04 英国智库:恶意软件攻击数量疯狂增长
由皇家联合军种研究院会同BAE系统公司网络专家进行的研究警告,英国遭受“双重勒索”攻击的数量位居世界第二,仅次于美国。
全文共682个词, By Helen Warrell in London
The UK government has been urged to stop criminals from carrying out malicious software attacks with “impunity”, after research revealed that hacks using a new and aggressive form of ransomware increased 200 per cent last year.
一份报告敦促英国政府阻止犯罪分子“不受惩罚”地进行恶意软件攻击。研究表明,使用一类逼人太甚的新型勒索软件进行的黑客攻击去年增加了200%。
The study by the Royal United Services Institute think-tank and cyber specialists at BAE Systems warned that ransomware use is “spiralling out of control”, with Britain suffering the second-highest number of “double extortion” attacks after the US.
这项研究由智库皇家联合军种研究院(RUSI)会同BAE系统公司(BAE Systems)的网络专家进行。研究报告警告称,勒索软件的使用正在“失控”,英国遭受“双重勒索”攻击的数量位居第二,仅次于美国。
All types of ransomware hack — in which cyber criminals encrypt data systems and demand a fee to unfreeze them — have boomed during the coronavirus pandemic, as remote working has eroded cyber defences.
随着远程工作削弱网络防御,所有类型的勒索软件攻击(网络罪犯对数据系统进行加密,要求付钱才给予解锁)在新冠疫情期间甚嚣尘上。
The report focused on the increasing problem of double extortion attacks, where hackers not only block access to an organisation’s systems but also threaten to release intellectual property or other sensitive information unless a ransom is paid.
上述报告聚焦于日益严重的双重勒索攻击问题,即黑客不仅阻止对一家组织的系统的访问,还威胁要泄露知识产权或其他敏感信息——除非支付赎金。
Travelex, the currency exchange business, was a high-profile victim of this type of attack in December 2019, when hackers demanded a ransom to prevent the publication of sensitive customer data including credit card details. The resulting disruption, combined with the effect of coronavirus, knocked £25m off Travelex’s profits.
外汇兑换企业通济隆(Travelex)在2019年12月成为此类攻击的一个知名受害者。当时黑客要求赎金,否则就会发布敏感的客户数据,包括信用卡资料。由此造成的扰乱,加上新冠疫情的影响,使该公司的利润缩水2500万英镑。
Lindy Cameron, chief executive of Britain’s National Cyber Security Centre, a branch of GCHQ, warned in her first public speech last week that ransomware was a “serious and growing threat” in scale and severity.
英国信号情报机构——政府通信总部(GCHQ)下属的国家网络安全中心(National Cyber Security Centre)的行政总裁林迪·卡梅伦(Lindy Cameron)上周在她的首次公开演讲中警告称,勒索软件无论在规模还是严重性上都是“严重且愈演愈烈的威胁”。
The risk is not just the theft of money or data from individual businesses, but also the loss of “key services”, Cameron said.
卡梅伦表示,风险不仅在于企业的金钱或数据被盗,还在于“关键服务”被断送。
While ransomware is primarily a criminal problem, the potential damage to economic prosperity and critical infrastructure has spurred concerns that it could also have national security implications.
尽管勒索软件主要是一个刑事犯罪问题,但经济繁荣和关键基础设施可能遭受的破坏令人担忧这类恶意软件还具有国家安全方面的潜在影响。
The Rusi and BAE report, seen by the Financial Times, said “unprecedented” damage was caused by double extortion attacks in 2020, with a 200 per cent increase in new victims posting on ransomware blogs between June and October last year.
由皇家联合军种研究院和BAE公司联合编写的上述报告——英国《金融时报》看到了该报告——称,双重勒索攻击在2020年造成“前所未有的”损害,去年6月至10月间,在勒索软件博客上发帖的新受害者增加200%。
There were 1,200 attacks by operators of 16 different ransomware strains in 2020 using the double extortion technique, with victims from 63 countries, the researchers found.
研究人员发现,2020年,采用双重勒索手段的16种勒索软件的操作者共进行了1200次攻击,受害者分布于63个国家。
The median victim size by revenue was approximately £30m, but more than 100 victim organisations named on ransomware blogs had annual revenues in excess of £723m. The majority of criminal groups involved in these attacks are thought to be operating from Russia.
受害者的营收中值大约在3000万英镑,但在勒索软件博客上公开名称的100多家受害组织的年营收超过7.23亿英镑。参与这些攻击的大多数犯罪集团据信在俄罗斯活动。
James Sullivan, head of cyber research at Rusi and a co-author of the report, urged ministers to take the issue seriously. “We’re arguing that the current model to tackle ransomware is ineffective, and it's up to policymakers now to get a grip,” he said.
皇家联合军种研究院网络研究主管、上述研究报告的合著者詹姆斯·沙利文(James Sullivan)敦促部长级官员们认真对待这一问题。“我们提出的主张是,对付勒索软件的现有模式是无效的,现在要由政策制定者来处理这个问题,”他表示。
As well as increasing cyber defences, Sullivan recommended that the government should consider legislation to ban ransom payments, offering victims more help in recovering their data without having to pay or pursuing organisations that help criminals to launder the proceeds of crime.
除了提高网络防御能力外,沙利文建议政府考虑立法禁止支付赎金;为受害者提供更多帮助,让他们无需付钱就能恢复数据;以及追究那些帮助犯罪分子洗钱的组织的责任。
Hackers are increasingly setting their ransom demands according to the victim’s revenue, in some cases seeking millions of pounds, the study found.
研究发现,黑客越来越多地根据受害者的营收来设定其赎金要求,在某些情况下要求数百万英镑。
Robert Hannigan, a former director of GCHQ and European chair of the cyber security company BlueVoyant said the government could work more closely with insurers — who may fund payments to ransomware operators under cyber cover policies — to establish boundaries on payments so that ceding to criminals’ financial demands is no longer an “easy choice”.
GCHQ前主任、网络安全公司BlueVoyant的欧洲区董事长罗伯特·汉尼根(Robert Hannigan)表示,政府可以与保险公司(它们可以根据网络安全保单,出资向勒索软件操作者支付赎金)更紧密地合作,划定付赎金的界限,使得屈从于犯罪分子的财务要求不再是一个“轻易的选择”。
US policymakers are also grappling with the issue. Chris Krebs, former head of the US Cybersecurity and Infrastructure Security Agency, suggested earlier this year that America’s Cyber Command could assist with deterrence by “doxing” ransomware gangs — publishing their private details.
美国的政策制定者也在应对这一问题。美国网络安全和基础设施安全局(CISA)前局长克里斯·克雷布斯(Chris Krebs)今年早些时候曾建议,美国网络司令部(US Cyber Command)可以协助进行威慑,比如对勒索软件团伙进行“人肉搜索”,发布他们的私人详细信息。
Trey Herr, director of the Cyber Statecraft Initiative at the Washington-based Atlantic Council, said he would like to see the US and UK investigate and prosecute the top 20 most prolific ransomware developers, rather than expending resources on the numerous criminal groups operating their tools.
华盛顿大西洋理事会(Atlantic Council)的网络治理倡议(Cyber Statecraft Initiative)的负责人特雷·赫尔(Trey Herr)表示,他希望美国和英国能够调查20个最高产的勒索软件开发者,并对其提起公诉,而不是消耗资源对付使用其工具的众多犯罪团伙。
“Ransomware continues to be highly commoditised — think of it like fast-food franchises where individual criminals can pay to rent and use different kinds of ‘brand name’ ransomware,” he said. “I’m far less interested in the individual operators...I want to get to their suppliers.”
“勒索软件仍然高度商品化,不妨把它们看成快餐连锁店,个别犯罪分子可以付费租用不同种类的‘品牌’勒索软件,”他表示。“我对个别操作者没什么兴趣……我想去打击他们的供应商。”