• 聊天现在
  • 请求的信息 马上申请
即时聊天
可用
给我们打电话

给我们发个短信

855.890.3001

855.890.3001

8种网络安全威胁

 

德锐大学

2023年5月17日
7分钟阅读

信息 systems and the devices or infrastructure they’re connected to can be put in harm’s way by a variety of cyber security threats, 常指改变, 破坏或窃取敏感或个人数据. 

 

在本文中, we will describe 8 common cyber security threats and discuss how you can take steps to prepare yourself or your organization against them.

中间人(MITM)攻击

在第一个几个 网络安全攻击 我们将讨论, 攻击者将自己置于两方之间, 不管是人, 网络或计算机. MITM攻击通常是无声的,并且在受害者不知情的情况下进行. 

不为任何一方所知, the attacker spies on their interactions and may collect data from the participants’ devices without them noticing anything out of the ordinary. In some cases, the attacker might use a bot to generate seemingly legitimate messages to the targets. 

拒绝服务(DoS)和分布式拒绝服务(DDoS)攻击

是什么 主要区别 在这些类型的攻击之间? DoS攻击本质上是系统对系统的攻击, 而DDoS攻击涉及多个系统攻击单个目标系统. A denial-of-service (DoS) attack is designed to flood a website with traffic from illegitimate requests, 使网站不可用,并中断目标业务的正常进程. Distributed denial-of-service (DDoS) attacks are launched by a network of malware-infected host machines controlled by the attacker. 

In either attack, the targeted site is overwhelmed by the volume of bot-generated requests. 它崩溃或冻结,无法为合法客户提供服务. This often results in the site coming offline, which can then leave it vulnerable to other attacks. 

亚马逊网络服务是一个 重大DDoS攻击 例如,在2020年2月,他们使用了他们的AWS Shield服务来帮助缓解这种情况. The company stated that the peak point of the attack had been 44% larger than anything they had seen before.

结构化查询语言(SQL)注入

SQL注入是对依赖数据库的网站的网络安全威胁. In this type of attack, a command is introduced into a data plane in place of a password or login. 然后,数据库所在的服务器运行该命令, 让网络罪犯得以侵入系统. A successful SQL injection can have several different results: sensitive data can be released, 修改或删除. 攻击者还可以命令系统关闭, 哪个会中断数据库和的功能, 反过来, 破坏连接到它的网站的功能.

恶意软件

几种类型的网络安全威胁涉及恶意软件或包含 恶意代码. 这种类型的软件感染计算机并改变其工作方式. It can cause the destruction of data, spy on the computer’s users and spread across networks. 在恶意软件攻击中,恶意软件必须安装在目标设备上. Users are often tricked into installing malware on devices by opening email attachments that appear to be legitimate but actually contain malware like spyware, 哪家公司会根据电脑用户的击键或上网行为来监控和收集数据.

Ransomware

Ransomware is another type of cyber security threat with a name that describes exactly what it is. 在勒索软件攻击中, the victim’s computer system and their access to their data are held hostage by the attacker, 谁会在恢复受害者的系统访问权限前要求支付赎金. The ransomware is typically introduced into the targeted system through a website or email attachment. Ransomware is written to exploit vulnerabilities that haven’t been identified or addressed by an organization’s cyber security team and is sometimes designed to evade traditional antivirus software.

DNS攻击

在DNS欺骗中, DNS records altered by a cybercriminal send traffic to a phony website that mimics or impersonates a genuine site. 在这样的网络安全攻击中, 黑客依靠网站访问者永远不会意识到网站是不真实的. 一旦他们登陆了被恶搞的网站, they may enter sensitive information like login credentials or credit card profiles that can be used or sold by the hackers. The attackers could also construct a poor-quality site or one containing offensive content to damage a targeted business’ reputation.

社会工程

Social engineering is the term used to describe cyber security threats that exploit human nature. 社会工程网络罪犯常用的方法包括网络钓鱼攻击, in which the attackers pretend to be a trusted organization or individual and trick the targeted individual into providing personal data or downloading an attachment containing malware. Phishing can be deployed as a wholesale attack intended to cover a broad population of computer users, 而鱼叉式网络钓鱼是针对个人的攻击. 

网络犯罪分子决心破坏, 损坏或中断数据流, 或者通过访问登录信息获得经济利益. 在其他类型的社会工程攻击中, the hacker manipulates an unsuspecting target into taking an action by posing as someone in authority or conveying messages that put them into a heightened emotional state. 例如, they might masquerade as a legitimate IT professional trying to complete a time-sensitive support task and try to trick the target into providing confidential information like their login credentials. 一旦信息安全,他们就可以重置密码并访问他们的网络.

Cyber-Physical攻击

在我们日益互联的物联网世界中, many physical systems that were once separated are now interconnected and can be managed remotely using a single point of entry. 对于老练的黑客来说,这是一个目标丰富的环境. 在网络物理攻击中, the data breach results in the manipulation of a physical system which could be as large as a gas and oil pipeline or as small as an individual’s medical device. 

在美国和国外,这些网络安全威胁的几个例子包括:

  • 2021年 殖民管道网络攻击, which caused the shutdown of a major oil and gas pipeline in the United States and highlighted weaknesses in its infrastructure.

  • 2016年 ransomware攻击 反对旧金山市政交通局的轻轨服务, 影响了实体售票机并导致支付系统暂停.

  • A 2015 德国钢铁厂的网络攻击 这对一个高炉造成了重大损害,并扰乱了多个系统.

  • Russian-based 电网网络攻击 2015年和2016年,乌克兰20多万人的电力供应被切断.

如何应对网络安全威胁

保护您的个人信息,抵御网络安全威胁, 即使是基本的预防措施也是有效的. These can be applied whether you are networked with colleagues in a large organization or using your own devices for shopping and bill paying. 

杀毒软件制造商诺顿建议 3个基本步骤 在网络攻击或数据泄露发生之前采取的措施:

  1. 保护你的文件和设备. 这可以通过保持软件更新来实现, 通过强大的备份设备或云服务保护您的文件, encrypting your devices and using multifactor authentication (like 2FA) on important accounts where login credentials are used. 

  2. 确保你的无线网络安全 from snooping cybercriminals by using a strong individual password for your router instead of the one that came with it from the factory and using strong encryption to protect the information sent over your network. WPA2和WPA3都是强大的加密形式.  

  3. 采用智能网络安全措施 比如使用强密码, 避免在多个帐户上使用相同的密码, 使用VPN(虚拟专用网络),及时了解网络安全威胁, 它们一直在进化. 组织也应该考虑购买网络保险. 

另一个明智的网络安全威胁防御是在管理电子邮件时保持警惕. Never open an email attachment without fully understanding what it is and confirming that it comes from a trusted source.

准备在DeVry追求网络防御者的职业生涯

如果你想学习保护网络和系统免受网络攻击,我们可以帮助你. 我们的网上 网络安全本科证书 涵盖操作系统的概念,信息保障政策,道德黑客和更多. 这个100%的在线课程可以帮助你培养评估网络威胁所需的技能, 制定对策和设计安全流程. 如果你对获得学位感兴趣,考虑我们的 网络安全和网络副学士, 网络安全编程专业学士学位 or 网络安全专业学士学位 哪些可以帮助你发展更高级的技能. 

让我们在下一节课中讨论如何开始. 

过滤博客文章类别

相关的帖子