無論黑客使用計算機漏洞還是惡意軟件，他們的動機都是一樣的。了解黑客入侵的原因和方式是防御的關(guān)鍵。

（Whether a hacker uses a computer exploit or malware, their motivations are the same. Understanding why and how hackers hack is key to your defense.）

了解黑客及其攻擊方式

Understanding hackers and how they attack

無論威脅如何，它都會以兩種方式之一到達您的計算機：人類攻擊或惡意軟件。人類攻擊者可以使用成千上萬的已知計算機漏洞和攻擊方法中的任何一種來破壞計算機或設(shè)備。用戶應該及時運行補丁程序，確保設(shè)備和軟件程序的更新。因為即使補丁程序可用，許多計算機和設(shè)備也會長時間處于易受攻擊狀態(tài)，這是黑客們喜歡的事實。

（Whatever the threat, it is arriving to your computer in one of two ways: human adversary or malware. Human attackers can use any of the hundreds of thousands of known computer exploits and attack methodologies to compromise a computer or device. People are supposed to run patching routines, and many devices and software programs try their best to automatically update themselves, yet many computers and devices are left vulnerable for long periods of time even after the patches are available, a fact that hackers love.）

惡意軟件程序數(shù)以億計，每天創(chuàng)建和發(fā)布數(shù)以萬計的新病毒。三種主要的惡意軟件類別是病毒（自我復制），蠕蟲（自行旅行）和特洛伊木馬程序（需要執(zhí)行最終用戶操作）。當今的惡意軟件大多通過網(wǎng)頁或電子郵件到達，往往是多個惡意軟件類的組合。通常情況下，利用系統(tǒng)的第一個惡意軟件程序只是一個“存根下載器”程序，該程序獲得初始訪問權(quán)限，然后“撥號”以獲取更多指令并下載并安裝更復雜的惡意軟件。

（Unique malware programs number into the hundreds of millions, with tens of thousands of new ones created and released each day. The three main malware categories are viruses (self-replicating), worms (self-traveling), and Trojan horse programs (which require an end-user action to execute). Today’s malware, usually arriving via web page or email, is often a combination of multiple malware classes. Often the first malware program to exploit a system is just a “stub downloader” program, which gains initial access and then “phones home” to get more instructions and to download and install more sophisticated malware.）

通常，存根程序會下載十幾種不同的新惡意軟件變體，每種變體都旨在避免反惡意軟件檢測和刪除。惡意軟件編寫者維護自己的惡意軟件多重檢測服務(wù)。類似于Google的合法Virus Total，通過連接到一個自動更新的服務(wù)，該服務(wù)會修改惡意軟件，使其無法被當前的反惡意軟件引擎檢測到。這幾乎是瞬間更新，能夠?qū)е聞?chuàng)建和分發(fā)許多“獨特”的惡意軟件程序。

（Often the stub program will download over a dozen different new malware variations, each designed to avoid antimalware detection and removal. Malware writers maintain their own malware multi-detection services, similar to Google’s legitimate VirusTotal, which is then linked to an automated updating service which modifies their malware to be undetectable by current antimalware engines. It’s this nearly instantaneous updating that causes so many “unique” malware programs to be created and distributed.）

惡意軟件編寫者或分發(fā)者也可能被雇傭來使用完全不同類型的惡意軟件感染人們的設(shè)備。 這是一個租戶的市場，如果惡意軟件控制者通過出租受損設(shè)備能比制作它們賺取更多的錢，那么他們會愿意做這件事。另外，最終控制器的風險要小得多。

（The malware writer or distributor may also be paid to infect people’s devices with completely different types of malware. It’s a renter’s market out there, and if the malware controller can make more money renting the compromised devices than they can make alone, they will do it. Plus, it’s much less risk for the controller in the end.）

許多黑客（和黑客組織）使用惡意軟件訪問整個公司或更廣泛的目標受害者，然后單獨選擇一些缺乏保護的目標來花費更多的精力。其他時候，就像大多數(shù)勒索軟件一樣，惡意軟件程序是整個蠟球，能夠在沒有任何惡意領(lǐng)導者的交互的情況下妥協(xié)和勒索金錢。一旦釋放，黑客所要做的就是收集不義之財。惡意軟件通常會被創(chuàng)建，然后被出售或租借給分發(fā)和使用它們的人員。

（Many hackers (and hacking groups) use malware to gain access across a company or much broader array of target victims, and then individually select some of the already compromised targets to spend more effort on. Other times, like with most ransomware, the malware program is the whole ball of wax, able to compromise and extort money without any interaction from its malicious leader. Once released, all the hacker has to do is collect the ill-gotten gains. Malware is often created and then sold or rented to the people who distribute and use them.）

為什么黑客入侵？

Why do hackers hack?

黑客犯罪的原因可以分為以下幾類：財務(wù)動機；民族國家贊助/網(wǎng)絡(luò)戰(zhàn)；企業(yè)間諜活動；純黑客行為；資源盜竊；玩家問題。

（The reasons why hackers commit crimes fall into these general categories:

·         Financial motivations

·         Nation-state sponsored/cyberwarfare

·         Corporate espionage

·         Hackivists

·         Resource theft

·         Gamer issues）

金融盜竊和民族國家攻擊很容易成為網(wǎng)絡(luò)犯罪的“重災區(qū)”。幾十年前，以垃圾食品為動力的孤獨青年黑客就是普通黑客的充分代表。 他們有興趣向自己和其他人展示他們可以竊取內(nèi)容或創(chuàng)建有趣的惡意軟件。他們很少能造成真正的傷害。

（Financial theft and nation-state attacks are easily the largest portion of cybercrime. Decades ago, the lone, solitary youth hacker powered by junk food was an adequate representation of the average hacker. They were interested in showing themselves and others that they could hack something or create interesting malware. Rarely did they do real harm.）

今天，大多數(shù)黑客屬于專業(yè)團體，這些專業(yè)團隊的動機是竊取有價值的東西，并且經(jīng)常造成重大傷害。他們使用的惡意軟件會盡可能被設(shè)計得具有隱蔽性，來在被發(fā)現(xiàn)之前盡可能多地竊取價值。

（Today, most hackers belong to professional groups, which are motivated by taking something of value, and often causing significant harm. The malware they use is designed to be covert as possible and to take as much of something of value as is possible before discovery.）

黑客如何入侵？

How do hackers hack?

無論他們的動機如何，黑客或其惡意軟件通常都會以相同的方式侵入并利用計算機系統(tǒng)，他們使用的漏洞利用和方法也大都相同，其中包括：社會工程學；未修補的軟件和硬件漏洞；零日攻擊；瀏覽器攻擊；密碼攻擊；竊聽；拒絕服務(wù)；物理攻擊。

（Regardless of their motivations, hackers or their malware usually break in and exploit a computer system the same way and use most of the same types of exploits and methodologies, including:

· Social engineering

·         Unpatched software and hardware vulnerabilities

·         Zero-day attacks

·         Browser attacks

·         Password attacks

·         Eavesdropping

· Denial of service

·         Physical attacks）

此列表不包括內(nèi)部威脅，意外數(shù)據(jù)泄露，配置錯誤，用戶錯誤以及與故意黑客行為不直接相關(guān)的各種其他威脅。設(shè)備受損的最常見方式是未修補的軟件和社會工程。這些威脅在大多數(shù)環(huán)境中危害絕大多數(shù)風險（超過95％）。解決這些問題，意味著你將擺脫一大堆風險。

（This list does not include insider threats, unintended data leaks, misconfiguration, user errors, and myriad other threats not connected directly to intentional hacking.  The most common ways devices are compromised are unpatched software and social engineering. These threats compromise the vast majority of the risk (over 95 percent) in most environments. Fix those issues and you get rid of a ton of risk.）

零日攻擊是黑客或惡意軟件程序利用未知的漏洞造成的。它們發(fā)生時總是具有很高的新聞價值，因為目前供應商還沒有對應的補丁。每年只有少部分被發(fā)現(xiàn)。在被發(fā)現(xiàn)，分析和修補之前，他們通常只在一家或幾家公司。對零日攻擊的利用遠比我們所知道的更多，特別在民族國家，但因為該類型的黑客使用它們時非常的謹慎，我們很少發(fā)現(xiàn)它們，因此它們可以在需要的時候一次又一次地被使用。

（Zero-day attacks, where a hacker or malware program exploits a vulnerability not known by the public, are always newsworthy when they occur because the vendor doesn’t yet have a patch for them. Only a handful of them are discovered each year. Usually, they exploit only one company, or a few companies, before they are found, analyzed, and patched. Far more zero days are probably being used, especially by nation-states, than we realize, but because they are used very sparingly by those types of hackers, we rarely discover them, and they can be used again and again when needed.）

絕大多數(shù)惡意漏洞都是通過互聯(lián)網(wǎng)進行的，并要求用戶做一些事情 - 點擊鏈接，下載并執(zhí)行文件，或者提供登錄名和密碼 - 惡意行為開始。瀏覽器安全方面的提升使得“無感知”攻擊更為少見，即當用戶訪問網(wǎng)頁或打開電子郵件時，無需任何用戶操作即可執(zhí)行威脅的情況更少。

（The vast majority of malicious exploits come through the internet and require that a user do something — click on a link, download and execute a file, or supply a log-on name and password — for the maliciousness to begin. Browser security improvements have made less common “silent drive-by” attacks, where a threat executes without any user action when a user visits a web page or opens an email.）

防止黑客入侵

Protection from hackers

無論他們的動機如何，擊敗黑客和惡意軟件的關(guān)鍵在于關(guān)閉那些讓它們成功的漏洞的根源?？纯瓷厦媪谐龅膶е侣┒吹母?，確定哪些攻擊對你的組織最致命，然后創(chuàng)建或改進現(xiàn)有的防御措施以最小化它們。如果你能做到這一點，你將構(gòu)建一道絕對堅實的安全防御。

（A key to defeating hackers and malware, regardless of their motivation, is to close the root cause exploit holes that allow them and their malware to be successful. Take a look at the root cause exploits listed above, determine which ones are used the most against your organization, and then create or improve existing defenses to minimize them. If you can do that, you’ll build a solid security defense second to none.）

了解更多行業(yè)資訊，請關(guān)注聯(lián)軟科技官方微信