绿盟 2019年网络安全观察

2019 网络安全观察 Cybersecurity Insights u th i g 5 b m o .c 英特尔 Oracle 沙箱安全漏洞 NSA 医院以色列逃逸 CPU 供应链内存团伙通信广告研究警告 AV APP 提权取证缓冲区代码执行定向渗透勒索软件 Shell 沙盒发送监控工控凭据卡巴斯基预警 SSH 托管印度工具包帐户 HTTP IoT 工业滥用思科朝鲜 IOS 信任命令特权智能英国计算机扫描解密英国披露内核网关bug RCE 风险标准俄罗斯邮件安卓 Apache 实战垃圾邮件行为欺骗泄露暗网芯片邮件中国人公开后门协议命令执行苹果勒索脚本攻击者 XXE API XSS 补丁 FBI 缓冲区绕过损失账户溢出DNS 世界 Cisco 权限团队窃取支付 5G 逃避证书自动化破坏 RDP Facebook 行为 APP IOS VPN 执行警告开源谷歌扫描隐私入侵起诉威胁政府虚假上传远程高危高级最大调试巴西挖矿逆向木马代码 Web 僵尸网络趋势黑客 IT Oﬃ 流量攻击者策略文档 Android 动态 C2 Google 固件网络钓鱼金融Microsoft 样本静态进程数据泄露 CMS 篡改感染通道 WiFi 恶意流量数字注入编写比特币 root PDF 中国移动蠕虫劫持 SQL注入 AWS 跟踪安全性韩国行业数据 Mac伊朗 Adobe 华为钓鱼缺陷 NET 医疗 DoS 加密货币数据安全漏洞 PC Edge 数据库 GitHub 凭证思科泄漏 Chrome EDC 密钥 Python 审计爆光 WordPress macOS 任意拒绝服务变种监控加密商店 SQL 函数恶意软件 GDPR IBM 创新控制 Ryuk IT168 DDoS 诈骗严重模块安全更新挖掘物联网隐藏游戏保护患者引擎密码敏感 IPv6 APT Server配置病毒穿越 PHP 修复传播网络攻击权限提升服务器 Linux 网络安全安全厂商 Window 关于绿盟科技北京神州绿盟信息安全科技股份有限公司（以下简称绿盟科技公司），成立于 2000 年 4 月，总部位于北京。公司于 2014 年 1 月 29 日在深圳证券交易所创业板上市，证券代码：300369。绿盟科技在国内设有 40 多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户，提供全线网络安全产品、全方位安全解决方案和体系化安全运营服务。公司在美国硅谷、日本东京、英国伦敦、新加坡设立海外子公司，深入开展全球业务，打造全球网络安全行业的中国品牌。 u th i g 特别声明 5 b 为避免合作伙伴及客户数据泄露，所有数据在进行分析前都已经过匿名化处理，不会在中间环节出现泄露，任何与客户有关的具体信息，均不会出现在本报告中。 m o .c 2019 网络安全观察目录 CONTENTS 目录 1. 执行摘要 ·······························································································································································1 2. 重要观点 ·······························································································································································4 3. 宏观态势 ·······························································································································································7 3.1 中美战略下大国博弈 ·································································································································································· 8 3.2 暗战：APT“明暗交织”支撑“网络威慑”战略 ·················································································································· 8 m o .c 3.3 治理：网络空间内容治理成为新挑战 ······································································································································ 9 3.4 重器：关键基础设施保护 ························································································································································ 10 3.5 隐私：公民隐私保护 ································································································································································ 11 4. 威胁态势 ·····························································································································································12 5 b 4.1 攻击类型分布············································································································································································· 13 4.2 地域分布····················································································································································································· 14 u th 5. 热点态势 ·····························································································································································16 5.1 漏洞态势····················································································································································································· 17 i g 5.1.1 漏洞态势 ····································································································································································································17 5.1.2 漏洞利用态势 ····························································································································································································19 5.2 恶意软件观察············································································································································································· 22 5.2.1 勒索软件（Ransomeware） ·······················································································