很多人非常关注黑客大战,咱们就借助下面这个黑客攻击数据可视化网站说说黑客世界的那点事。
网址:http://map.ipviking.com/
图上圆圈和方向,主要是代表一种现行最常见的攻击方式DDOS,也就是所谓的分布式拒绝攻击服务。什么意思呢,就是大量的主机和客户端向一个主机发起了很多请求,因为太多了,被请求的目标主机就处理不过来从而当机了。因此它的正常业务反倒是不能开展,造成了系统的崩溃。举例说,你用一个QQ可以和一两个美女同时聊天,若是同时有一万个美女都向你发起视频请求,你估计就流鼻血而亡了。 如果还不懂,就参照春运期间的12306火车订票系统。
圆圈越大,发起链接的数量也就越多。发起攻击的方式主要是采用肉鸡的方式。所谓的肉鸡就是中毒的电脑。如果我是一个黑客,我会在某一段时间内通过散步一些非法的程序、木马、应用在很多电脑上下了病毒,平时并不用,对电脑也没有影响,这个电脑就是肉鸡。但是如果我一旦需要,就启动某一个特殊代码,然后所有中毒的电脑同时朝一个目标发起了请求,你甚至不知道自己的电脑正在攻击别人。
所以这个产品链也就来了,有的黑客专门下木马控制很多电脑,也就是生产肉鸡,然后将肉鸡卖给第二种黑客。第二种黑客利用肉鸡转做坏事,比如攻击银行、门户网站、服务器等,已达到他不可告人的目的。
图中的中美黑客大战主要是这种方式,不过说句实话,国内的大部分电脑是不安全的,很容易被人下了病毒,而且这些电脑都控制在国外的很多黑客的手中。当然我们国内的黑客也经常干这种事情,也给老美、欧洲下毒。大伙儿打来打去,无非就是拼谁控制的肉鸡多,谁的资源多等等,技术含量也算不上高。一般情况下,黑客之间的战斗都是一些半外行的战斗,就是一些非专业黑客掌控了一些肉鸡的人喜欢显摆,真正的大黑客反倒是低调,或者闷头大发财,或者被国家招安去做网络战士了。
而在国家之间,根据流量分析,中俄等国家喜欢一起结盟打老美,欧美日喜欢结盟打中俄,奇怪是韩国,既有打中国的也有打日本的,还有一部分人朝美国发起攻击,实在是奇怪的国家。更奇怪的是欧洲,经常有一些来自西班牙的IP朝英国、德国发起攻击,甚至也对美国发起了逆袭,西方国家真是......
PS:有一些零星的来自非洲、中东的或者一些鸟不拉屎的地方的攻击线,很多情况下并不是真的是他们本国的人发起的,可能是黑客控制的肉鸡发起的。当然中东的以色列除外。以色列这个国家很牛,电脑技术尤其是网络安全技术很牛逼,很多的网络安全防护技术都是从以色列传出来的。我就和以色列的一些公司打过交道,也不知道他们的这些技术从哪里来的,传闻是摩萨德搞出来专门攻击伊朗伊拉克,后来流传到民间的。老外经常干一些事情,比如美国的一些顶级黑客,专门控制中国的肉鸡来攻击美国的服务器,祸水东引,让美国政府和中国政府扯皮,人家偷偷渔利。所以说,能够将政府玩弄于鼓掌的黑客,才是真正的黑客。
另外还有卡巴斯基官网的一个数据攻击统计,做的也很好,全球视野,大家感兴趣的话可以看看:
http://cybermap.kaspersky.com/
附上黑客数据可视化介绍:
SAN MATEO, Calif., May 15, 2014 /PRNewswire/ -- Norse, a leading provider of live threat intelligence-based security solutions, today announced that it is a founding member of the Medical Identity Fraud Alliance (MIFA). MIFA is the first cooperative public/private sector effort created specifically to unite all stakeholders in jointly developing solutions and best practices for the prevention, detection and remediation of medical identity fraud. Such fraud by hackers and sophisticated criminal organizations is increasing as the value of Protected Health Information (PHI) increases. Bad actors can sell PHI for financial gain and can also use it to obtain medical goods and services.
TWEET THIS: Just announced: @NorseCorp founding member of Medical Identity Fraud Alliance (MIFA) #InfoSec
MIFA is dedicated to helping its members better protect their organizations and consumers from medical identity theft via focused direct prevention and resolution mechanisms. The use of an individual's name and identity to fraudulently receive medical services can cause financial, physical and emotional damage and puts pressure on the healthcare and financial ecosystems. Victims include not only those whose identity is stolen but also healthcare providers, insurance companies and taxpayers. The Alliance aims to manage the impact of identity fraud through stakeholder-coordinated research and education as well as by increasing awareness of the issue and developing tools and procedures to prevent such fraud. MIFA also provides leadership to mobilize the healthcare ecosystem, research the problem, guide solution-building and more.
Joining MIFA is an extension of Norse's ongoing interest in the issue of medical identity fraud. In association with SANS, the most trusted and largest source for information security training, Norse recently produced the SANS-Norse Healthcare Cyberthreat Report. Developed with intelligence gathered by the Norse global threat intelligence platform, the report revealed that successful attacks have compromised networks and Internet-connected devices in every healthcare category from providers to clearinghouses. The effects of these compromises and breaches are serious, ranging from theft of patients' social security numbers and home addresses to the manipulation of medical devices used to administer critical care. Poor security also has financial consequences; it places a significant financial burden on patients, drives additional healthcare costs and can lead to massive fines.
"The security of protected health information (PHI) is an important issue that requires the collaboration and commitment of organizations across the healthcare ecosystem," said Ann Patterson, SVP and program director, MIFA. "Research, such as the work done by SANS with the support of Norse, is critical to understanding the issues that will drive both technical and operational progress to fight medical identity theft and fraud. MIFA is pleased that Norse has joined our organization as a founding member."
"Norse believes it is important to join MIFA as a founding member, as we are very conscious of the state of healthcare IT security at present," stated Sam Glines, Norse CEO and co-founder. "An increasingly alarming number of attacks are being perpetrated against healthcare organizations, and the defenses in place are not nearly enough to protect against them. Organizations like MIFA are vital to help organizations in the healthcare field find the most comprehensive and effective ways to properly protect critical data."
Norse helps organizations identify compromised devices and networks with its global threat intelligence infrastructure, a network of more than six million sensors and next-generation honeypots located in 38 global data centers and 20 major internet exchanges. This infrastructure, which detects malicious IP emanating from compromised organizations and immediately traces it back to the owner, is at the heart of Norse's services:
The Norse IPViking™ is a patent-pending SaaS service that drastically reduces fraud and improves existing security solutions' ability to detect and block cyberthreats and advanced malware before they enter the network. The service gathers 'dark intelligence' from the internet where bad actors operate and provides a risk-weighted scoring system for improved decision making.
Norse Darklist™, a live, continuously updated list of the most dangerous IP addresses on the internet, enables organizations to protect their networks from external bad actors. Darklist leverages IPViking to deliver a compilation of about four million addresses, each assigned a risk score, from around the globe and spanning the entire Internet.
On Thursday, March 6, SANS and Norse co-hosted a webinar based on their co-sponsored healthcare IT report to discuss "Exposing Malicious Threats to Healthcare IT." Specifically, Norse and SANS discussed what types of sites, endpoints and devices in the healthcare community are actually infected, stealing information and hosting other malicious activities. More information and the link to the webcast can be found here: https://www.sans.org/webcasts/exposing-malicious-threats-health-care-97320
In addition, on Tuesday, May 20, Norse and MIFA will co-host a webinar to discuss IT compromises in the healthcare world through the Internet of Things. Norse's Jeff Harrell and SANS' Barbara Filkins, who were co-authors of the aforementioned report, will host.
About Norse
Norse is the leading innovator in the live threat intelligence security market. With the goal of transforming the traditionally reactive IT security industry, Norse offers proactive, intelligence-based security solutions that enable organizations to identify and defend against the advanced cyberthreats of today and tomorrow. Norse's synchronous, global platform is a patent-pending infrastructure-based technology that continuously collects and analyzes real-time, high-risk Internet traffic to identify the sources of cyber attacks and fraud. Norse is the only provider of live, actionable, cyberthreat intelligence that enables organizations to prevent financial fraud and proactively defend against today's most advanced cyber threats including zero day and advanced persistent threats. Norse has offices in Silicon Valley, St. Louis, and Atlanta. Visit us online at http://norse-corp.com/.
About Medical Identity Fraud Alliance
MIFA is dedicated to helping its members better protect their organizations and consumers from medical identity theft and the resulting fraud. Members provide leadership to: mobilize the healthcare ecosystem; cooperate to leverage collective power; research to adequately understand the problem and guide solution building; educate consumers, industry, legislators and regulators; and empower individuals to be the first line of defense in protecting their PHI. More information can be found at http://medidfraud.org/.
Media Contact:
Phil Lanides
Trainer Communications
925-271-8223
norse@trainercomm.com
Logo - http://photos.prnewswire.com/prnh/20131212/AQ32329LOGO
SOURCE Norse
RELATED LINKS
http://www.norse-corp.com/