绿盟科技 安全事件响应观察报告 i g u th 5 b m o .c © 绿盟科技 关于绿盟科技 北京神州绿盟信息安全科技股份有限公司（简称绿盟科技）成立于 2000 年 4 月，总部位于北京。 在国内外设有 30 多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户， 提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。 基于多年的安全攻防研究，绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理 等领域，为客户提供入侵检测 / 防护、抗拒绝服务攻击、远程安全评估以及 Web 安全防护等产品 以及专业安全服务。 北京神州绿盟信息安全科技股份有限公司于 2014 年 1 月 29 日起在深圳证券交易所创业板上 市交易。 股票简称：绿盟科技　股票代码：300369 u th i g 特别声明 5 b 为避免合作伙伴及客户数据泄露，所有数据在进行分析前都已经过匿名化处理，不会在中 间环节出现泄露，任何与客户有关的具体信息，均不会出现在本报告中。 m o .c 安全事件响应观察报告 目录 1. 前言 ······································································································································································2 2. 网络安全形势分析 ················································································································································5 2.1 勒索软件仍是安全事件重点，并呈现家族化趋势 ················································································································ 8 2.1.1 勒索病毒家族类型增多，变种更新更加频繁 ········································································································································ 9 2.1.2 Windows 服务器需重点关注，跨平台勒索病毒开始出现 ·················································································································· 9 m o .c 2.1.3 RDP 弱口令暴力破解成为主流攻击方式 ·············································································································································10 2.1.4 病毒制作门槛降低，传播方式蠕虫化 ··················································································································································11 2.2 挖矿病毒利用多种漏洞传播 ··················································································································································· 12 2.2.1 WannaMine 挖矿病毒依然流行·····························································································································································12 2.2.2 门罗币成为挖矿病毒的首选币种 ··························································································································································12 5 b 2.3 网络威胁行业特征显著 ··························································································································································· 13 2.3.1 政府部门 Web 服务器成为攻击重点 ····················································································································································14 2.3.2 运营商需着重关注勒索软件、流量异常类安全事件 ··························································································································14 u th 2.3.3 金融机构已成为网络犯罪的主要目标 ··················································································································································15 2.3.4 企业的勒索事件占据绝对比重 ······························································································································································16 i g 2.4 脆弱系统将面临越来越多的攻击 ··········································································································································· 18 2.4.1 1Day 漏洞抢占肉鸡资源 ·········································································································································································18 2.4.2 NDay 漏洞持续威胁用户安全 ································································································································································19 2.4.3 弱口令仍是安全事件“高发地” ··························································································································································20 3. 安全处置建议 ····················································································································································21 4. 典型安全事件应急处置案例分析 ······················································································································23 4.1 勒索软件典型案例 ··································································································································································· 24 4.1.1 GlobeImposter 家族 ················································································································································································24 4.1.1.1 背景介绍 ·········································