2020年Sonicwall网络威胁报告 - SONICWALL（38页英文版）.pdf

1、2020 SONICWALL CYBER THREAT REPORT I sonicwall 2 A NOTE FROM BILL CYBERCRIMINAL INC. 2019 GLOBAL CYBERATTACK TRENDS INSIDE THE SONICWALL CAPTURE LABS THREAT NETWORK KEY FINDINGS FROM 2019 SECURITY ADVANCES CRIMINAL ADVANCES FASTER IDENTIFICATION OF NEVER-BEFORE-SEEN MALWARE TOP 10 CVES EXPLOITED IN

2、2019 ADVANCEMENTS IN DEEP MEMORY INSPECTION MOMENTUM OF PERIMETER-LESS SECURITY PHISHING DOWN FOR THIRD STRAIGHT YEAR CRYPTOJACKING CRUMBLES RANSOMWARE TARGETS STATE, PROVINCIAL malicious Offi ce fi les were then leveraged later in the year. 21 ADVANCEMENTS IN DEEP MEMORY INSPECTION The above timeli

3、ne highlights changes SonicWall observed to GandCrab Version 5 in 2019, including alterations to payloads, malicious URLs, etc., even if the version number remained the same. (i.e., Version 5.2 could have different download URLs). In this snapshot, SonicWall identifi ed and logged different versions

4、 of GandCrab through the fi rst half of the year, but didnt record any attacks after May 2019 as the malware authors terminated the illegal affi liate program. Side-channel attacks continue to be ripe for security research In November 2019, four researchers from three universities Worcester Polytech

5、nic Institute (U.S.), University of Lbeck (Germany) and the University of California (U.S.) published new fi ndings that side-channel timing and lattice attacks could be executed against Trusted Platform Module (TPM) chips, specifi cally Intel fTPM and STMicroelectronics TPM chips. Dubbed TPM-FAIL,

6、this group of vulnerabilities are the next variation of side-channel attacks following Meltdown/Spectre, Foreshadow, PortSmash, MDS, etc. The details of the TPM-FAIL vulnerabilities are outlined in CVE-2019-11090. Tracking the evolution of malware strains The collective power of Capture ATP and RTDM