美國計畫推出一個名為「網路安全信任標誌」(Cyber Trust Mark)的資安防護認證產品標章,供通過認證的網站標示,以協助美國消費者在選購連網裝置時,可以依該標章選購安全性較高、對抗駭侵攻擊韌性較強的產品。
Cyber Trust Mark 標章的提案,是由美國聯邦通訊委員會(Federal Communication Commission, FCC)提出,並接受各方建議。這個標章預計在明年正式上路,供各種智慧連網製造商申請使用。
在提案中規定,要獲得 Cyber Trust Mark 標章的產品,必須符合美國國家標準暨技術研究院(National Institute of Standards and Technology, NIST)提出的資安規範標準,包括預設使用強式密碼、資料保護、軟體或韌體更新、事故偵測能力等標準。
在由白宮發表的一份新聞稿中指出,FCC 推出 Cyber Trust Mark 的目的,除了要保護美國消費大眾在使用各種連網裝置時的安全性外,更要提高這類裝置的一般資安保護水準。
這個標章預計將適用於各類連網裝置,包括智慧家電如冰箱、微波爐、電視、空調系統、健身追蹤器材等等。目前已有多家智慧連網家電暨裝置大廠宣布加入這個標章系統,包括 Amazon、Best Buy、Google、LG Electronics USA、Logitech、Samsung Electronics 等。
待 Cyber Trust Mark 上路後,符合標準的產品將可貼上專屬標章,並列表於一份可公開查閱的產品清單中,以供消費者選購產品時參考之用。
建議政府單位、廠商與相關資安單位,可參考該標章的標準與做法,推動在國內市場販售的連網裝置也有同類標示,可供消費者參考,並強化社會大眾的資安意識。
資安廠商 Mandiant 日前發表研究報告,指出該公司旗下的資安研究人員,近期發現新一波透過 USB 隨身碟發動攻擊的案例,且攻擊量在 2023 年上半年再創歷年新高。
Mandiant 發現的 USB 隨身碟攻擊活動共有兩大系統,其一稱為「Sogu」,疑似與駭侵團體「TEMP.HEX」有關;另一個稱為「Snowydrive」,疑似由另一個駭侵團體「UNC4698」有關,針對亞洲的多家石油與瓦斯公司發動攻擊。
在 Sogu 的攻擊活動方面,Mandiant 指出該駭侵團體鎖定的攻擊目標十分廣泛,遍及美國、法國、英國、義大利、波蘭、奧地利、澳洲、瑞士、中國、日本、烏克蘭、新加坡、印尼和菲律賓。
以行業別來看,遭到 Sogu 攻擊的行業以製藥業和 IT 業最多,均達 11.8%,其次為能源產業(9.4%)、通訊業(9.4%)、醫療業(8.2%)、物流業(7.1%)、非營利組織(5.9%)、零售業(4.7%)、媒體業(4.7%)等。
據 Mandiant 分析,Sogu 使用 DLL order 綁架技術,將一個稱為 Korplug 的惡意軟體酬載載入到 Windows 電腦的記憶體中,然後在登錄檔中新增 Run 機碼,以常駐在電腦中並自動執行,並掃瞄電腦中的 MS Office、PDF 檔案與文字檔,試圖竊取其中的有價值資訊,並上傳到控制伺服器中。
而 Sonwydrive 則會在受害電腦中安裝一個後門,讓駭侵者可以透過 Windows 命令列來載入更多惡意軟體酬載、修改 Windows Registry,竊取檔案內容等。
雖然 USB 隨身碟攻擊的手法已十分老舊,但由於人員資安警覺低,仍有相當的成功率;建議各單位應針對電腦 USB 埠的存取權限提高防範能力,並且加強資安教育訓練,並避免使用任何形式的外部實體儲存裝置。
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.