关于俄罗斯黑客的报告留下许多问题没有答案

Security experts have been pouring over the Joint Analysis Report released two weeks ago by the Department of Homeland Security and the Federal Bureau of Investigation, but there isn’t enough detail in the public document to help organizations defend themselves against other Russian attacks.

安全专家已经在两个星期前由国土安全部和联邦调查局发布的联合分析报告,但没有足够的细节,在公共文件,以帮助组织抵御其他俄罗斯攻击自己。
The report contains lists of indicators of compromise – technical signs that the Russians are hacking into a system. But most of these were already familiar, and more interesting information was left out, according to security experts.
该报告包含妥协的指标列表-技术标志,俄罗斯黑客进入一个系统。但据安全专家称,这些都已经很熟悉了,更多有趣的信息被遗漏了.。
“There would be some indicators that are held back, because revealing everything would compromise sources or methods,” said Eddie Schwartz, president and COO at White Ops.
“会有一些指标,踌躇,因为暴露所有会妥协的来源或方法,ie Schwartz说,在白OPS总裁兼首席运营官。
If the attackers know that they are leaving certain kinds of digital fingerprints, they’ll be more careful to hide them next time. In addition, the intelligence agencies also use other means of collecting information, such as intercepted communications or even moles in the enemy organizations.
如果攻击者知道他们正在留下某些种类的数字指纹,他们将更加小心隐藏他们下一次。此外,情报机构还利用其他手段收集信息,如截获通信甚至在敌方组织中使用“鼹鼠”。
“They are classified in nature,” said Schwartz. “But some could be provided to certain partners in the community, like the Financial Services Information Sharing and Analysis Center.”
“他们是在性质分类,”施瓦兹说。但有些可以提供给社会的某些合作伙伴,如金融服务信息共享和分析中心。”
[ RELATED: Making the GRIZZLY STEPPE Joint Action Report useful ]
[相关:使灰熊草原联合行动报告有用]
Companies that might be targeted by Russian groups should join such organizations, and not just to get access to more government data.
俄罗斯集团可能针对的公司应该加入这样的组织,而不仅仅是获得更多的政府数据.。
“It’s always valuable to get together,” he said. “the power of many collaborating on indicators is far better than one company trying to figure it out.”Looking beyond the IOCsThe indicators in the report are of very limited practical use, agreed Rebekah Brown, threat intelligence lead at Rapid7.
“聚在一起总是很有价值的,”他说。许多合作指标的力量是远比一个公司试图找出它。”展望报告中的iocsthe指标是非常有限的实际使用,Rebekah Brown表示同意,威胁情报的铅在Rapid7。
“Some of the IOCs were clearly bad, and should not be used for alerting or blocking,” she added. “It is important to vet the lists before utilizing the intelligence.”
“一些IOCs显然是坏的,不应该用于报警或阻断,”她补充说。”在利用情报之前先检查这些清单是很重要的。”
That might improve in future reports, she added.
她补充道,这可能会改善未来的报道.。
华大基因官鑫:高冷基因产品如何接上互联网
“I do think that the government learned from the feedback about the IOCs, and the next report they release will likely have more indicators that defenders can easily utilize,” she said.
“我认为,从国际奥委会的反馈到政府,和下一个发布的报告可能会有更多的指标,人可以很容易地利用,”她说。
公司应该对信息系统安全事件进行等级划分和事件分类,制定安全事件报告、响应处理程序等应急预案,并定期进行演练,评审和修订。
Where the report could be most useful to security professionals is in the information about the goals, motivations and targets of the Russian attackers.
报告可能是最有用的安全专业人士在信息的目标,动机和目标的俄罗斯攻击者。
“CISOs can use this information to identify if their organization would fit into the model that the report describes,” she said.Time to get proactiveThe report also demonstrated that the U.S. is playing defense when it comes to cyberattacks, and needs to get more organized.
“首席信息安全官可以使用此信息来确定他们的组织将融入模型,该报告描述了,”她说。时间到proactivethe报告还表明,美国是防守的时候,网络攻击,需要更加有条理。
The interesting thing about the hacking of the U.S. Democratic National Committee is the delay in detecting and responding to the breach, he said.
关于美国民主党全国委员会的黑客攻击的有趣的事情是延迟检测和应对违约,他说。
“This wasn’t sufficiently prioritized and resourced,” he said. “We have a very talented set of organizations capable of excellent intelligence gathering, but they have been partially tied down and restricted from using all of their skills. We have an enormous amount of resources that we don’t permit our intelligence organizations to leverage to the best of their abilities.”
“这不是足够的优先级和资源,”他说。”我们有一个非常有才华的组织能够优秀的情报收集,但他们已经部分捆绑和限制使用他们的所有技能。我们有大量的资源,我们不允许我们的情报机构充分利用他们的能力。”
The U.S. needs to not only improve its defensive tactics and tools but also focus on offensive capabilities, signals intelligence, and cooperation from other governments, he said.
他说,美国不仅需要改善其防御战术和工具,还需要关注进攻能力、信号情报和其他政府的合作.。
公司应该制定信息管理相关制度和流程,规范管理信息采集、传输、交换、存储、备份、恢复和销毁等环节,加强重要数据信息控制和保护,保障信息的合法、合规使用。

猜您喜欢

黄陂区举办燃气行业冬季安全培训和消防演练
信息安全第一课——丢弃毁坏的U盘
安全生产、职业健康、环境保护
柳岩好忙!低胸透视装出席网络直播颁奖礼
BASHAGROPLAST SPRINGARBORLUMBER
国产操作系统成功的羁绊何在