Every reporter Zhu Chengxiang & nbsp; & nbsp; & nbsp; & nbsp; Editor Liang & nbsp; & nbsp; & nbsp;
In 2022, the new crown epidemic has not subsided, and the Internet world is also unsafe. In the first half of this year, the global GPU leading Nvidia, Tire giant Pride, and home giant IKEA have been attacked by cyber attacks.
The epidemic has changed people's lives and many companies' working methods. The office on the clouds is becoming more and more popular, and the data of major companies have gradually exposed to the Internet world. The digitalization process is accelerating, but the level of network security and data security has failed to keep pace with the times. This also provides many ransom organizations with opportunities, and the data information of multiple companies has been attacked or even leaked.
Among them, Lockbit, Conti, and LAPSUS $ three major ransom organizations are particularly prominent. What is their background? Why is the Internet attack so unscrupulous? How should we protect it?
Internet attacks are unpopular
If LAPSUS $ is mentioned in 2021, it rarely hear network security professionals even. However, in 2022, the name of Lapsus $ can be described as thunderous. As an emerging ransom organization, Lapsus $ has risen rapidly.
The reason why Lapsus $ is quickly known is because of its continuous attack on a series of large technology giants. In December 2021, Lapsus $ emerged. At that time, they attacked the Brazilian Ministry of Health, stolen and deleted a large amount of data to extortion. In February 2022, the organization attacked a number of Portuguese media groups and Vodafeng Portugal.
What really made LAPSUS $ fame is to attack Nvidia. In February of that year, the organization announced that they had lurked in the internal system for a week before they officially attacked Nvidia, and had obtained 1TB confidential data, including the design blueprint, driver, firmware, all types of unreasonable 40 series graphics cards. Confidential documents, SDK development packages, and backup all data.
As one of the best hardware technology companies in the world, Nvidia immediately counterattacked and successfully lost Lapsus $ computers. However, because Lapsus $ did data backup, Nvidia's counterattack failed.
Later, Nvidia stated in the statement that the company discovered a cyber security incident that affects IT resources on February 23, 2022; shortly after it was discovered, the company further strengthened network security, hired network security incident response experts, and notified Relevant law enforcement agencies.
It can be seen that "the surgery industry has specialized attack", even if the hardware technology is as strong as Nvidia, it needs the assistance of professional network security experts.
Not only Nvidia, in March 2022, another technology giant Samsung was also attacked by Lapsus $. The Lapsus $ extortion organization released a report that contains a large amount of confidential data of Samsung Electronics and the content of the C/C ++ instruction snapshot in Samsung Software.
What is the background of LAPSUS $, and why is there the ability to attack the two major technology companies in a short time? Some insiders told the reporter of the Daily Economic News that the means they used were not technical at the technical level, but they found weaknesses. In other words, it is mainly the cause of the enterprise. The company has many weaknesses, and its weaknesses have been discovered and attacked by the ransom organization. Lapsus $ is so famous that because of its active, it is recognized.
It is worth mentioning that according to Sina Technology, a 16 -year -old boy in Oxford, Britain, was accused of one of the leaders of Lapsus $ Lapsus $ in information security criminal gangs. City Police London said: "Seven people in the age of 16 to 21 were arrested for suspected hacking activities. They were subsequently released during the investigation, but the investigation was still ongoing."
However, LAPSUS $ continues to be active. After releaseing the news of "we are officially returning from the holiday", the organization immediately announced the nearly 70G source code data obtained by Globant, an invasive software service company.
"Ransomware is service" is the trend
According to the Xinyu.com police inspecting law enforcement Weibo, on April 7, the Xiacun Police Station of the Xinyu Yuqing Branch of Jiangxi received a report from an enterprise in the area that a computer was attacked by a virus. Operate. The company's computer is infected with a extortion virus called "Lockbit 2.0". All files in the infected computer are maliciously encrypted by the virus and cannot be used normally. The attacker claims to pay a certain amount of "ransom" to it. The data will be decrypted back. This is also as previously pointed out by security experts, the ransom attack is RaaS (ransomware as service) trends.
On the one hand, in order to achieve the multi -directional realization of value, in addition to launching a ransom attack on itself, the hacker group will also use dark web and virtual currency technology to rent or sell mature ransomware products and services to the outside world, which prompts the data ransom "industrial chain" Gradually formed, upstream and downstream ransomware developers, ransom executors, and ransom negotiations and ransom regulators cooperated with each other to share the ransom income together, which greatly reduced the technical threshold of the attack.
On the other hand, different hacker gangs began to build a ransom business alliance with accurate cooperation relationships. Through the sharing information such as the victim's information, the ransom business model was expanded, and the ransom attack capabilities and concealment were further enhanced.
So, in the face of powerful and concealed ransom attack organizations, how should enterprises, institutions, and individuals protect it? For enterprises, we need to take relevant extortion protection measures at the stage of advance, things, and afterwards, such as doing relevant safety awareness training beforehand (the person who is the most uncontrollable part of the entire security chain), and then Do a good job of drills for related threats.