企业培训资讯_企业培训干货

当前位置:首页 > 名师团队

黑客利用远程登陆软件盗取信用卡信息-350vip浦京集团官网

发布时间:2021-05-03    来源: 350vip浦京集团官网1052

本文摘要:SAN FRANCISCO — The same tools that help millions of Americans work from home are being exploited by cybercriminals to break into the computer networks of retailers like Target and Neiman Marcus.旧金山——协助数以百万计的美国人从家里下班的某种程度工具于是以被网络犯罪分子利用,沦为入侵塔吉特百货(Target)和尼曼(Neiman Marcus)等零售商计算机网络的手段。

SAN FRANCISCO — The same tools that help millions of Americans work from home are being exploited by cybercriminals to break into the computer networks of retailers like Target and Neiman Marcus.旧金山——协助数以百万计的美国人从家里下班的某种程度工具于是以被网络犯罪分子利用,沦为入侵塔吉特百货(Target)和尼曼(Neiman Marcus)等零售商计算机网络的手段。The Homeland Security Department, in a new report, warns that hackers are scanning corporate systems for remote access software — made by companies like Apple, Google and Microsoft — that allows outside contractors and employees to tap into computer networks over an Internet connection.美国国土安全部在一份新的报告中警告说道,黑客在搜查企业计算机系统以找到其中的远程访问软件,这类软件由苹果(Apple)、谷歌(Google)和微软公司等公司获取,能让外部承包商和公司员工通过互联网转入公司的计算机网络。

350vip浦京集团

350vip浦京集团

350vip浦京集团

When the hackers discover such software, they deploy high-speed programs that guess login credentials until they hit the right one, offering a hard-to-detect entry point into computer systems.当黑客找到这种软件后,他们用于较慢猜测指定信息的程序,直到遇上一个准确的,这就给他们获取了一个无法揭穿的打入计算机系统的切入点。The report, which Homeland Security produced with the Secret Service, the National Cybersecurity and Communications Integration Center, Trustwave SpiderLabs, an online security firm based in Chicago, and other industry partners, is expected to be released on Thursday. It provides insight into what retailers are up against as hackers find ways into computer networks without tripping security systems.这份报告是国土安全部与其他部门合作产生的,合作单位还包括特勤局(Secret Service)、国家网络安全和通信构建中心(National Cybersecurity and Communications Integration Center)、总部设于芝加哥的在线安全性公司Trustwave SpiderLabs,以及其他行业的合作伙伴,报告预计于周四发布。它为零售商面对的挑战获取了了解理解,黑客在找寻不启动时安全性系统报警的方法转入计算机网络。

350vip浦京集团

It is also a reminder that a typical network is more a sprawl of loosely connected computers than a walled fortress, providing plenty of vulnerabilities — and easily duped humans — for determined hackers.报告也警告人们,典型的网络由牢固相连的计算机构成,不是一个有围墙的堡垒,对有决意的黑客来说,这样的网络不存在着大量的漏洞,还有更容易随便的用户。“As we start to make more secure software and systems, the weakest link in the information chain is the human that sits on the end — the weak password they type in, the click on the email from the contact they trust,” said Vincent Berq of FlowTraq, a network security firm.“随着我们开始把软件和系统显得更加安全性,信息链中最脆弱的环节就是那些躺在用户端的人:他们键入很弱密码,他们页面所信任的联系人发去的电子邮件,”网络安全公司FlowTraq的文森特·伯尔克(Vincent Berq)说道。

350vip浦京集团

While the report does not identify the victims of these attacks, citing a policy of not commenting on current investigations, two people with knowledge of these investigations say that more than a dozen retailers have been hit. They include Target, P. F. Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply, and as recently as this month, Goodwill Industries International, the nonprofit agency that operates thrift stores around the country.虽然这份报告援引不评论目前调查的政策为由,没说明反击的受害者,但两位对调查知情的人士说道,有十多家零售商都受到过网络攻击,还包括塔吉特百货、华馆(P. F. Chang)、尼曼、迈克尔斯公司(Michaels)、莎莉美容用品(Sally Beauty Supply),以及直到本月还接受反击的国际心意企业(Goodwill Industries International),这是一家在美国各地的经营旧货店的非营利机构。Once inside the network, the hackers deploy malicious software called Backoff that is devised to steal payment card data off the memory of in-store cash register systems, the report says. After that information is captured, the hackers send it back to their computers and eventually sell it on the black market, where a single credit card number can go for $100.报告说道,黑客一旦转入网络,他们用于一个取名为Backoff的恶意软件,从店内缴银器系统的内存上盗取支付卡的数据。在捕捉到这些信息后,黑客将其发送到返自己的计算机,并最后将信息在黑市出售,一个信用卡号在黑市上可卖到100美元(相等于620元人民币)。

350vip浦京集团

In each case, criminals used computer connections that would normally be trusted to gain their initial foothold. In the Target breach, for example, hackers zeroed in on the remote access granted through the retailer’s computerized heating and cooling software, the two people with knowledge of the inquiry said.在每次这种反击中,犯罪分子用的都是一般来说被信任的相连,让他们取得进入计算机的最初立足点。比如,在塔吉特百货的例子中,让黑客钻空子的,是该零售商计算机化的制热制冷系统软件的远程指定许可,两位理解调查情况的人回应。In an interview, Brad Maiorino, recently hired as Target’s chief information security officer, said a top priority was what he called “attack surface reduction.”在拒绝接受记者专访时,塔吉特百货最近聘用的首席信息安全官布拉德·努奥里诺(Brad Maiorino)回应,当务之急是他称作“增加不受攻击面”的工作。

350vip浦京集团

“You don’t need military-grade defense capabilities to figure out that you have too many connections,” Mr. Maiorino said. “You have to simplify and consolidate those as much as possible.”努奥里诺说道,“你不必须军用级的防御能力就告诉你有过于多的相连。你必须尽量地修改和拆分这些相连。

350vip浦京集团

350vip浦京集团

350vip浦京集团

”The Secret Service first discovered the Backoff malware (named for a word in its code) in October 2013. In the last few weeks, the agency said that it had come across the malware in three separate investigations. Most troubling, the agency said that even fully updated antivirus systems were failing to catch it.特勤局是在2013年10月首次找到Backoff这个恶意软件的(其名称来自软件编码中的一个词)。该机构回应,在过去几周里,它已在三个有所不同的调查中遇上这个恶意软件。该机构说道,最令人不安的是,就连全面改版的防病毒系统都没能追查这个恶意软件。Low detection rates meant that “fully updated antivirus engines on fully patched computers could not identify the malware as malicious,” the report concluded.较低追查亲率意味著“打了所有补丁的计算机系统上的全面改版的防病毒引擎无法辨识这个恶意软件是蓄意的”,上述报告的结论说道。

350vip浦京集团

350vip浦京集团官网

350vip浦京集团

Backoff and its variants all perform four functions. First, they scrape the memory of in-store payment systems for credit and debit card “track” data, which can include an account number, expiration dates and personal identification numbers, or PINs.Backoff及其变异版本都有四项功能。首先,它们从店内缴纳系统的内存中提供信用卡和借记卡的“踪迹”数据,这些数据有可能还包括账户号、有效期,以及个人识别码(全称PIN)。The malware logs keystrokes, as when a customer manually enters her PIN, and communicates back to the attackers’ computers so they can remove payment data, update the malware or delete it to escape detection.这个恶意软件能记录按键动作,比如一个顾客用手输出自己的PIN这种动作,把其传到攻击者的计算机,使他们需要获得缴纳数据,改版恶意软件或将其移除以免被找到。

350vip浦京集团

The hackers also install a so-called backdoor into in-store payment machines, ensuring a foothold even if the machines crash or are reset. And they continue to tweak the malware to add functions and make it less detectable to security researchers.黑客还在店内缴付机上安装所谓的后门软件,保证即使在机器死机或重置后仍能转入系统。他们大大调整恶意软件,加添新功能,使其更加容易被研究计算机安全的人察觉到。

350vip浦京集团

Security experts say antivirus software alone will not prevent these attacks. They recommend companies take what is called a “defense in depth” approach, layering different technologies and empowering security professionals to monitor systems for unusual behavior.安全性专家说道,杀毒软件本身并无法制止这些反击。他们建议公司采行所谓的“两翼防卫”方法,用有所不同层次的技术,许可安全性专家来监视系统中的不奇怪不道德。Among the report’s recommendations: Companies should limit the number of people with access to its systems; require long, complex passwords that cannot be easily cracked, and lock accounts after repeated login requests.这份报告的建议还包括:公司不应容许指定其系统的人数;拒绝指定者用于无法被只能密码的宽且简单的密码,经常出现多次重复的指定催促后封锁帐户。

350vip浦京集团

The report also suggests segregating crucial systems like in-store payment systems from the corporate network and making “two factor authentication”— a process by which employees must enter a second, one-time password in addition to their usual credentials — the status quo.报告还建议,把关键系统,比如店内缴纳系统,与企业的网络隔绝,让“双重证书”程序沦为常态,“双重证书”所指的是除了一般来说必须的指定密码外,员工必需另外输出第二个、重复使用的密码。The report also recommends encrypting customers’ payment data from the moment their cards are swiped at the store, logging all network activity and deploying security systems that can alert staff to unusual behavior, like a server communicating with a strange computer in Russia.报告还建议,从顾客在商店刷卡的那一刻起就加密客户的缴纳数据,记录所有的网络活动,落成有出现异常不道德时,比如一台服务器与一个俄罗斯的陌生计算机通信,能警告有关人员的安全性系统。At Target, Mr. Maiorino said he planned to build a security program as tough as what was expected from military contractors.努奥里诺说道,他计划在塔吉特百货创建一个强度可超过军事承包商所拒绝的安全性系统。“All of the same tools and techniques that nation states are using for attacks have been commoditized and are available for sale in the black market,” Mr. Maiorino said. “And for the right amount of money you can go out and create a cybercrime ring at a relatively low cost.”“与国家用于的网络攻击工具和技术完全相同的东西都早已商品化了,而且都在黑市上有卖的,”努奥里诺说道。

350vip浦京集团

“只要有充足的钱,你就可以去用比较较低的成本重新组建一个网络犯罪团伙。

350vip浦京集团


本文关键词:350vip浦京集团,350vip浦京集团官网

本文来源:350vip浦京集团-www.pwtrck.net

分享到:
相关推荐MORE+
07-31 【350vip浦京集团官网】人民币兑美元中间价报6.6152,上调66基点,结束十连降。

本文摘要: 12月11日,rmb币值美元中间价报6.6152,较上一个交易日掉价66个基准点,完成了先前的十天连降。12月11日,rmb币值美元中间价报6.6152,较上一个交易日掉价66个基准点,完

07-31 【350vip浦京集团官网】Manhole韩剧哪里可以看?金在中穿越阻止婚礼

本文摘要:KBS新的水木剧《Manhole》于8月9日晚开播,由李再坤导演,朴万英、刘英恩导演,金在中、金宥真为、郑惠成、车贤玗等出演,本剧关键描绘为了更好地制止一周以后的婚宴,而根据任意穿过往来于以

07-31 天津卫视《远大前程》收官在即 “大男主”+“双女主”打造黄金口碑:350vip浦京集团官网

本文摘要: 今夜,由芒果影视、宁波象山齐天大圣、骋亚影视制作带头荣誉出品,陈思诚、袁弘、佟丽娅、郭采洁领街的时代热血传奇剧《远大前程》将在天津卫视踏入结局。今夜,由芒果影视、宁波象山齐天大圣、骋亚影视

07-31 知情人士曝是具惠善先提出的离婚 安宰贤不想对外声张|350vip浦京集团

本文摘要:8月18日日本明星夫妇安宰贤与具惠善宣布再婚,月完成了三年的婚后生活,两人再婚的消息公布发布以后也让网民们十分的气愤,曾一度那麼相爱的两人最终却以再婚收尾,显而易见令人没法拒不接受,而具惠善

《300自走棋》当Moba游戏做自走棋 谁能成为下一个爆:350vip浦京集团官网 350vip浦京集团:小道消息称PS5多项硬件性能高于Xbox Series X
热门文章
火猫专访PUBG PIT唯一中国队King:毫不畏惧FaZe液体等强队-350vip浦京集团官网
明星解说、选手带你回顾经典,重温热血战役!【350vip浦京集团官网】
LOL外媒预测:下一个新英雄会是亚索的哥哥“逐风者永恩”吗?-350vip浦京集团
8K投影离我们有多远?多种问题亟需解决:350vip浦京集团
在区块链上运行程序,到底是啥意思?DAPP到底是什么?
350vip浦京集团_Slack创始人的盛世危言
350vip浦京集团官网_诏安县启动中小学教师信息技术能力提升工程
350vip浦京集团官网|DIY系列之:国外牛人教你快速打造首台机器人(图)
法师打团谁强?貂蝉甄姬只能排到A级,SSS级的她你买不到!【350vip浦京集团官网】
AG无痕关羽首秀,0/4评分仅3.0,整场比赛几乎跑不起来,真的老了|350vip浦京集团官网
姿态潜入青铜局,却完美融入其中,对线被直接打崩:真太羞耻了!_350vip浦京集团
东芝工厂种植生菜,没有阳光也没有土壤_350vip浦京集团官网
350vip浦京集团官网-郑州高新区将新建13所中小学预计明后两年投用
350vip浦京集团-新密市2019年新招录初中教师岗前培训开班仪式圆满举行
350vip浦京集团-终结全面屏屏下摄像头手机或于明年推出
客户案例
×