In 2017, the cybersecurity industry says no to black production!

[51CTO.com original article] In Keigo Higashino's book "White Night Walk", the heroine Yukiho said the most classic line: There is no sun in my sky, it is always dark. In real life, there is also such a group of people who use illegal means such as Trojans and viruses to steal massive amounts of personal privacy information, extort and defraud, and make amazing wealth through these dirty activities. People call it the "black industry chain" (hereinafter referred to as "black industry").

Don't underestimate the black industry. Currently, there are hundreds of thousands of black industry practitioners in China, with annual profits of hundreds of billions of yuan. The reporter learned that from making Trojan viruses to spreading Trojans, from supplying target websites to stealing core data, from reselling data to money laundering, each link of the black industry chain has a clear division of labor, and each member performs his or her duties, with the ultimate goal of gaining profits.

It is regrettable that compared with the well-organized black industry, the attacked are often weak and unable to contend. Whether they are e-government customers, financial industry customers, gaming industry customers, corporate customers, or even entrepreneurs, they are either unaware of the theft of their information, or they are "robbed openly" and are looking for safe ways everywhere, fearing that they will be attacked again. For example, for customers who have been attacked by ransomware, faced with a screen full of garbled characters, most users choose to pay the ransom in exchange for the restoration of their data.

So, facing the growing black industry, are we really helpless? No. In 2017, this war between "black and white" will see a new turn. The reporter learned that every link, from policy guidance, security vendors' protection measures, to corporate responses, is accumulating strength. Although the future is bright and tortuous, it is not far away.

[[188961]]

Policy: Umbrella and Thunderstrike

The slogan "No buying, no killing" in TV commercials can actually be applied to the current situation of the black industry. It is precisely because of the pursuit of profit that the network black industry has grown so rampant. Experts suggest that we should proceed from three aspects, both to provide a protective umbrella for the attacked customers and to strike a thunderous blow to the illegal gains of the black industry:

First of all, we should strictly trace illegal data resale from the sales channel end, and plan the safe storage and circulation rules of data in the long term, protect the privacy of citizens' information, and properly handle data security.

Wu Hequan, an academician of the Chinese Academy of Engineering, said that security is the shortcoming of my country's big data industry, which faces dual risks of technology and management. The public sale of residents' personal privacy reflects these two risks, and we should trace the illegal data reselling cases from the source and crack down on "black industries".

Secondly, we need to strengthen data authority management at the source. We need to strengthen management requirements for fields involving data information in various industries. For fields with frequent data leakage, such as schools, government agencies, express delivery companies, and e-commerce, where there are a large number of "insiders", we can require the establishment of a data management mechanism to centrally manage system authority and data acquisition records, and add an early warning mechanism.

The legal basis for data management should be consolidated again. Some experts said that the new Cybersecurity Law will come into effect on June 1, 2017, and the protection measures for information leakage and personal data will be more specific, and illegal theft of data will be severely cracked down from the perspective of laws and regulations.

Finally, experts also suggested that specialized regulatory departments should be clearly defined to fully manage and utilize data strategic resources from key aspects such as data ownership, personal data privacy protection, and government data disclosure.

Fighting against illegal production requires joint efforts from upstream and downstream industries

As experts have pointed out, it is far from enough to crack down on black industries in individual cases. Security companies, Internet companies, and government departments need to work together as a whole, and cracking down on black industries must also be "industrialized." Since black industries rely on the joint cooperation of the industrial chain, the way to fight back will also be to unite the upstream and downstream to be more powerful.

In April 2016, General Secretary Xi Jinping pointed out at a symposium on cybersecurity and informatization: "Maintaining cybersecurity is the common responsibility of the whole society. It requires the joint participation of the government, enterprises, social organizations, and the majority of netizens to jointly build a cybersecurity defense line."

During the interview, the reporter found that whether it is from the guidance of national policies or security companies, Internet companies, and relevant government departments, a consensus has been reached on "forming a joint force."

Take Baidu Security as an example. Since 2016, Baidu Security has called for the creation of a security ecosystem with data-driven security as the core, forming an intelligent, three-dimensional defense system, and calling for real-time inspection and defense of black industries. The reporter learned that Baidu Security actively cooperates with upstream and downstream security vendors, and at the same time packages its own security capabilities to form industry-wide security solutions, which are exported to industries such as finance, e-commerce, and games. Baidu Security has even established cooperation with more than 200 public security departments across the country, using technical means such as base station detection and positioning to effectively help public security organs combat online black industries, jointly cracking hundreds of telecommunications frauds, and building a network defense line for users.

The reporter believes that there is already a lot of cooperation within the industry, but the depth of cooperation is still not enough, the degree of information sharing is not deep enough, the degree of openness to cooperation is not deep enough, and there is still a lot of room for improvement in the linkage with the Ministry of Industry and Information Technology, the Ministry of Public Security, terminal manufacturers, and operators. There is still a long way to go in building a security ecosystem for the entire society in the future.

How can enterprises “get out of the trap” of black industry routines?

Faced with the ubiquitous attacks of the black industry, the attacked industry customers and corporate customers suffered heavy losses. The "Baidu Security White Paper on Fighting Cyber ​​Attacks" shows that in the first half of 2016 alone, DDoS attacks caused 61% of companies to be unable to access their key business information, 38% of companies to be unable to access key businesses, and 33% of victims suffered losses in commercial contracts. It can be said that the attacks of the cyber black industry on corporate users have caused greater harm to society, both in terms of scale and economic losses.

In fact, even government websites are not immune. Due to a lack of awareness, some government websites are often hacked by crawlers. In the mildest cases, articles and pictures are maliciously tampered with, while in the worst cases, the website is directly shut down and data is stolen. For public sector websites with a large amount of user information, the consequences of being attacked are even more serious, such as the massive user data leakage of 12306.

In fact, if we peel off the layers, we can see that the hackers rely on automated programs to carry out such frequent attacks. Automated programs generate thousands of legitimate connections to attack the weaknesses of website applications. Since this attack looks completely legitimate, the only difference is that the connection is generated by automated programs instead of manual operations, making it completely impossible to identify traditional signature and rule library scanning, because these attacks look like normal user connections. Even if the website has WAF protection, it will be completely ineffective when it is attacked by this kind of attack.

During the interview, the reporter found that fortunately, the phenomenon of the relative lag of traditional security protection means is being alleviated. Take Ruishu Information as an example. Ruishu Information's "dynamic security" technology can very well solve the problem of automated program attacks: dynamic security technology randomly changes the original code of the web page, making it impossible for hackers to find the entrance and loopholes to invade the web page, and naturally unable to use the automatic attack program to launch an attack on the target, and finally completely invalidates the automated attack behavior that simulates legal operations, which can block more than 99% of illegal behaviors.

The reporter believes that although the problem of black industry is very serious, from another perspective, it is not necessarily a bad thing. It will urge the upstream and downstream of the network security industry to no longer stick to their own "snow in front of the door", but to open up the possibility of cooperation and progress between enterprises in a broader field, and promote the improvement of security capabilities in various industries, thereby building a consensus on network security, building a network security system, and fundamentally shaking the foundation of the black industry.

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]