每周更新 502Weekly Update 502
文章揭示了 ShinyHunters 黑客组织以极小团队规模和有限经验,持续攻破大型品牌数据库的现象。作者指出,这种成功并非仅靠高超技术,而是利用了系统漏洞、社会工程及供应链弱点。案例显示,即使是资源匮乏的黑客也能通过组合攻击手段获取巨额数据资产,凸显企业安全防护的普遍脆弱性。
Troy Hunt
It's a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will be teenagers to their early 20s), consistently gaining access to the data of massive brands. Not through technical ingenuity alone (although I'm sure there's a portion of that), but primarily through good ol' social engineering. That's coming through in the disclosure notices from the impacted companies, and Mandiant has a good write-up of it too:
These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harvesting sites to gain initial access to corporate environments by obtaining single sign-on (SSO) credentials and multi-factor authentication (MFA) codes
Question now is how long their run will go for. There's a very predictable ending if things keep going in this direction but right now, they show little sign of abating.
需要完整排版与评论请前往来源站点阅读。