet Security (CIS).
邓弗里斯和加洛韦NHS的网络攻击
数字化转型彻底改变了流程和信息管理, 尤其是在医疗保健领域. 然而,伴随着这些进步而来的是重大的网络安全挑战.
NHS Dumfries and Galloway faced significant disruptions due to a cyber attack targeting its systems. 这次袭击, 发生在2024年初, 引发了对敏感医疗数据和患者记录安全性的担忧.
尽管有关此次泄露的性质和范围的细节仍然有限, 这一事件凸显了网络攻击对关键基础设施构成的持续威胁, 特别是在医疗保健领域.
Learn about the complexities of securing healthcare organisations amidst the evolving threat landscape and discover the strategies to mitigate risks in our 保障医疗机构安全博客.
总之, the top five cyber attacks of 2024 so far serve as a stark reminder of the evolving threat landscape. By understanding these incidents and implementing a layered and strategic approach to cyber security, 组织可以更好地保护他们的员工, data, 和客户.
保持警惕, 不断更新你的防御, 并确保您的事件响应计划是稳健的,以防范未来的网络威胁.
预约30分钟免费咨询
我们的专家顾问会帮你减轻网络安全方面的压力.
无论你是否有一个紧迫的问题或大计划需要另一双眼睛, 在30分钟的免费会议中与专家顾问讨论.
