2018 is both a grey year for data breaches and a first year of data protection. In March, Facebook was exposed more than 87 million user data leaks. This was once the biggest data breach in Facebook's history. In June, AcFun announced that the server was attacked by hackers, resulting in nearly 10 million user data. In the dark network sales; in August, according to the dark network Chinese net posts, all hotels in a cheap hotel chain nearly 100 G, involving 500 million customer privacy data were publicly traded; in December, the US well-known question and answer community Quora released a notice, 100 million user data was leaked by illegal hacking... The major corporate information leakage incidents that occurred frequently in 2018 have once become a hot topic in the field of information security, and have received much attention and attention from all walks of life.
As the pioneer of the new Internet security industry in China, Tencent Security recently officially released the "Information Disclosure: 2018 Enterprise Information Security Top Threat Report" (hereinafter referred to as "Report"), detailed analysis of corporate Internet asset threats, and disclosure of dark network information sales. The four black market transactions, such as precision fraud, collision-to-cash attack and net-scraping, have eroded data security channels, providing practical advice for enterprises and individual users to prevent information leakage risks.
Dark net: the main channel of personal information trafficking, claiming to cover all the major Internet platforms in the country.
On Dec. 30, 2018, a post appeared on the Chinese language Forum of the Dark Web, claiming to sell sensitive information data including 300000 hotel consumers'ID cards, addresses and phone calls for 0.00268 bitcoin, or about 69 yuan. Further on, there was a public peddling of all hotel occupancy data from a budget hotel chain, including personal information and records of 130 million people, priced at eight bitcoins, or about 350000 yuan. The frequent leakage of data in recent years has made the underground black market gradually recognized by the society.
(Figure: data transactions in the dark network in 2018)
From the case of dark data transactions in 2018 (sampling data), account/mailbox data, personal information, online shopping/logistics data ranked in the top three, 19.78%, 12.19%, and 9.69%, respectively, which became the most popular gang. Products of". Among them, in the "data-intelligence" section of the dark network, a transaction post claims that the sale contains 1.6 billion mailboxes + password data, claiming to cover all major platforms of the domestic Internet. In addition, financial data such as bank data and online loan data began to increase in the second half of this year. Tencent security technology experts have inferred that there is a certain correlation with the "thunderstorm" of financial platforms such as P2P this year.
(figure: trend Analysis of data transaction for Internet loan users in 2018)
According to the "Report", in addition to using technical attacks, phishing attacks and collusion of ghosts to obtain first-hand information data, black-sector practitioners are also one of the commonly used illegal means. Taking the information leakage incident of a cheap hotel chain as an example, the hotel programmer uploaded the database connection method and password to the open source platform GitHub, and the hacker used the information to conduct the attack for the first time, and obtained the personal registration data including the consumer official website. The hotel's occupancy registration information, hotel opening records, etc. total 141.5G, nearly 500 million user data. The "Report" believes that in today's information age, in the face of an endless stream of data breaches, both enterprises and institutions, as well as individual users, should pay more attention to data security and strengthen protection measures for their own data. The most direct and effective way.
Information leakage spawned three ways to realize: precision fraud, attack against warehouse, and netting scam
At present, the "undercurrent" black market transactions are eroding user privacy. In addition to the direct realization of the sale of private data to black platforms such as the dark network, black producers often use the data obtained for accurate fraud, extortion and other criminal activities to further engage in cybercrime.
Some online shopping consumers have turned to Tencent for help. They said that they will receive a warm "customer service" call after the online shopping platform is completed. "Customer service" will send a refund page link or two on the basis of quality problems, logistics problems, etc. Dimensional code, follow the prompts to refund the refund or refund deposit higher than the purchase amount, after which “Customer Service” will further guide the victim to refund the refund or refund deposit received by scanning the specified QR code. Give the online store.
(photo: "Shopping refund" Fraud process)
This was originally a win-win good, how do evil gangs to achieve fraud? Tencent security experts said it was a typical precision scam, with fraudsters using hidden networks and other underground industrial platforms to carry out targeted telecom fraud through terminal devices after obtaining users' personal details. In general, the money received by victims is actually a quick loan from some formal loan platforms. Fraudsters use services such as quick credit loans on online silver or third-party payment platforms to mislead victims into lending from loan platforms. The excess money is then returned to the fraudster's network account.
The "Report" pointed out that including "shopping refund", impersonation "public inspection law", "granting scholarship", "flight cancellation", "second child birth refund", "traffic violation reminder", "point redemption cash" and other accurate fraud They are targeted fraud scripts designed by scammers based on the characteristics of personal information.
It is also worth noting that the collision of catalytic information by the collision-chamber attack is a fissile growth. According to a report on Internet security status in 2018 written by a security research team abroad, it shows that during the period from November 2016 to the end of June 2017, there were more than 30 billion malicious login attempts worldwide. From the honeypot traffic in the past three months, it can be seen that the traffic of malicious attacks is stable and long, and among these malicious attacks, more attacks are caused by collisions and scans.
(Figure: malicious traffic attack trend)
In addition to collisions and precision scams, user privacy data is also used to cast scams. Not long ago, many netizens posted a message saying that they received a threatening email from the "hacker". The email said that they had malicious programs embedded in their adult websites, could steal user account passwords, and control the camera to record users to watch adults. The video's privacy process requires payment of the specified ransom, otherwise a video file is sent to all contacts in the mailbox.
Tencent Security: continuous efforts to build data Security calls on Society to jointly defend Privacy Security
At present, there are successive information leakage incidents around the world. The impact of large-scale information leakage will generally last for a long time, and the scope of influence will spread to various industries. After an information disclosure incident, it is often difficult for companies or individuals to cope with secondary risks.
To this end, the "Report" reminds the general public, on the one hand, avoids the use of the same account password on multiple platforms, and maintains the habit of regularly changing complex passwords; on the other hand, it is recommended that individuals open all Internet services that have provided dual authentication. Double verification to ensure the security of personal information in a timely manner. For enterprises, enterprises should fulfill their responsibility to protect user data. It is necessary to strengthen investment in information security, establish a systematic security system, regularly check for potential risks, and strengthen protection technologies to comprehensively improve the risk of business operations. Perceive and discover capabilities to reduce security risks.
Through long-term exploration and practice, Tencent Security not only launched an effective solution for terminal malicious attacks, but also launched an external risk prevention and control system for Tencent Anmai for enterprises, providing enterprises with effective business risk monitoring and early warning SaaS services for enterprises. Provide industry security dynamics to assist companies in making correct business risk judgments and disposal recommendations.
As a whole, the security problems of Internet assets, such as security vulnerabilities and security vulnerabilities, have gradually become an important factor of network security threats. To this end, Tencent Security, represented by the killing of soft manufacturers, actively associated with government departments and Internet users to form a "police, enterprise and people" to work together to crack down on violations of user privacy information and other network criminal acts. For the majority of users to create a green and healthy network environment.