Chinese firms join cyber security forum in U.S.
From： Date：2017-02-14 Author：
(Photo: Courtesy of Qihoo 360)
Taking place February 13 – February 17, RSA Conference 2017 brings together the top information security professionals and business leaders to discuss emerging cybersecurity trends and formulate best strategies for tackling current and future threats.
(Provided by Qihoo 360)
During the RSA Conference, 360 Enterprise Security Group will hold in-depth discussions with a number of well-known vulnerability response platforms to jointly build the world’s white hat collaboration mechanism, and cooperate in such aspects as vulnerability response, security testing and others to cope with the worldwide cyber attacks and the increasingly rampant global data breach and data trafficking.
(Provided by Qihoo 360)
Cyber attacks and other crimes show clear global features
The “2015 Network Security Report” issued by the National Computer Network Emergency Response Technical Team/Coordination Center of China (known as CNCERT or CNCERT/CC) shows that Anonymous and other overseas hack organizations continued to attack sites in China, and in 2015 among IP addresses that implemented backdoor attacks to sites in China, 31,348 were located outside of China, mainly from the United States (13.9%), Hong Kong (6.5%) and South Korea (6.0%) and other countries and regions.
According to the latest “2016 China Website Security Vulnerability Analysis Report” by 360 Internet Security Center, cyberattacks that we are facing are characterized of obvious globalization features. As of November 15, 2016, 360 Internet Security blocked 1.71 billion various website vulnerability attacks, and in the full year, the number of websites that suffered vulnerability attacks reached 636,000 (deduplicated). Among them, the overseas attackers accounted for 23.4%, and victims with IPs from outside of China accounted for 33.1%.
360 Enterprise Security Group President Wu Yunkun said cyber attacks from different countries are technically both interlinked and diversified. The resulting cybercriminal industry chain has also become borderless. For example, it has become common for cybercriminal gangs from China to set up phishing websites in Europe and the United States and then return to China for fraud through strict teamwork.
Global data breach and data trafficking are rampant
From illegal drugs to weapons, all kinds of network databases are almost all available in the dark web market.
In a recent list exposed, a well-known dark web provider called “DoubleFlag” was selling user data stolen from a number of Chinese Internet companies, and the amount of data was up to 1 billion, mainly from Tencent, Netease, Sina and other local Internet companies. In the same list, DoubleFlag also provided user data stolen from other countries such as Japan, of which the account leaked from the three Yahoo domain names alone totaled 23.59 million.
Data sales trends in the dark web market began to emerge from 2016, and some data providers provided data from a number of key companies, including Twitter, LinkedIn, MySpace, and Dropbox. Over the past few months, the amount of databases uploaded and sold by DoubleFlag was huge. Moreover, it began selling other information that is unique and highly sensitive, and even attractive to intelligence agencies around the world, including data stolen from the US-based Cellular Corporation (this cellular service company owns and operates the fifth largest telecommunications network in the United States and provides services for 4.9 million customers in 426 major markets across 23 states in the US), containing information like names, addresses, cities, states and cell numbers of 130 million Americans.∂∂
360 Internet Security Center recently released the “2016 China Website Security Vulnerability Situation Analysis Report”. According to the report, in 2015 among the vulnerabilities recorded by the 360 Butian Platform alone, more than 1,400 could cause personal information leakage, which may leak as many as 5.53 billion pieces of information. In 2016, it collected more than 300 new vulnerabilities that may lead to personal information leakage, which may leak as many as more than 5 billion pieces of personal information.
Jointly build a white-hat collaboration mechanism to curb cybercrimes
Bai Jian, who is in charge of the Butian Vulnerability Response Platform, revealed that it has held several discussions with three well-known vulnerability platforms, and during the RSA Conference, the parties will also make in-depth consultations. He said, “We will cooperate on security test, vulnerability notification, etc. , and sign the memorandum of understanding on cooperation at a right timing.”
Wu Yunkun said that due to the huge number of Internet users and the complex network environment, all countries also become the victims of cyber attacks and other criminal acts while benefiting from the Internet. Only through extensive international cooperation to create a comprehensive, wide-ranging, multi-level, effective coordination mechanism can we effectively curb the increasingly rampant, borderless cyber attacks and other criminal activities.
The vulnerability platforms from different countries each pool a large team of white hats. The number of white hats registered on the Butian Platform has reached more than 30,000, and the vulnerability platforms in the United States have issued bonuses to nearly 10,000 white hats. We should strengthen cooperation and collaboration between the vulnerability platforms of different countries and combine the respective technological advantages of Chinese and western hackers, to effectively enhance security capabilities of websites. More extensive and timely vulnerability response conducive to the realization of technology and talent sharing will greatly promote the global Internet security capabilities.