According to the Measures for Monitoring and Disposal of Public Internet Cyber ​​Security Threats (hereinafter referred to as the “Measuresâ€), the Ministry of Industry and Information Technology organizes provincial communications administrations, basic telecommunications companies, and network security professionals in accordance with the principles of timely discovery, scientific identification, and effective disposal. Institutions, key Internet companies, and network security companies conduct network security threat monitoring and disposal. The analysis of the work in the first quarter of 2018 is summarized as follows:
First, the network security threat situation
In the first quarter, a total of 45.41 million cybersecurity threats were monitored, of which about 2.16 million were collected by telecommunications authorities, 11.68 million were monitored by basic telecommunications companies, and about 60,000 were monitored by network security professional organizations. Key Internet companies and network security enterprises monitored About 31.51 million. The cybersecurity threat situation presents the following four characteristics:
(1) The underlying hardware vulnerabilities have a wide range of coverage and are difficult to repair. On January 3, Intel processor chips were exposed to two security vulnerabilities, "Meltdown" and "Spectre", which are the acceleration mechanisms designed by the processor chip to improve performance - "predictive execution" (SpeculaTIve ExecuTIon) and "Indirect Branch PredicTIon" introduce problems that can be exploited by attackers to read user sensitive data. Almost all high-speed processor chips that use the above-mentioned acceleration mechanism may be affected by this vulnerability, and devices such as servers, personal computers, and mobile terminals that use related processor chips may also be affected. At the same time, when the vulnerability is fixed, there is a problem that the patch is incompatible with the system, resulting in system performance degradation or system stability.
(2) The shared mobile application is suspected of jeopardizing user information. In the first quarter, some mobile applications were found to have unclearly collected user information and failed to fulfill security protection obligations, which endangered user information security and caused widespread concern in society. Among them, the mobile application "WiFi Master Key" and "WiFi Key" have the function of providing users with free use of other people's WiFi network, and the cumulative number of downloads is as high as 1.9 billion times, allegedly invading other people's WiFi network and stealing personal information of users. The Network Security Administration of the Ministry of Industry and Information Technology organized a network security professional organization to analyze that the two mobile applications have the function of sharing information such as the password of the WiFi network that the user has logged in, and the user may share information that is not owned by the user.
(3) The number of vulnerabilities in industrial control systems and equipment connected to the Internet has increased significantly. In the first quarter, the number of industrial control systems and equipment identifiable on the Internet in China totaled 2,772, which was basically the same as the previous quarter, but 112 new industrial security vulnerabilities, an increase of about 50% compared with the previous quarter, involving 125. Industrial related products, including Siemens, Schneider Electric and other industrial control system products widely used in China.
(4) The hacker organization tampering with the webpage still occurs. In the first quarter, there were 30 incidents in which hackers organized tampering with web pages and posted reactionary slogans, including 19 tampering incidents on corporate websites, 9 tampering incidents on public institutions, and 2 tampering incidents on government websites. Compared with the first quarter of 2017, the overall number is equal. The number of incidents of tampering on the website of enterprises and institutions has increased by about 155.6%, and the number of incidents of tampering on government websites has decreased by about 80%.
Second, the main work carried out
(1) Successfully completed the 2018 national "two sessions" network security support tasks. Organize the deployment of Beijing Municipal Communications Administration, basic telecommunications enterprises, network security professional organizations, key Internet companies and domain name institutions to provide network security for the key guarantees of the "two sessions", and implement measures such as link expansion and link reinforcement. Renovate about 30,000 Memcached servers that are easily used for DDoS attacks, take measures such as traffic rate limit, and protect key protected objects from such DDoS attacks; carry out network security threat management, timely discover and effectively handle Trojan botnets and objects Network security threats such as networked device vulnerabilities have effectively ensured network security during the "two sessions."
(2) Improve the mechanism for monitoring and handling network security threats. Guide and urge all relevant units to clarify responsible departments, responsible persons and contacts, and establish relevant work contact mechanisms, use communication groups to achieve flat command, and achieve timely discovery, identification and disposal. Hebei, Jilin, Qinghai, Tianjin and other provinces (municipalities) Communications Administration have formulated the "Measures" implementation rules to regulate the network security monitoring and disposal work in their respective administrative regions.
(3) Promoting the construction of a network security threat information sharing platform. Organize the construction of the network security threat sharing platform of the Ministry of Industry and Information Technology, basically complete the function development, and have the functions of threat information filing, threat entrustment identification, identification result and disposal suggestion feedback, disposition notification sending, and disposal result tracking, etc., to realize user roles and permissions. Management, reserve development interfaces such as automated reporting, query, and release of threat information.
(4) Effectively dispose of public Internet network security threats. Organize provincial communication management departments to increase the security of network security threats. Organized the Communications Administration of Guangdong, Guizhou, Hubei, Henan, Sichuan and other places to deal with 9 threats involving government websites; instructed the Beijing Communications Administration to carry out threats of networked video surveillance equipment in Beijing, and disposed 2344 weak password vulnerability threats; Fujian, Hubei, Jilin, Jiangsu, Zhejiang and other places in the five provinces handled 17 weak video passwords for networked video surveillance equipment; organized the Shanghai and Fujian Communications Administration to investigate the "WiFi Master Key" and "WiFi Key" respectively. Handling; Organizing the Zhejiang Communications Administration to conduct an interview and supervision on the behavior of “tax inspectors†without explicitly collecting and using user information. In the first quarter, the industry handled a total of 5.13 million network security threats. Among them, the provincial communications administrations handled a total of about 550,000 network security threats. The basic telecommunications companies handled a total of about 4.45 million network security threats. A total of about 20,000 network security threats have been disposed of, and the key Internet companies have dealt a total of about 110,000 network security threats.
Third, the next step of work
(1) Do a good job in network security for the Shanghai Summit. In accordance with the overall deployment of relevant work, formulate a work plan for the issuance and distribution, organize Shandong Province, Beijing Municipal Communications Administration, various basic telecommunications enterprises, network security professional organizations, key Internet enterprises and network security enterprises to strengthen network infrastructure and important data security protection. Strengthen monitoring, early warning and emergency response, and make full efforts to ensure the network security of the Shanghai Summit.
(2) Carry out the special governance of the Struts2 series of vulnerabilities. In order to timely discover and eliminate network security threats and hidden dangers such as Struts2 series vulnerabilities, reduce the possibility of network security incidents such as web page tampering, organize communication bureaus, basic telecommunications companies and other units to carry out special management of related network security threats.
(3) Promoting the construction of a network security related support platform. To guide China Information and Communication Research Institute, coordinate basic telecommunications enterprises, network security professional organizations, key Internet enterprises and network security enterprises to promote the construction of network security threat sharing platforms and network security emergencies emergency command platforms, and provide powerful support for related network security work. Support.
Frame For Iphone X,Metal Frame For Iphone X,Frame With Glue,Original Metal Frame For Iphone X
Shenzhen Xiangying touch photoelectric co., ltd. , https://www.starstp.com