IMCAFS

 Home

antan mobile security & china telecom cloud bank joint report "fishing in dark mobile bank"

Posted by punzalan at 2020-04-03
all

1、 Threat trends

In the information security chain, technology, management and other factors greatly threaten information security, and human factors are the weakest link. It is based on this point that more and more hackers turn to the use of human weakness, that is, social engineering methods to carry out network attacks. The use of social engineering means to break through the information security defense measures has shown a trend of rising or even flooding.

Phishing is not only a form of social engineering, but also the oldest and most common way of attack in information security threats. Phishing has a long history. Its main development can be summarized as follows:

Nowadays, with the prevalence of e-commerce shopping and mobile payment, phishing has also undergone new changes, not only the traditional website deception, but also the development of a new way of mobile platform phishing. Compared with the traditional fraud, the fishing methods of mobile platform are worse, and the economic losses are more serious.

As a part of mobile threats, mobile phishing attacks have become an important threat to mobile users. After more than three years of development and changes, mobile phishing attack technology and means are more mature. The most direct victims of mobile threats are ordinary individual users. Phone fraud, phishing messages and mobile viruses have become the main threats to the security of users' mobile phones. At present, the mobile threats against individual users are mainly spreading malicious code by means of phishing messages on pseudo base stations. Meanwhile, the crime of communication information fraud is still high, and the media has disclosed too many cases of death Dead or involved in a huge amount of telephone fraud.

In 2016, the attacks on the website system were frequent, and the security incidents of all kinds of information and data leakage were still emerging in an endless stream. The hand of black industry has been extended to the common people's life. The privacy and information of users have already become openly trafficked goods, and they are buying and selling on the black market. Personal privacy data is sold through the underground industry chain, and finally forms a variety of underground social workers' databases. Information and data leakage incidents are rising.

With the rapid growth and development of mobile Internet, mobile advertising, games and all kinds of With the rapid development of o2o platform, and the insufficient investment and attack of mobile Internet enterprises and regulatory authorities in dealing with business fraud of enterprises, the risks of mobile Internet enterprises in business fraud such as "brush list", "brush list", "brush traffic", "brush daily life" will further increase and expand.

It can be predicted that in the next few years, mobile network security is still not optimistic, and the proliferation and integration of privacy disclosure and mobile attacks will further deepen, resulting in widespread fraud, resulting in the proliferation and further deepening of the threat of network attacks.

2、 Threat analysis

Nowadays, "phishing" illegal activities are not limited to the network mode, but also combined with communication information fraud and other ways to carry out auxiliary attacks. For example, the rampant "spam messages" and "fraudulent phone calls". Some of the swindled messages urgently require users to pay for the virtual "goods" they have consumed, or to ask users to provide account numbers and passwords as familiar friends and relatives. Strictly speaking, they all belong to the category of "phishing". After a long-term development, phishing means are very many and quite complex. In summary, there are about eight types:

In the actual process of network attack, the above types of attacks do not exist independently, but are carried out by various means.

Generally speaking, we divide these eight attacks into two categories: traditional phishing, including phishing email, phishing website, communication information fraud, online shopping phishing; mobile phishing, including using SMS, malicious code, WiFi phishing and fishing for iPhone. Next, we will analyze these two kinds of attacks in detail.

2.1 update iteration of traditional phishing on mobile platform

The traditional phishing attacks have been widely popular in the PC era, mainly through email, phishing website to send false advertising and other ways to lure users to provide sensitive information such as ID number, phone number, online bank account, password, etc., in addition to communication information fraud, online shopping phishing, etc. With the advent of the mobile Internet era, traditional phishing has also changed in the new platform.

2.1.1 poor performance of phishing email

E-mail appeared in the 1970s. It has long been a powerful tool for fraudsters and black industry employees to infiltrate people's lives and work. It has caused serious security threats to individuals and even organizations. Generally speaking, phishing email can be divided into three categories: link phishing email, attachment phishing email and phishing email.

1. Link phishing mail

Link phishing email often lures users with fraudulent email embedded in phishing links, such as hackers sending a large number of fraudulent email, and lures users to fill in financial account and password in the email with prize winning, consultant, reconciliation and other contents.

2. Attachment phishing email

Attachment phishing email will induce the recipient to download the attachment with virus. The attachment types include HTML web file, EXE / SCR file, doc file, excel file, PDF file, etc. In a large number of disclosed apt attacks, attackers often use office and PDF documents containing exploit code as attack payload to carry out phishing attacks on the target.

3. Phishing

More than 40 years ago, at the beginning of the creation of e-mail, no security was considered in the design and protocol use, and no measures were taken to verify the authenticity of the user's identity. With a little processing, the sender can send e-mail to anyone disguised as any identity, so the e-mail is easy to be impersonated or counterfeited. Such e-mail is also a phishing attack with the highest difficulty in identification and tracking Mode of attack.

Today, on the one hand, e-mail is facing the loss of a large number of ordinary users due to its too old, backward technology and unsuitable user experience; on the other hand, with the popularity of social tools in the mobile era, e-mail has lost its natural soil for survival, so the traditional E-mail phishing in the overall performance of the mobile platform is declining.

2.1.2 phishing combined with pseudo base station becomes a serious disaster area

In the current Internet environment in China, the most common attack methods of traditional phishing websites are two: one is to fake the winning phishing website, which is characterized by taking winning as bait, cheating users to remit money or inducing users to fill in real identity information and account information; the other is to fake online banking, online securities websites, etc., to induce users to log in and enter account password And then steal funds through real online banking, online securities system, etc.

With the arrival of the mobile era and the continuous media coverage of malicious phishing attacks, the traditional phishing attacks are gradually familiar to Internet users. Simple information deception and similar website content deception have been difficult to successfully achieve phishing attacks. In this case, the attacker's use of phishing attacks has also evolved, the most obvious is the emergence of a large number of phishing sites adapted to the mobile interface. The following figure shows the mobile phishing website interfaces of China Construction Bank, China Merchants Bank and industrial and commercial bank, which are very similar to the regular bank websites in content and form.

In addition, phishing for mobile platform has also changed from the original simple information fraud, prize winning temptation and other single phishing fraud to the current popular form of fake base station communication phishing website hanging horse. This kind of phishing website uses pseudo base station to copy official SMS numbers such as 10086 and 95533 to spread the phishing website. Users often can't judge the authenticity of SMS, so they click to visit the phishing website, which is usually a highly imitated official website page, mainly used to induce users to download the fake client application.

In such attacks, bank websites have been a disaster area for phishing websites. In order to effectively fight against phishing sites, China Telecom Yundi and Antan laboratory have been monitoring the phishing sites of Internet for a long time. The figure below shows the change in the number of phishing sites in 2016.

Among them, top 10 of counterfeit applications in 2016 is shown in the following figure:

It can be seen from the figure that the most affected parts are the large banks and operators with high domestic popularity and wide range of users, as well as the phishing website content often spread by fake base stations.

2.1.3 communication information fraud continues to heat up

In 2016, communication and information fraud cases continued to be high incidence, such as Xu Yuyu's communication and information fraud case which shocked the society, Tsinghua teacher's fraud of 17.6 million and other cases, the amount of capital loss was huge, and even hurt people's lives. Therefore, the communication information fraud has aroused widespread concern from all walks of life.

Most of the communication and information fraud is widespread phishing, with a low probability of success. However, due to the large number of people, there are always people who are cheated. But when the attacker grasps the real information of the victim, such as name, position of the company, email, bank account and other important privacy information, it greatly improves the success rate of the phishing attack to a certain extent.

In terms of attack means, the "scenario building" type of fishing attack is relatively popular in recent years. For example, "come to my office tomorrow" or "pay me on this account"; or like the recent case of Xu Yuyu. The premise of this "scene construction" is to obtain certain factual information of the victim. Fine attack usually needs to prepare a specific attack script, but also needs a certain amount of luck. The most typical scenario is to falsely claim that the public security, procuratorate and court staff commit fraud.

With the rapid development of mobile Internet, the means of communication information fraud have changed accordingly. AVL team has disclosed a series of communication information fraud attacks combined with Android malicious code, which intimidates the victim to accept investigation due to suspected crime by displaying a forged electronic certificate issued by the Supreme People's Procuratorate on the victim's mobile phone, as shown in the figure below.

Victims with weak awareness of prevention may directly trust each other, but even if the victims have enough awareness of prevention, the fraudsters still have ways to force them to comply. They will hijack the alarm phone of the victim's mobile phone. When the victim dials 110 for confirmation, the other end of the phone is still a fraudster, which links each other, making the victim believe it is true, and finally fall into the trap of the attacker. The following is a screenshot of the relevant code snippet:

2.1.4 online shopping and phishing focus on privacy disclosure

According to the 38th statistical report on the development of China's Internet released by CNNIC, as of June 2016, the number of online shopping users in China has reached 448 million. Online shopping provides great convenience for fast-paced urban life, but while people enjoy this convenient life, they also face the risk of personal information disclosure and corresponding online shopping phishing attacks.

Early attackers often used false shopping information to defraud, usually by publishing false information on large-scale well-known shopping websites, and selling various products in the name of so-called "super low price", "duty-free", "smuggled goods", "charity sale" to lure victims into fraud trap. Because online transactions are mostly non local transactions, which require online remittance, the attacker generally requires the consumer to pay part of the money in advance, and then lures the consumer to pay the balance or other kinds of money for various reasons. If the attacker gets the money or is found out, it will disappear immediately.

With the maturity of online shopping, false information fraud has been difficult to effectively carry out attacks. Instead, it is a large number of online shopping fraud caused by privacy disclosure, such as the disclosure of the names and telephone addresses of users by express company employees; hacking into express company database, cracking the account passwords used by sellers and buyers, stealing a large number of user consumption transaction records, etc., which are important privacy letters of such users Xindu will be used by attackers to carry out online shopping and phishing attacks. The most common online shopping fraud cases usually occur within one or two days after the successful online shopping payment of consumers. Consumers will receive a call from the customer service of the online shop, saying that the order is invalid due to the upgrading of Taobao system, and they need to refund before purchasing, and can accurately say the name, receiving address, phone number and all order information of the consumer. Because the information stated by the fraudster is accurate, the consumer will not doubt it, and will open the forged refund link sent by the other party, and input the bank card number, password, mobile phone number, SMS verification code and other information according to the prompt, which will eventually lead to the theft of funds.

2.2 the number of mobile fishing continues to rise

Due to the particularity of the mobile platform, the phishing method of the mobile terminal also adds some new features compared with the traditional phishing. The most typical one is that the attacker sends phishing messages through the fake base station disguised as 10086, and the number of phishing on the mobile platform is also increasing.

2.2.1 SMS phishing outbreak of pseudo base station

The attack method of sending phishing information by SMS has a long history. In the past, mobile phone users only need to identify the sending number to prevent it easily. However, since the outbreak of pseudo base station attacks, attackers can use pseudo base station to disguise as any number, such as the SMS service number of any bank, to send notification messages. These numbers are extremely confusing and can not be distinguished by ordinary users, which brings great security threats to users.

At present, the popular pseudo base stations belong to the GSM protocol, because the number of domestic users who take GSM and other protocols as the main carrier is still large. Therefore, in the short term, the threat of using pseudo base station as the communication channel and fraud SMS as the carrier will continue to spread.

The following figure shows the type distribution of phishing messages from January to December 2016. It can be seen that the proportion of winning fraud phishing attacks is close to 30%, followed by malicious code, bank phishing, Macau gambling, wechat business Taobao, etc., and finally a small number of social worker fraud and Apple ID phishing.

The target of phishing SMS attack is clear, and the attack mode is fixed. In short, there are the following types:

2.2.2 phishing with malicious code is the main force

With the development of Android and IOS systems, attackers using malicious code to attack has become one of the main threats of mobile phishing.

2.2.2.1 short message interception Trojan for continuous fermentation

The threat of SMS blocking Trojan has been breaking out and fermenting since 2013. By 2015, the number of SMS intercepting Trojan threat events had a significant growth, and by 2016, they began to break out at a high speed. In the middle of the year, due to the strict control of G20 summit and other issues, they continued to break out at the end of 2016. As shown in the figure below:

In recent years, SMS interception of Trojan threat events has formed a very fixed attack mode.

SMS blocking Trojan attack mode:

About SMS interception of Trojan's underground industry, AVL team once disclosed in "continuous black production action for mobile banking and financial payment -- dark mobile" According to the bank tracking analysis report, the threat activity of SMS intercepting Trojan horse first appeared in May 2013, and it has carried out a sustained and effective large-scale threat and attack for nearly three years, involving nearly 100000 people, and formed an industrial system with clear division of labor. In the past three years of continuous attacks, the range of short message interception Trojan attacks is more than 100 million people, of which more than 1 million users are unfortunately infected and controlled. The overall scale of the underground industry chain should be close to 10 billion, and the impact of asset damage is close to 100 billion.

Specifically, the overall threat of blocking Trojans is as shown in the figure:

2.2.2.2 phishing has become the standard configuration of malicious code

In order to improve the success rate of fraud and phishing attacks, attackers use a large number of camouflage and phishing technologies, through phishing genuine mobile applications, and then intercept and capture user input data, and illegally invade the user's Internet account system.

The fake app developed by the attacker is mainly disguised as the bank names or icons of Agricultural Bank of China, China Construction Bank, China Merchants Bank, Bank of communications, industrial and Commercial Bank of China, and some of the Trojan programs are directly disguised as the application names of UnionPay security certificates or bank controls.

According to the application data of mobile threat intelligence platform, through searching the malicious application that imitates the "bank" program name, 1546 users have been infected since December. The top 10 names of counterfeit banking applications are as follows:

This kind of attack means are usually two ways: stealing bank account data by directly imitating application login interface and stealing bank account data by hijacking login interface.

Compared with the pure counterfeit banking application interface, the way of hijacking the login window is more purposeful. Hijacking log in window is to steal bank account data by attacking bank application. In the interface counterfeiting, html is often used for layout, which makes the attack more flexible and covert (the attack is applicable to the Android system version lower than 5.0).

2.2.2.3 it is difficult to prevent fraud by using loopholes

An attacker can also cause phishing fraud by exploiting malicious code of a system vulnerability.

For example, in 2012, researchers at North Carolina State University found a "SMS fraud" vulnerability in Android platform, which can allow applications to disguise SMS on Android platform. By using this vulnerability, the attacker can tamper with the content of SMS and commit fraud. The vulnerability has an impact on Android 4.1 and below. As the SMS fraud vulnerability belongs to Android system vulnerability, it affects almost all other three-party mobile phone manufacturers.

Compared with Android system vulnerabilities, a large number of vulnerable apps will also cause users to suffer from phishing attacks. For example, if the app does not take anti phishing and hijacking measures, the app will be used by the attacker. By hijacking the login interface of the app, the user's account and password will be obtained, leading to the disclosure of the user's account information.

IOS platforms also have such risks. Such as like as two peas, the attacker attacked the Apple ID on the iPhone 6 without escape, and the password of Apple ID was stolen. The malicious code could be used to fake the same login frame in other applications including the Store, and the user could hardly notice that the user would learn to enter the password of Apple ID, and eventually the account was stolen.

2.2.2.4 rise of mobile apt attack

With the intelligent and popularization of mobile terminal, mobile intelligent terminal will more carry the work and life of different people, more high-value information will be attached to mobile intelligent terminal, mobile platform has already become the key target of apt attack.

APT, i.e. advanced persistent threat, is generally a continuous attack launched by top hacker organizations between countries or international companies for specific purposes. Spear fishing attack is the primary attack vector of APT attackers. Spear phishing is mainly to send seemingly real emails to individuals or groups within the company. The appendix of e-mail often contains malicious code of privacy theft, and even contains the exploitation of 0day vulnerabilities such as office and PDF.

In March 2016, a number of security vendors disclosed an attack organization targeting Indian military or government personnel. In addition to the ability of targeted attacks on PC platforms, this organization launched attacks against mobile platforms, using Trojans including Android and blackberry platforms, and focused on collecting and stealing identity letters of the targets For the purpose of information and privacy data, the attack against mobile platform is launched by means of phishing website combined with social engineering and fake app hanging horse.

In August 2016, citizen lab released a mobile apt incident called Trident, which was reported as a targeted attack on human rights activists in the UAE. The tool was developed by the Israeli company NSO group and used by the government, using three iPhones 0day implements the implanting and lurking of attack weapons by visiting the webpage. It can effectively penetrate the security mechanism of IOS, reach the kernel, fully control the mobile phone, and steal all the privacy data on the device when the user is completely unaware. This is the most typical apt attack on the mobile platform, and the first publicly disclosed apt 0day attack on IOS in Apple's history. This attack is aimed at luring victims to visit a malicious site by sending SMS phishing.

2017 may be the first year of mobile apt, mobile apt will gradually turn from the past collaborative cyber attacks to independent pre attack and prelude. Based on the mobile arms dealers and the switch to commercial spy Trojans, mobile apt will continue to focus on monitoring and data stealing, and targeted attacks against high-value groups and special industries will begin to rise.

2.2.3 WiFi phishing impact expansion

In 2015, CCTV 3.15 evening party exposed how hackers use "phishing WiFi" to steal users' privacy data in public places, which eventually led to property loss. The shocking live demonstration made many people panic about the Internet security of public WiFi, and also made the attack of WiFi fishing widely known.

Many businesses, airports and so on usually provide customers with free WiFi access services, and consumers usually access them to save traffic. Free WiFi provides convenience for consumers, but it is a perfect attack scenario for attackers. The simplest attack scenario is to provide a free WiFi access point with the same name as the merchant to attract Internet users. Once connected to the WiFi hotspot set by the hacker, all the data packets that the user accesses the Internet will be forwarded by the hacker device, and these information will be intercepted and analyzed, and the communication data without encryption can be directly viewed.

In addition to using free WiFi for phishing, attackers can also crack home wireless routers, take over the control of the wireless router management background, and then carry out privacy monitoring on home WiFi, implant advertisements or malicious code, hijack the network to phishing websites and other attacks.

WiFi phishing belongs to man in the middle attack, mainly through hijacking the victim's traffic for malicious behavior. Specifically, there are the following:

2.2.4 iPhone fishing industry presentation

Apple user's Apple ID is the core account of Apple's full set of services, running through icloud, iTunes Store, app store and other services. Icloud is Apple's cloud service, which ensures the synchronization of documents, photos, contacts and other information on the user's Apple device in real time; provides an interface to share photos, calendars, geographical locations and so on with friends; and can also be used to retrieve the lost IOS device. Therefore, the phishing attacks on the iPhone are basically around the apple ID. There are several common iPhone fishing situations:

2.2.4.1 iPhone blackmail threat deepens

Extortion on mobile platform mainly includes malicious code extortion on Android platform and icloud phishing extortion on IOS platform. The extortion on Android platform is usually represented by malicious screen lock and encrypted disk file, while the extortion on IOS platform is based on Apple's icloud account.

Because of Apple's security mechanism, when the user's Apple ID is stolen, if the password of the stolen account is the same as the password of the email, then the victim's device can be locked easily. After being locked, the user can only contact Apple customer service and show the purchase certificate at the same time to unlock and restore it, otherwise, he can only pay the ransom obediently in exchange for the unlocking password of the device.

In addition to lock-in blackmail, there are also cases where Hollywood actress icloud is blackmailed due to the leakage of pornographic photos uploaded to icloud's account after being brutally cracked.

Taking icloud blackmail attack process as an example, its data flow and profit analysis are as follows:

The first is phishing developers, who make profits by providing phishing servers and server space to others.

The second is the phishing website users, who build their own phishing platform through the phishing website, obtain the Apple ID and password of the victim through the way that the victim sends the phishing link, and then sell the account and password to the blackmailer for profit.

The third category is extortionists. After obtaining the ID password of the victim from the phishing website or through the social workers' library, they log in to icloud official website to remotely lock the Apple device used by the victim, so that it cannot be used and extort profits;

The fourth category is the second-hand mobile phone buyer, who claims to be the second-hand mobile phone buyer. After acquiring the lost and stolen mobile phones, they can obtain the Apple ID account password by fishing and unlock the device for secondary sales.

2.2.4.2 gambling in Macao is rampant

Many iPhone users have received some inexplicable spam ads in calendar and photo sharing. Because IOS's sharing functions such as IMessage, calendar push and photo sharing can push information to users in a nearly cost free way on the premise that the other's icloud account is known, these are conventional functions and are all enabled by default. Therefore, the use of these sharing functions to promote the marketing of black products, the most typical of which is Macau gambling, such sites usually gain profits through gambling or itself is a phishing site for information theft or fraud.

For such rogue push information, users can take the following measures:

2.3 privacy disclosure as an important accomplice in phishing attacks

In 2016, the attacks against the website system occurred frequently, and the security incidents of various information and data leakage still emerge in an endless stream, and become more and more intense. The impact of personal information disclosure on social life also made the public have a deep understanding through the "Xu Yuyu" incident. Whether traditional PC or mobile platform, the large-scale privacy leakage has become an important accomplice and supporting link in the threat of phishing.

Due to the importance of user privacy information, a large number of underground industry practitioners make profits from it, and form a complete interest chain with clear division of labor and professional operation. Black industry chain not only completed the original accumulation of data, but also began to process and illegally use data through big data calculation.

Hackers illegally obtain users' privacy information, and then contact relevant training institutions or fraud gangs to resell the data to the downstream. There are also a large number of two traffickers in the middle to earn the difference. In the downstream teams, there are specially assigned persons responsible for the writing and training of fraud scripts, online money laundering through the third-party payment platform, offline ATM withdrawal, etc.

The following are the most common privacy disclosure scenarios in daily life, which should be prevented by individual users, relevant enterprises and government departments:

2.3.1 defenseless passive leakage

1. Malicious code

The main behavior of malicious code on mobile platform reflects the interest tendency of malicious code. The proliferation of SMS interception Trojans on Android platform directly leads to an obvious increase in the number of malicious code for privacy theft. Attackers steal important privacy information such as user bank accounts and passwords, and ultimately cause financial losses to users. Most of the attacks will sell and resell after obtaining bank user account information. Mobile apt attacks are targeted at high-value people and special industries for the purpose of monitoring and data stealing.

2. Purchase information

In recent years, all kinds of mobile phone harassment information annoy users, the most of which is the information of house selling, decoration and mortgage. Many new house owners should have this experience, just bought a phone that was "blasted", too disturbed.

The information of real estate owners is very popular with some investment companies, decoration companies and real estate agents, and there are many staff who can get access to the information of house purchase. It is impossible to prevent the leakage from every link such as developers, sales, banks, properties, intermediaries, housing authority, decoration companies, etc.

3. Educational institutions

Xu Yuyu's case is the most typical case of the privacy disclosure of educational institutions. The fraudsters not only know her phone number, but also know that she is going to university and that she has obtained the financial aid. It can be seen that the fraudsters have mastered the accurate information of the victims, and this "accuracy" is precisely due to the disclosure of personal information.

There are three main channels of personal information disclosure: first, the staff who have access to the data leak artificially; second, the hackers get the data; third, the third party who provides the service gets the data and divulges it.

Communication information fraud "fraud" out of the relevant departments and telecommunications operators regulatory loopholes, but also "fraud" out of personal information disclosure. To prevent communication information fraud, we need to eliminate the black chain behind it. On the one hand, we need to strengthen the supervision and accountability of communication information fraud, on the other hand, we need to rectify personal information disclosure and reselling.

4, online shopping

E-commerce platform has always been one of the disaster areas of data leakage.

In early 2014, Alipay was leaked by 20G user data. After investigation, the leak is "internal crime": Alipay former technical staff Lee, using his post, repeatedly downloaded user information in the company's backstage. The 20g data, including the user's real name, mobile phone, e-mail address, home address, consumption record, etc., are quite accurate.

In 2015, JD was exposed to a large number of users' privacy information disclosure, and many users were cheated of varying amounts of money, with a total loss of millions. It wasn't until a year later that Jingdong released its findings, saying it was because of the presence of "insiders.". The so-called "internal ghost" is three logistics personnel. Through the logistics process, they have mastered the user's name, phone number, address, when to place an order, the goods purchased and other information. The total data has reached 9313.

Not long ago, data packets suspected of Jingdong 12g began to circulate in the black market, including user name, password, email, QQ number, phone number, ID card and other dimensions, with tens of millions of pieces of data.

5. Other three party websites app

In February 2015, foreign media disclosed that the personal information of 50 thousand Uber drivers was obtained by unknown third parties, including social security code, driver photo, vehicle registration number and other information; in April, 52 million 794 thousand pieces of information related to social security system were leaked in 19 provinces, including personal ID card, social security information, finance, salary, housing and other sensitive information; 9 In June, some Alipay users found that the account was landed in different places, which was caused by a collision. Although Alipay had protection for funds, it still caused users distress. In October, the leakage of NetEase's mailbox resulted in a large number of iPhone users being threatened by remote locking blackmail.

Data leakage is often difficult to confirm whether it is "internal ghost" or "hacker stealing". Whether it is internal ghost or hacker attack, it is all driven by interests. In the end, these leaked data, in various ways, become a tool for illegal elements to profit.

For e-commerce or other three-party platforms, it is a heavy task to strengthen internal management, detect and repair system vulnerabilities, prevent hacker attacks, stop losses in time and remind users to modify account passwords to avoid users being injured again and protect users' privacy information.

2.3.2 active disclosure in social process

Many users of "heavy social networking sites" often like to post various photos in microblog, friends circle, etc., which will also expose various privacy information, interpersonal relationships, time and place, etc.

In the American drama "suspect tracking", there is a system called "machine", which collects and sorts out information from social networking sites, personal identity information from government departments, surveillance videos from public and private video cameras all over the country, and phone information to find suspects of terrorist attacks, and catch and crack them before their actions. Social network is one of the important sources of information.

For now, though, machine is a science fiction device. But the technology it involves can be realized, such as artificial intelligence technology, large-scale data processing, image recognition technology and so on.

You are being watched, in this era of no privacy, it is also a kind of self-protection to minimize the leakage of personal privacy.

3、 Response suggestions

In recent years, with the increasingly complex means of fishing attacks and the continuous high incidence of incidents, enterprises and many deceived people have suffered huge losses, seriously affecting the people's sense of property security.

From the establishment of joint ministerial meetings attended by 23 departments and units, to the improvement of the mechanism of investigation of crimes involving communication and information fraud; from the deepening of cross-border cross regional police cooperation, to the establishment of the mechanism of telephone notification blocking and fast stop payment of funds being fished. It can be said that anti phishing and anti fraud has become one of the key work of governments and enterprises at all levels in the field of security. As a R & D and service provider of anti phishing technology, China Telecom cloud bank and Antian mobile security put forward the following suggestions for national regulators, operators, banks and public users in response to phishing risks:

3.1 regulatory bodies

The state and industry "anti phishing, anti fraud" regulatory agency department takes the lead in organizing the interactive docking and information sharing mechanism between relevant units and "China Anti phishing website alliance". Realize the complementary advantages of official "fishing" and unofficial "fishing" to achieve quick and timely results.

We will focus on rectifying phishing websites and malicious programs (APPs) used to illegally collect bank card information. For Internet websites that refuse to rectify or have serious violations, we will revoke the relevant telecommunications business license or cancel the website filing according to law.

Strengthen the cooperation and linkage between operators, financial institutions and other industries, enterprises and public security organs, adhere to the trinity of technical means, standardized management and anti fraud Publicity under the unified command of the industry regulatory authorities, take multiple measures simultaneously, continue to carry out in-depth prevention and fight against communication information fraud, and make contributions to safeguarding the legitimate rights and interests of customers.

We will improve Internet laws and regulations to crack down on Phishing crimes, vigorously publicize laws and regulations related to the Internet, cultivate the legal concept of public users, raise awareness of prevention, and not facilitate the establishment of phishing websites.

3.2 operators

We will further implement measures such as the real name system, strict management of special service numbers, and early warning of network exceptions. At the same time, accelerate the upgrading of mobile communication base station, accelerate the popularization of 4G network, and completely avoid the interference of 2G pseudo base station on the user communication channel.

Strengthen the monitoring and blocking of threat parasitic channels from the network level, establish and improve malicious code monitoring and blocking, cut off the access of phishing websites in time at the DNS entrance and network side through domain name screening, network data analysis and other technical means, and provide timely warning to public users about communication information fraud, reduce the success rate of phishing, and effectively crack down on Phishing For.

Through in-depth network data analysis and mining, it provides useful input for financial enterprises to implement accurate risk control.

3.3 bank financial institutions

Identify suspicious accounts, shut down a number of websites and network accounts that publish bank card information and illegal trading transactions according to law, and clean up harmful information of illegal trading bank card information on the Internet.

Strengthen the security of online payment authentication, develop new authentication methods, and avoid the loss of user assets due to the disclosure of mobile SMS dynamic password by malicious code.

Identify fraud in time, and set up anti fraud threshold for customer's capital security. When different local bank accounts make intensive remittance to the same bank account within a short period of time, a prompt warning box will pop up in time to remind customers to prevent fraud or even stop the transfer remittance, and guide customers to inquire and verify with relevant departments.

Strengthen the publicity and education on the safe use of bank cards by the public, and realize the normalization and sustainability of the publicity and education on the risk of bank cards.

3.4 consumers

At present, in the face of the invasion of social engineering such as fishing, the defense means and awareness of the public users as consumers are relatively single and weak. In order to avoid being the victim of phishing fraud, we must strengthen the awareness of security and improve the level of security technology. First, we should improve the awareness of security

After being cheated by a phishing website, you should call the police at the first time. Any means of attack will leave clues and report the case early, which is the best way to protect your rights and interests.

Improve security awareness, develop good security habits, and establish a secure password management system to avoid large-scale capital losses caused by short board mobile threats.

Improve the attention and sensitivity to mobile security events, emergency response to events related to individuals, and stop loss afterwards.

In addition, in terms of preventive measures, the public users should focus on several aspects:

1. Spam prevention:

2. Prevention of WiFi fishing:

3. Install anti-virus system and network firewall system:

4. Patch the operating system and application system in time to prevent hackers from using vulnerabilities to invade computers and reduce potential threats.

5. Improve the vigilance and safety technology from the subjective consciousness:

Reference URL

About China Telecom cloud bank

"Yundi" is a network security product service brand launched by China Telecom Group. The network security product operation center of China Telecom is responsible for brand operation and product research and development. Established in January 2015, China telecom network security product operation center is an innovative organization under China Telecom Group to develop and operate network security products and services based on the network capabilities of operators. At present, "Yundi" governs: Yundi - anti-D, Yundi - domain name worry free, Yundi - anti fishing, Yundi - website security experts and other security service products.

Since 2015, "Yundi" has won authoritative technical awards and awards in various industries, and has provided a series of security services for major events such as the G20 Hangzhou summit and the world Internet Conference. At present, "Yundi" has provided comprehensive and high-quality network security services for more than 2000 domestic and foreign important government and enterprise customers.

About the security of Antan Mobile

Founded in 2010, Antian mobile security company is an enterprise of Antian laboratory that focuses on the research and development of mobile internet security technology and security products, aiming to provide professional security protection capabilities and solutions for global mobile terminal users and manufacturers.

The core product system of Antian mobile security company is AVL inside mobile anti-virus engine and AVL insight mobile Threat Intelligence Platform. AVL inside has won the "best protection for mobile devices" award issued by av-test, an international authoritative evaluation agency, with the highest average detection rate of the year, and achieved a breakthrough in the world's top security evaluation field in which Chinese security manufacturers won no major awards. AVL insight is the first mobile Threat Intelligence big data platform in China, which is mainly used to present high-value information of mobile threats. Through the comprehensive perception ability and rapid analysis and response ability of mobile threats, AVL Insight provides early warning and disposal strategies against mobile threats.

Antian Mobile Security Co., Ltd. cooperates with the national Internet Emergency Center and Tel terminal laboratory to provide technical support for the national regulatory authorities; cooperates with more than 50 well-known manufacturers at home and abroad, such as oppo, vivo, Xiaomi MIUI, Jinli, Alibaba yunos, Bubugao, Nubia, LETV, cheetah, LBE, Android cleanup master, AMC, etc., to protect 600 million end users in the world.

Please indicate the source of Reprint: http://blog.avlsec.com/? P = 4445

For more technical articles, please pay attention to AVL team's official wechat

© 2023