How intrusions compromise your system
如何入侵會危害您的系統
In this section of the course, you learned that every network has inherent vulnerabilities and could become the target of a network attack.
在本課程的這一部分中,您了解到每個網路都有固有的漏洞,可能成為網路攻擊的目標。
Attackers could have varying motivations for attacking your organization’s network. They may have financial, personal, or political motivations, or they may be a disgruntled employee or an activist who disagrees with the company's values and wants to harm an organization’s operations. Malicious actors can target any network. Security analysts must be constantly alert to potential vulnerabilities in their organization’s network and take quick action to mitigate them.
攻擊者可能因不同的動機而攻擊您組織的網路。他們可能有財務、個人或政治動機,或者可能是對公司價值觀不滿的員工或活動家,想要損害組織的運作。惡意行為者可以針對任何網路。安全分析師必須時刻警惕組織網路中的潛在漏洞,並迅速採取行動來減輕這些漏洞。
In this reading, you’ll learn about network interception attacks and backdoor attacks, and the possible impacts these attacks could have on an organization.
在這篇閱讀中,您將了解網路攔截攻擊和後門攻擊,以及這些攻擊可能對組織造成的影響。
Network interception attacks
網路攔截攻擊
Network interception attacks work by intercepting network traffic and stealing valuable information or interfering with the transmission in some way.
網路攔截攻擊透過攔截網路流量來竊取有價值的信息或以某種方式干擾傳輸。
Malicious actors can use hardware or software tools to capture and inspect data in transit. This is referred to as packet sniffing. In addition to seeing information that they are not entitled to, malicious actors can also intercept network traffic and alter it. These attacks can cause damage to an organization’s network by inserting malicious code modifications or altering the message and interrupting network operations. For example, an attacker can intercept a bank transfer and change the account receiving the funds to one that the attacker controls.
惡意行為者可以使用硬體或軟體工具來捕獲和檢查傳輸中的數據,這被稱為封包嗅探。除了查看他們無權查看的信息外,惡意行為者還可以攔截網路流量並進行更改。這些攻擊可能會通過插入惡意代碼修改或更改訊息來破壞組織的網路,並中斷網路運作。例如,攻擊者可以攔截銀行轉帳並將接收資金的帳戶更改為攻擊者控制的帳戶。
Later in this course you will learn more about malicious packet sniffing, and other types of network interception attacks: on-path attacks and replay attacks.
在本課程的後續部分,您將學習更多關於惡意封包嗅探以及其他類型的網路攔截攻擊:中間人攻擊和重播攻擊。
Backdoor attacks 後門攻擊
A backdoor attack is another type of attack you will need to be aware of as a security analyst. An organization may have a lot of security measures in place, including cameras, biometric scans and access codes to keep employees from entering and exiting without being seen. However, an employee might work around the security measures by finding a backdoor to the building that is not as heavily monitored, allowing them to sneak out for the afternoon without being seen.
作為安全分析師,您需要注意的另一種攻擊是後門攻擊。一個組織可能已經設置了許多安全措施,包括攝像頭、生物識別掃描和訪問代碼,以防止員工在未被發現的情況下進出。然而,員工可能會通過找到一個監控不那麼嚴密的建築後門來繞過這些安全措施,讓他們可以在下午偷偷溜出去而不被發現。
In cybersecurity, backdoors are weaknesses intentionally left by programmers or system and network administrators that bypass normal access control mechanisms. Backdoors are intended to help programmers conduct troubleshooting or administrative tasks. However, backdoors can also be installed by attackers after they’ve compromised an organization to ensure they have persistent access.
在網路安全領域,後門是由程式設計師或系統和網路管理員故意留下的弱點,用來繞過正常的存取控制機制。後門的目的是幫助程式設計師進行故障排除或管理任務。然而,攻擊者在入侵組織後也可能安裝後門,以確保他們能持續存取系統。
Once the hacker has entered an insecure network through a backdoor, they can cause extensive damage: installing malware, performing a denial of service (DoS) attack, stealing private information or changing other security settings that leaves the system vulnerable to other attacks. A DoS attack is an attack that targets a network or server and floods it with network traffic.
一旦駭客通過後門進入不安全的網路,他們可能會造成廣泛的損害:安裝惡意軟體、執行拒絕服務(DoS)攻擊、竊取私人資訊或更改其他安全設定,使系統容易受到其他攻擊。DoS 攻擊是一種針對網路或伺服器的攻擊,透過大量的網路流量使其癱瘓。
Possible impacts on an organization
對組織的可能影響
As you’ve learned already, network attacks can have a significant negative impact on an organization. Let’s examine some potential consequences.
如你所學,網路攻擊可能對組織產生顯著的負面影響。讓我們來探討一些潛在的後果。
Financial: When a system is taken offline with a DoS attack or some other tactic, they prevent a company from performing tasks that generate revenue. Depending on the size of an organization, interrupted operations can cost millions of dollars. Reparation costs to rebuild software infrastructure and to pay large sums associated with potential ransomware can be financially difficult. In addition, if a malicious actor gets access to the personal information of the company’s clients or customers, the company may face heavy litigation and settlement costs if customers seek legal recourse.
財務:當系統因 DoS 攻擊或其他策略而下線時,會阻止公司執行產生收入的任務。根據組織的規模,運營中斷可能造成數百萬美元的損失。重建軟體基礎設施的修復成本以及支付與潛在勒索軟體相關的大筆費用可能在財務上造成困難。此外,如果惡意行為者獲得公司客戶或顧客的個人資訊,若客戶尋求法律追索,公司可能面臨高額的訴訟和和解費用。Reputation: Attacks can also have a negative impact on the reputation of an organization. If it becomes public knowledge that a company has experienced a cyber attack, the public may become concerned about the security practices of the organization. They may stop trusting the company with their personal information and choose a competitor to fulfill their needs.
聲譽:攻擊也可能對組織的聲譽產生負面影響。如果一家公司的網路攻擊事件成為公眾所知,公眾可能會對該組織的安全措施感到擔憂。他們可能會停止信任該公司處理他們的個人信息,並選擇競爭對手來滿足他們的需求。Public safety: If an attack occurs on a government network, this can potentially impact the safety and welfare of the citizens of a country. In recent years, defense agencies across the globe are investing heavily in combating cyber warfare tactics. If a malicious actor gained access to a power grid, a public water system, or even a military defense communication system, the public could face physical harm due to a network intrusion attack.
公共安全:如果攻擊發生在政府網路上,這可能會影響一個國家的公民安全和福祉。近年來,全球的國防機構都在大力投資於對抗網路戰術。如果惡意行為者獲得了電網、公共供水系統,甚至是軍事防禦通信系統的訪問權限,公眾可能會因網路入侵攻擊而面臨人身傷害。
Key takeaways 關鍵要點
Malicious actors are constantly looking for ways to exploit systems. They learn about new vulnerabilities as they arise and attempt to exploit every vulnerability in a system. Attackers leverage backdoor attack methods and network interception attacks to gain access to sensitive information they can use to exploit an organization or cause serious damage. These types of attacks can impact an organization financially, damage its reputation, and potentially put the public in danger. It is important that security analysts stay educated in order to maintain network safety and reduce the likelihood and impact of these types of attacks. Securing networks has never been more important.
惡意行為者不斷尋找方法來利用系統漏洞。他們會學習新出現的漏洞,並嘗試利用系統中的每一個漏洞。攻擊者利用後門攻擊方法和網路攔截攻擊來獲取敏感資訊,這些資訊可以用來剝削組織或造成嚴重損害。這類攻擊可能對組織造成財務損失、損害其聲譽,甚至可能危及公眾安全。因此,安全分析師必須持續學習,以維護網路安全,減少這類攻擊的可能性和影響。保護網路安全從未如此重要。