2019 安全事件响应观察报告 Cybersecurity Incident Response Insights i g u th 5 b m o .c 关于绿盟科技 北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于 2000 年 4 月,总部位于北京。 在国内外设有 30 多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户, 提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。 基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理 等领域,为客户提供入侵检测 / 防护、抗拒绝服务攻击、远程安全评估以及 Web 安全防护等产品 以及专业安全服务。 北京神州绿盟信息安全科技股份有限公司于 2014 年 1 月 29 日起在深圳证券交易所创业板上 市交易。 股票简称:绿盟科技 股票代码:300369 u th i g 特别声明 5 b 为避免合作伙伴及客户数据泄露,所有数据在进行分析前都已经过匿名化处理,不会在中 间环节出现泄露,任何与客户有关的具体信息,均不会出现在本报告中。 m o .c 2019 年安全事件响应观察报告 目录 CONTENTS 目录 1. 前言 ······································································································································································1 2. 网络安全形势分析 ················································································································································4 2.1 国家级安全演练效果明显 ·························································································································································· 5 2.2 关键基础设施成为黑客攻击的重点目标 ·································································································································· 7 m o .c 2.3 经济利益是黑客攻击主要驱动力 ············································································································································ 10 2.4 勒索软件即服务势头迅猛 ························································································································································ 11 2.4.1 完善的产业链 ····························································································································································································11 2.4.2 低风险高收益 ····························································································································································································14 5 b 2.4.3 建议 ············································································································································································································15 2.5 黑链暗链事件的爆发式增长 ···················································································································································· 15 2.5.1 现状 ············································································································································································································16 u th 2.5.2 利益链 ········································································································································································································17 2.5.3 建议 ············································································································································································································18 2.6 恶意程序隐藏技术在革新发展 ················································································································································ 19 i g 2.7 入侵事件平均潜伏时间高达 359 天 ······································································································································· 20 2.8 人和管理成为主要入侵突破口 ················································································································································ 23 3. 安全漏洞变化趋势 ··············································································································································27 3.1 高危漏洞 PoC 公开数量增多 ··················································································································································· 28 3.1.1 微软远程桌面服务远程代码执行漏洞(CVE-2019-0708) ···············································································································29 3.1.2 Confluence SSRF 及远程代码执行漏洞 ················································································································································30 3.1.3 WinRAR 代码执行漏洞 ············································································································································································31 3.2 0day 漏洞频繁爆发 ···························································································································

pdf文档 绿盟 2019年安全事件响应观察报告

文档预览
中文文档 80 页 50 下载 1000 浏览 0 评论 0 收藏 3.0分
温馨提示:本文档共80页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
绿盟 2019年安全事件响应观察报告 第 1 页 绿盟 2019年安全事件响应观察报告 第 2 页 绿盟 2019年安全事件响应观察报告 第 3 页
下载文档到电脑,方便使用
本文档由 路人甲 于 2022-07-17 01:17:40上传分享
加微信群 有优惠
站内资源均来自网友分享或网络收集整理,若无意中侵犯到您的权利,敬请联系我们微信(点击查看客服),我们将及时删除相关资源。