"Blackmail attacks have become an epidemic of the Internet. A complete security system is the vaccine for the epidemic." Qi Xiangdong, Chairman of Qi Anxin Group, said when attending the China International Big Data Industry Expo in 2021 that the rapid development of digitization has given rise to the industrial Internet. Facing severe network security challenges, among which the increasingly rampant blackmail attacks are the number one enemy of the Industrial Internet.
To this end, he proposed that government and enterprise organizations should establish a complete network security system as soon as possible, and then through actual combat and systematic normal operation, the threat of blackmail attacks can be shut out.
Industrial Internet will become the number one target of blackmail attacks
"In the first half of this year alone, there have been many blackmail attacks in the industrial Internet field, and the scale of blackmail ransom continues to hit new highs." Qi Xiangdong said in a speech at the China Digital Expo that with the further development of the industrial Internet, strong security, weak and open Industrial production systems and the weakly secure and strongly open Internet will be more closely integrated, leading to a greatly increased attack path and even more severe security challenges.
If security is not done well, the industrial Internet, which is of great value, will become a "fragrant cake" for hackers.
Public information shows that since the beginning of this year, industrial Internet companies have been subjected to blackmail attacks.
In February, Kia Motors suffered a blackmail attack and was demanded 135 million yuan in Bitcoin; in March, Taiwan’s Acer computer was blackmailed, and sensitive data such as financial spreadsheets and bank correspondence were stolen. The ransom amounted to 325 million yuan; in April, The Apple computer foundry was attacked by blackmail, and the hackers also issued a ransom of 325 million yuan...
In fact, these figures are just the tip of the iceberg. Qi Xiangdong said that being able to get the ransom smoothly is the biggest incentive for blackmailers.
The hacker will quickly implement the next blackmail, which enters a vicious circle.
Blackmail attacks have become an Internet "epidemic"
Statistics show that the number of global blackmail attacks in 2020 has increased by more than 150% year-on-year; the average ransom for each blackmail has reached 310,000 US dollars.
According to a prediction from a security agency, a blackmail attack is expected to occur every 11 seconds in 2021, with more than 3 million times a year, and the damage caused by blackmail attacks may be as high as 900 billion US dollars.
Qi Xiangdong said that ransomware is one of the strongest network security threats with "self-evolving ability", and new variants are constantly being produced; ransomware attack methods are also constantly changing, from phishing email attacks to website malicious code intrusion, and then to society Engineering, a variety of advanced threat technical methods are used in ransomware attacks; at the same time, the popularity of anonymous digital currencies such as Bitcoin has become an excellent tool for hackers. Blackmail ransoms are getting higher and higher. After hackers get high rewards , Gradually subdividing more types of work, forming a complete industrial chain.
"It is also more difficult to prevent ransomware attacks." Qi Xiangdong said that ransomware attacks are more complicated than general network attacks and are a combination of traditional attack methods and ransomware viruses.
First of all, the continuous expansion of the safety exposure area cannot be prevented through terminal protection.
Terminal-based phishing and puddles are common methods of blackmail attacks.
Once the terminal is infected with ransomware, it will spread quickly.
Most units have weak terminal security defense capabilities. The terminal is not reinforced or upgraded for a long time, and weak passwords are often used, which can be easily compromised.
Secondly, the huge economic benefits have prompted the black industry to continue to study variants of the ransomware virus and obtain the most advanced anti-virus, which makes prevention even more difficult.
The traditional checking and killing mode that relies on the known signature database to match, cannot detect new virus variants, and it is too late.
In particular, targeted blackmail attacks are completely APT-level in terms of attack methods.
In addition to the initial infection link, it also includes a series of attacks such as lateral movement, establishing control channels, locating high-value data, packaging and stealing data, fast encryption and even destroying the backup system. The attacker may be latent for several weeks or even months. .
A complete security system is the vaccine to prevent the "ransomware epidemic"
"But it will be difficult for a fox in disguise again to hide its tail. The weakness of blackmail cannot be overcome. It needs to find a target and complete its mission. This is a long process." Qi Xiangdong made an analogy, like a thief entering a rich family. In the compound, it is not easy to steal gold and silver treasures, because he doesn't know where the safe is, so the ransomware needs a process of turning over the box to come in. The process is as short as one week and takes several months.
Qi Xiangdong proposed that "a complete network security system is the vaccine to prevent the'ransomware epidemic'".
Vaccines can activate the body's immune system, produce antibodies and memory immune cells, and effectively prevent bacteria and viruses.
Preventing the "ransomware epidemic" is the same. Only by establishing a complete network security system and building a strong immune system to ensure that the virus can be detected in time after it enters, and then concentrate efforts to eliminate the virus, so as to ensure the normal business. Running.
According to reports, the endogenous security framework proposed by Qi'anxin uses three key links of “building a family foundation, building a system, and grasping operations”, using system engineering to change the past partial rectification construction model, and systematically build a complete network security system; at the same time, it uses The specific "Ten Major Projects" and "Five Tasks" guide the planning, construction and operation of the network security system, and finally through the dynamic and comprehensive security defense system, outperforming loopholes, internal ghosts and hackers.