̹
ۼ 2009-03-12
ȸ : 12,142
The Next Generation of Cyber-Threats
By Ken Pappas TechNewsWorld 12/09/08
¶ ۵ Ȱ ְ, ε巯 Ͻ Ÿ Ǵ Ȥϰ ִ. ۵ ΰ? Top Layer Ľ ۾ (Botnet), Ȱ social engineering Ʈ, SQL ٺ ִ.
ų⸶, Ŀ ̵ ڸ ̰ Ʈũ ϱ social engineering ϴ ο ̵ Ǵ ̵ ߰س. 2000 ߹ݿ , ǥ ̻ ͵ Ҵٸ, 2007 2008 Ŀ 鸸 ڸ ǥ social networking site ν, SQL injection ݰ ٸ Ʈ exploit Ǵ Դ.
2009 ӹ ϱ? ε –ɰ ħü, ̹˸ ִ , social networking online — ٽ ظ ̴. Ŀ ϱ ΰ ൿ --̸, Ÿ αִ social media鿡 — ̴.
ö ƴ϶ ϰ ִ
Ⱓ, —̹˸ ǻ ý۵ Ʈũ — ü Ʈũ 뿪 ֽŰ DDoS Ǿ ߾. Storm Kraken ̸ õ ǻ͵ ̵ 500 ϴµ Ǿ. , 2008 Ϲݱ ڵ Ƹ ݵ ԽŰ, ȣƮ ĺϰ ǵ ϴµ ν, ݵ Ը Ȱ ҵǴ Ҵ.
ϰԵ, Ŵ ħ ʴ´. , Ư 뵵(; ǻͿ ̸ ּ Ż) Ǵ ڽ ̴ Ʒ Ȱϴ , ܳɵ ⼼ ȭ ̴. Ƹ Ը ̹˾迡 ̷ ۶߸ ٸ Ȱ ϴµ ִٴ ߾ SaaS Ϲ ߵ鿡 Ǹŵǰ ִٴ ̴.
Site Exploit : SQL Injection attack Clickjacking
м ϴ Ͱ Ҿ, Ŀ Ʈ Ʈ ǵ ʰ Ǽ ɾ Ű ν SQL injection Ͽ. ܼ SQL ϰ ν, ǻʹ صǾ Ȱ ִ. ̻ ڴ ̸ Ǽ ũ Ŭϵ ʿ䰡 - ڵ ǻͰ ħظ ŷڵ Ʈ 湮ν ִ.
ϴ һӸ ƴ϶, SQL injection ǻͻ ϴµ ִ. , ̷ ɷ 2008 Ÿ Ǵٸ web site exploit clickjackingε, ڵ Ǽ ũ Ŭϵ browser exploit Ͽ Ŀ ũž ϵ . Ʈ 2009 ӵ ̰, ܼ ֽ Ƽ̷ ġϴ ǻͿ ȸ Ʈũ ȣϴµ ʴٴ ϰ ̴.
Social media
ο Ʈ Ű Һڵ ݿ ¶ social networking Ȯ̴. Social media ̵ Ǿ Դ; , MySpace Ǵ Facebook ũ Ŭϵ, Ʈ exploit ξ ȸ ϵ . Ŀ SQL ݰ clickjacking social media ϴ ο ߰ϴ Ե ̴.
Escalatorμ
2009 ̹ ɰ κ εġ ִ ɰ ħü ̴. , ٸ Ÿ鼭, Ŀ Һڵ ϵ ϰų Ǵ ʼ ϵ 䱸ϴ ũ Ŭϵ ȥŰ social engineering ٹ ̴. , պ Ǵ Ȯ 䱸ϴ ̸ ǽ Ÿ ̴.
ӵ ̹ ITη Ǿ ų ε, ̵ ̹ ϰ, ߰ ִ ü鸸 ν dark side . 2009 谨 ݸ, ̹ ñ ȸ縦 ұ ִ ս ȣϱ Ͽ ҸǴ ITȿ ̴.
ִ ΰ?
2009 Ǵ Ȥ ĥѴٰ , ȸ ¸ ϴ ƴϴ. ٵ , ġ ο ̴ µ Ϻ ̿Ͽ, Ʈ ý۵ ġϴ ← Ѵ. Ʈ ڵ 鿡 ڵ ġ Ʈ Ǵ ȣ ѵ ɷ ִ.
Microsoft ġ ȭ ǥ ͻӸ ƴ϶, Microsoft Active Protections Program(MAPP) ߴµ, ̴ ֿ ༺ Microsoft Ʈ ռ Ͽ ο ְ ñ ȣ ֵ Ͽ. ַ ü ϴ Ʈ-- ̷ ڵ Ʈ ̴-- ҿ ġ ֵ ϴ ߿ϴ. ġ Ӹ ƴ϶, ٽ Ƽ̷ Ʈ ǻ͵ Ʈϵ ڵ ϴ ߿ϴ.
Ʈũ پ ༺ Ÿ ̰, ÿ ֻ ϵ յ ִ ȣϴ پ ̴. ְ Ʈũ silver bullet(Ưȿ) ַ ƴ϶, IPS, ȭ, Ʈũ (NAC), ̺Ʈ м, ̺Ʈ (SIEM) °踦 ϴ ٹ(pervasive security approach)̴.
۳ Ѿ Hannaford Supermarket, ټ , ķα а ģ, ڻ , Ʈũ ʾ Ҵ. IPS 3 ֿ īװ- Ǽ , DDoS , ٶ - ȣ ν, Ʈũ Ž ʼ ڷ Ǿ. ɰ ϱ Ư õ ŷ ѷ context(Ȳ) ִ SIEM ٸ ȱ ξ ִ. 2009 ŸƮ , Ʈũ ġ ȮŰ ̿ Ǹ ִ. 2009 ٽ ȭ, ְ å (pervasive) °踦 鰣 ν, װ͵ Ͽ Ű ̴.