Beijing Health Code was attacked! What are the tactics of cyber attacks?

||||

Written by reporter Zhao Tianyu Edited by Liu Zhao

New Media Editor/Li Yunfeng

Interview experts:

Xin Yang (Professor of School of Cyberspace Security, Beijing University of Posts and Telecommunications)

Li Changlong (Chief Appraiser of Beijing Zhonghai Yixin Judicial Appraisal Institute, Internet Electronic Data Forensics Expert)

According to official reports, on April 28, Beijing Health Code suffered a cyber attack during its peak usage period. After preliminary analysis, the source of the cyber attack came from abroad. The security team responded promptly and effectively. During the attack, related services were not affected.

It is understood that during the Beijing Winter Olympics and Paralympics, Beijing Health Code also suffered similar cyber attacks, which were effectively dealt with. Attacking Beijing Health Code, which is closely related to the daily lives of citizens, through overseas networks is undoubtedly adding chaos to Beijing's intensive epidemic prevention and control work.

(Image source: Screenshot of People's Daily Weibo)

Moreover, the National Internet Emergency Center has found that since late February, my country's Internet has been continuously attacked by foreign cyber attacks. The spokesperson of my country's Ministry of Foreign Affairs has responded to relevant questions several times. These facts remind us that Internet security work must not be taken lightly.

○ ○ ○

The impact may not be great, but the manipulators behind the scenes need attention

What is a cyberattack? It is a broad term for cybercrime that covers any deliberate attack on computer equipment, networks or infrastructure. It can be carried out by individuals (such as hackers) or organizations, and can target individuals, organizations or even countries (this is called cyber warfare).

In fact, since the birth of the Internet, "attack" and "protection" have been two contradictory terms that have grown together. Especially in recent years, with the rapid development of the Internet industry, major data leaks and major network attacks have almost never stopped, and companies, individuals and even government organizations have not been spared and suffered heavy losses.

Since late February, my country's Internet has been under continuous attack from foreign networks, with a large number of computers becoming "broilers". "Brokers" are also called puppet machines. Like "Trojans" and "viruses", they are a term used in network security to refer to computer machines that are remotely controlled by hackers and can be manipulated to do anything at will, just like chickens grown for food in breeding farms, which have lost their freedom and can be "slaughtered" at will. This is a vivid metaphor.

During the 2016 West Coast Internet outage in the United States, hacker groups manipulated a large number of Internet surveillance cameras to launch DDoS attacks. These surveillance cameras are called "zombies."

DDoS attack is also called distributed denial of service attack. Xin Yang, professor at the School of Cyberspace Security of Beijing University of Posts and Telecommunications and deputy director of the National Engineering Laboratory for Disaster Recovery Technology, explained that the main purpose of DDoS attack is to cause damage, just like the "call to death" phone harassment on mobile phones. The attacker launches a large amount of traffic to access a website in a short period of time, causing the server to crash and interfering with the normal use of other users.

However, there is also a voice that believes that the peak traffic of some attacks is only 36Gbps, which does not actually pose any threat. It is more like hackers trying out their skills on the Chinese network.

In Internet data traffic calculation, Gbps means gigabits per second, which is a standard unit of measurement for broadband on transmission media. What does 36Gbps peak traffic mean? Data shows that in 2014, the peak traffic of Alibaba Cloud in the DDoS attack reached 453.8GB per second, which is about 450Gbps. During the Double 11 Shopping Festival in 2017, due to the large number of visits, the peak traffic of Alibaba's computer room in Shanghai reached 1430GB per second, which is about 1.1TbGps. These traffics are hundreds of times higher than 36Gbps.

However, Xin Yang believes that the severity of a hacker attack cannot be judged solely by peak traffic, nor can the Internet attack traffic and data transmission traffic be simply compared: "Compared with the intensity, the driving force behind the attack is more important. We should find out who planned such an incident and whether there are other more covert attack methods in the future. This is related to national network information security, and this angle needs to be focused on."

○ ○ ○

Five common methods of cyber attacks

DDoS attack is one of many attack methods on the Internet. Li Changlong, chief appraiser of Beijing Zhonghai Yixin Judicial Appraisal Institute and expert in Internet electronic data forensics, told reporters that cyber attacks are like "thugs" who snatch data. Their purpose is to destroy, reveal, modify, or disable the function of software or services, or to access or steal data from a terminal without authorization. He introduced five commonly used cyber attack methods.

The first is a denial of service attack, which is the most common attack method on the Internet. The attacker repeatedly sends requests to a certain site server, causing the server to be unable to handle a large number of requests and causing a "denial of service". This attack has a low technical threshold and is effective, but it is difficult to prevent. It is popular with hackers and has evolved from a denial of service attack (DoS) to a multi-point distributed denial of service (DDoS).

DoS attacks first appeared in 1964. Although more than 50 years have passed, they have always been in a state of "wildfire cannot be extinguished, and spring breeze blows again" because of their simple principles. At a time when network security is being strengthened, the world still encounters more than 4,000 DoS attacks per week.

▲Ransomware has caused great panic among Internet users at home and abroad. The picture shows the computer interface after being infected. Criminals will ask infected users to pay Bitcoin to decrypt the computer.

The second type is a port scanning attack. The scanning attack itself does not cause harm to the target, but it is more like a secretive spy. It can know which services and ports are open on the scanned computer, analyze the received data, discover the weaknesses of the target host, and better carry out the next "attack".

The third type is access attacks, where the attacker obtains or has access to the host or network and then uses the access to tamper with or steal data. Access attacks are also called "password intrusions," which require obtaining a legitimate user account on the host and then deciphering it.

The fourth type is a web attack, which blocks legitimate users from accessing related sites or reduces the reliability of sites. The most common of these is SQL injection, which uses existing applications to inject malicious SQL commands into the backend database engine for execution. This type of attack is the most direct and simplest.

The last type is Trojan virus attack, which mainly gains control of the server by implanting Trojans into the server. Trojan viruses have powerful self-replication capabilities, thereby maliciously destroying server files or stealing server data.

▲In 2015, the computer of then German Chancellor Angela Merkel in the Bundestag office was attacked by a Trojan virus and became the source of the virus (Photo source: China Daily)

○ ○ ○

How to deal with cybersecurity threats?

In the eyes of many ordinary people, with the rapid development of Internet security technology and the popularization of mobile Internet, hacker attacks are gradually fading away, but the reality is just the opposite.

Zhou Hongyi, founder of a cybersecurity company, revealed that in 2021 alone, 360 received and handled more than 4,000 ransomware attacks, captured hacker groups from 47 countries abroad, monitored more than 4,200 attacks, and involved more than 20,000 attack targets.

How do ordinary people and enterprises deal with network security threats? Li Changlong said that installing firewall software, setting up proxy servers, regularly updating anti-virus components, and developing the habit of data backup are the most basic ways to prevent hacker attacks.

"When browsing the web, do not open emails and web pages from unknown sources at will; also try to avoid downloading unknown software and game programs from the Internet. Products that have not passed security certification are prone to carry viruses; when setting passwords, use relatively complex passwords as much as possible. The passwords for different software programs should also be different to prevent others from stealing and then using the same password to sweep the world."

▲ Accelerating the deployment of high-defense servers can effectively resist DDoS attacks (Image source: Tianxia Data Network)

○ ○ ○

Promote information disaster recovery technology to provide additional insurance for network security

With the popularization and application of big data, cloud computing, and the Internet of Things, network security has been upgraded to digital security. Traditional protection methods cannot fully cope with complex digital security challenges. Paying attention to network security has become one of the current national strategies.

"The hacker attacks tell us that the Internet has no borders, and Internet security defense also has no borders. We are dealing with challenges and threats from around the world." Competition in cyberspace is ultimately a competition for talent. Xin Yang believes that we must continue to vigorously strengthen talent training in related areas and that there must be a healthy and close interaction between universities and enterprises.

Xin Yang has also been researching information disaster recovery technology for a long time. He believes that promoting and deploying information disaster recovery technology is an important guarantee for the informatization strategy and another "insurance" for network security.

Xin Yang explained that disaster recovery technology, also known as disaster recovery backup technology, is an emergency response plan for information technology itself and is the "last line of defense" in the network security system. According to a study by the University of Texas, only 6% of companies can survive after data loss, 43% of companies will close down completely, and 51% of companies will disappear within two years. "It can be seen that without disaster recovery technology, data damage or loss caused by hacker intrusion is likely to be an irreparable loss for enterprises."

"In addition to the field of network security, disaster recovery technology has great application protection space in earthquakes, fires, and misoperation operations and maintenance." At present, the construction of data centers has become one of the core of new infrastructure. Xin Yang called for disaster recovery systems and disaster recovery centers to be the basic components of data center construction, so as to be prepared for various risks.

Produced by: Science Central Kitchen

Produced by: Beijing Science and Technology News | Beijing Science and Technology Media

Welcome to share to your circle of friends

Reproduction without authorization is prohibited