Worldwide cyberattack described as 'unprecedented' affects 99 countries

yy123456

初级会员
注册
2016-01-03
消息
773
荣誉分数
188
声望点数
53
小心一点了,似乎很厉害。
http://www.cbc.ca/news/world/cyberattack-nsa-britain-1.4114063

Schools, hospitals, manufacturers and transportation systems infected by the malware

Thomson Reuters Posted: May 13, 2017 6:02 AM ET Last Updated: May 13, 2017 11:46 AM ET

ransomware.PNG

A cyberattack using leaked NSA hacking tools had affected 99 countries by Saturday morning, security firm Avast said. (@fendifille/Twitter)

A global cyberattack described as unprecedented in scale forced a major European automaker to halt some production lines while hitting schools in China and hospitals in Indonesia on Saturday, though it appeared to die down a day after its launch.

Capitalizing on spying tools believed to have been developed by the NSA, the cyberassault has infected tens of thousands of computers in nearly 100 countries, with Britain's health system suffering the worst disruptions.

Cyber extortionists tricked victims into opening malicious attachments to spam emails that seemed to contain invoices, job offers, security warnings and other legitimate files.

Once inside the targeted network, so-called ransomware made use of recently revealed spy tools to silently infect other out-of-date machines without any human intervention. This, security experts said, marked an unprecedented escalation in the risk of fresh attacks spreading in the coming days and weeks.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Researchers observed some victims paying via the digital currency bitcoin, though no one knows how much may have been transferred to extortionists because of the largely anonymous nature of such transactions.

Researchers with security software maker Avast said they had observed 126,534 ransomware infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.

The hackers, who have not come forward, took advantage of a worm, or self-spreading malware, by exploiting a piece of NSA spy code known as "Eternal Blue" that was released last month by a hackers group known as the Shadow Brokers, according to researchers with several private cyber security firms.
 
http://news.sina.com.cn/o/2017-05-13/doc-ifyfecvz1223407.shtml

二、应急处置措施

  根据CNVD秘书处普查的结果,互联网上共有900余万台主机IP暴露445端口(端口开放),而中国大陆地区主机IP有300余万台。CNCERT已经着手对勒索软件及相关网络攻击活动进行监测,目前共发现有向全球70多万个目标直接发起的针对MS17-010漏洞的攻击尝试。

  据此,建议广大用户及时更新 Windows已发布的安全补丁,同时在网络边界、内部网络区域、主机资产、数据备份方面做好如下工作:

  (一)关闭445等端口(其他关联端口如: 135、137、139)的外部网络访问权限,在服务器上关闭不必要的上述服务端口;

  (二)加强对445等端口(其他关联端口如: 135、137、139)的内部网络区域访问审计,及时发现非授权行为或潜在的攻击行为;
 
后退
顶部