A major company Dyn, that is responsible for internet naming services of hundredsof major websites, like PayPal, Amazon, Twitter, CNN, Fox News, GitHub, Visa,and more was recently brought down by a distributed denial of service attack.
Dyn是一家主要的公司,负责数百个主要网站的互联网命名服务,如PayPal、Amazon、Twitter、CNN、Fox News、GitHub、Visa等,最近被分布式拒绝服务攻击推翻。
As massive amounts of fake visitors flooded their servers.
大量的假访客涌入他们的服务器。
Hundreds of sites, as well as others, through side effects, were brought down for hours,in three different time intervals that day.
数百个站点以及其他一些站点,由于副作用,在当天的三个不同时间间隔内被关闭了数小时。
Dyn's cybersecurity mechanisms were in place, but this was a brand new type of DDoS.
Dyn的网络安全机制已经到位,但这是一种全新的DDoS。
Dyn was brought down by nearly 100,000 DVRs, security cameras, webcams, thermostats,refrigerators, coffee makers, and other internet of things devices in homes across the world.
Dyn被全球近10万台dvr、安全摄像头、摄像头、恒温器、冰箱、咖啡机和其他物联网设备所取代。
These devices were hijacked through malwareand were instructed to attack Dyn's servers.
这些设备被恶意软件劫持,并被指示攻击Dyn的服务器。
Either default usernames and passwords, un-updated software,or flaws in the actual software can be blamed.
无论是默认的用户名和密码,未更新的软件,还是实际软件中的缺陷都可能是罪魁祸首。
The users of these devices had no idea that they were, in essence, responsible.
这些设备的用户根本不知道他们在本质上是负责任的。
Sometimes I hear people say, why should I do the security updates for my operating system?
有时我听到人们说,为什么我要为我的操作系统做安全更新?
Why should I update my software?
我为什么要更新我的软件?
Why do I need a firewall at home?
为什么我在家里需要防火墙?
Why do I need antivirus software?
为什么我需要杀毒软件?
I have nothing hackers would want.
我没有黑客想要的东西。
Then I ask these people some questions.
然后我问这些人一些问题。
Do you do your online banking, you pay your credit cards online?
你做网上银行吗,你在线支付信用卡吗?
Yes. Do you have access to information resources,like personal, confidential information?
是的。你能接触到信息资源吗,比如个人机密信息?
Or employer confidential information?
还是雇主机密信息?
Yes. Do you have a high-speed internet connection at home?
是的。你家里有高速互联网连接吗?
Yes. Do you have devices at home that can be accessed over the internet, like your hotplate?
是的。你家里有可以通过互联网访问的设备吗,比如你的hotplate?
Yes. Even if you have nothing on the machines at home that hackers would be interested in,they'd be very interested to watch you do what you do, log your usernameand password combinations, clean out your entire bank accounts, and steal your identity.
是的。即使你家里的电脑上没有黑客感兴趣的东西,他们也会很有兴趣看你做什么,记录你的用户名和密码组合,清理你的整个银行账户,窃取你的身份。
Attacks are becoming increasingly complex, relying on a combination of techniques,including exploitation of software vulnerabilities, and improper configuration,malicious software, malware, and social engineering.
攻击变得越来越复杂,依赖于多种技术的组合,包括利用软件漏洞和不适当的配置、恶意软件、恶意软件和社会工程。
转载于:https://www.cnblogs.com/sec875/articles/10260818.html
相关资源:Cloud.Computing.Security.Foundations.and.Challenges