国防部、微软等等!
当我们接近2024年的一半, 我们已经目睹了几起重大的网络事件,这些事件对全球主要组织产生了深远的影响. 这些事件导致了类似MITRE的事件, 微软甚至国防部(MoD), having to answer uncomfortable questions as to how these incidents occurred.
在这个博客中, we highlight the top five cyber incidents of the year so far, 检查发生了什么, 谁受到了影响, 的影响, and the broader implications for cyber security practices. 十大正规博彩网站评级 us as we cover these major cyber incidents and explore the lessons we can learn from them.
中国政府发起的网络攻击活动
美国和英国指控中国政府间谍机构支持的黑客进行了长达一年的网络攻击活动, 针对政客, 记者, 和企业. 这个活动, 被认为是中国政府支持的黑客组织所为, 旨在窃取敏感信息, 破坏关键基础设施. 这些协同网络攻击表明,民族国家行为体构成的威胁日益严重,需要国际合作,以有效打击敌对民族国家或国家支持的网络威胁. [来源:英国《全球最大的博彩平台》]
These attacks highlight that cyber threats don’t just originate from opportunistic cyber criminals, 他们背后还有民族国家的力量. 组织需要确保他们定期审查他们的网络安全状况,以确保网络防御是最新的,并遵循当前的最佳实践. A 网络安全态势评估 能否突出组织的防御优势,并指出需要重点改进的地方.
国防部数据泄露
在一个 significant data breach reported earlier this month, 数量不详的现役和退役英国军事人员的个人信息通过国防部(MoD)使用的工资系统被获取。. The compromised data includes names, bank details, and, in some cases, personal addresses. 违反, which targeted a system managed by an external contractor, 没有涉及任何国防部的操作数据吗. Immediate action was taken to take the system offline, and investigations are ongoing. Defence Secretary Grant Shapps is set to outline a response plan, which will include measures to protect affected individuals.
Whilst it has still not been revealed as to who is behind the attack, 这一事件凸显了确保由外部承包商管理的供应链和系统安全的重要性,并证明了脆弱的产品是多么容易使最成熟的组织暴露在持续的威胁行为者面前.
网络安全的10个步骤:供应链安全
保罗克兰普顿, IASME合作伙伴服务经理十大正规博彩网站评级网络安全10步视频系列,深入探讨供应链安全.
主教法冠R&D网络渗透
这是另一个全球最大的博彩平台供应链安全的不幸故事, MITRE disclosed a significant cyber-attack in April 2024, 由国家支持的黑客利用Ivanti VPN软件的零日漏洞精心策划.
MITRE是R中的关键角色&D for US government projects and authors of the widely adopted MITRE ATT&CK框架 . 这次袭击, attributed to a Chinese cyber espionage group known as UNC5221, 目标是MITRE的NERVE(网络实验), 研究, and Virtualization Environment) an unclassified network used for research and development.
The hackers leveraged vulnerabilities CVE-2023-46805 and CVE-2024-21887, deploying sophisticated malware such as BrickStorm and BeeFlush, and used compromised administrator credentials to create rogue virtual machines.
This breach again underscores the critical importance of supply chain security, as vulnerabilities in third-party products can serve as entry points for significant cyber attacks. 希望防止这些类型攻击的组织应该有严格的漏洞管理,并确保他们使用供应链风险评估来确定最佳的第三方合作伙伴.
Despite maintaining persistence and attempting lateral movement within the NERVE infrastructure, 攻击者访问其他资源失败。处理步骤. This highlights the importance of architecture and configuration as although the hackers got in, 他们在网络中的活动受到限制,因此减少了这些网络罪犯可能造成的损害.
微软Azure数据泄露
根据香料工厂发布的一篇文章, 微软的顶级云服务, Azure, suffered a data breach in February 2024 affecting hundreds of executive Azure accounts, raising concerns over the security of big cloud-based platforms. 违反 revealed critical vulnerabilities in Microsoft’s security measures, 与之前的事件类似.
攻击者利用了一个零日漏洞, cve - 2024 - 21410, 在Microsoft Exchange服务器中, 允许他们访问和滥用Windows NT Lan Manager (NTLM)散列来冒充合法用户. Up to 97,000 Exchange servers are vulnerable to this flaw, which has a severity rating of 9.1. 另外, Microsoft disclosed two more zero-day vulnerabilities: CVE-2024-21412, 安全特性绕过, 和cve - 2024 - 21351, SmartScreen绕过漏洞. These issues affected Exchange server versions before the February 13th update.
据信,肇事者是来自尼日利亚和俄罗斯的黑客组织,他们利用嵌入文件中的代理服务和网络钓鱼链接, 主要针对中高层管理人员. 这种攻击, 涉及用户模拟, 数据提取, 金融欺诈, marks the first time such a breach has occurred on the Azure platform.
自那以后,微软已经采取了措施来减轻这次入侵的影响,并加强其云服务的安全性. 这一事件使微软重新受到审查,因为在2023年发生过类似事件,当时中国支持的黑客能够访问存储在Azure平台上的敏感数据。
这两起事件强调了经常性的重要性 漏洞扫描 补丁管理. 希望降低过时软件和零日漏洞风险的组织应确保拥有强大的补丁管理流程,并在其基础设施和应用程序中定期进行漏洞扫描,以保持其资产的完整性.
With such a vast and evolving suite of customisable products and features, it can be hard to stay up to date with the most recent security recommendations for Microsoft 365. 在一个 微软365安全评估, CyberLab可以根据互联网安全中心(CIS)的行业标准基准,审核您的MS365配置,帮助您确保日常运营的安全性。.
邓弗里斯和加洛韦NHS的网络攻击
Digital transformation has revolutionised processes and information management, 尤其是在医疗保健领域. However, with these advancements come significant cyber security challenges.
由于针对其系统的网络攻击,NHS邓弗里斯和加洛韦面临严重中断. 这次袭击, 发生在2024年初, prompted concerns over the security of sensitive healthcare data and patient records.
While details about the nature and extent of the breach remain limited, the incident underscores the persistent threat posed by cyber attacks on critical infrastructure, 特别是在医疗保健领域.
了解在不断变化的威胁环境中保护医疗保健组织的复杂性,并发现降低风险的策略 保障医疗机构安全博客.
总之, 到目前为止,2024年的五大网络攻击清楚地提醒我们,威胁形势正在演变. 通过了解这些事件并实施分层的战略方法来实现网络安全, 组织可以更好地保护他们的员工, data, 和客户.
保持警惕, 不断更新你的防御, and ensure your incident response plans are robust to safeguard against future cyber threats.
预约30分钟免费咨询
Our expert consultants are here to take the stress away from cyber security.
Whether you have a pressing question or big plans that need another pair of eyes, discuss it in a free 30-minute session an expert consultant.