2019年安全事件响应观察报告

安全事件响应观察报告Cybersecurity Incident Response Insights2019 关于绿盟科技北京神州绿盟信息安全科技股份有限公司（简称绿盟科技）成立于2000年4月，总部位于北京。在国内外设有30多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户，提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。基于多年的安全攻防研究，绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域，为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市交易。股票简称：绿盟科技 股票代码：300369特别声明为避免合作伙伴及客户数据泄露，所有数据在进行分析前都已经过匿名化处理，不会在中间环节出现泄露，任何与客户有关的具体信息，均不会出现在本报告中。 2019年安全事件响应观察报告A目录 CONTENTS目录1. 前言 ······································································································································································12. 网络安全形势分析 ················································································································································42.1 国家级安全演练效果明显 ··························································································································································52.2 关键基础设施成为黑客攻击的重点目标 ··································································································································72.3 经济利益是黑客攻击主要驱动力 ············································································································································102.4 勒索软件即服务势头迅猛 ························································································································································112.4.1 完善的产业链 ····························································································································································································112.4.2 低风险高收益 ····························································································································································································142.4.3 建议 ············································································································································································································152.5 黑链暗链事件的爆发式增长 ····················································································································································152.5.1 现状 ············································································································································································································162.5.2 利益链 ········································································································································································································172.5.3 建议 ············································································································································································································182.6 恶意程序隐藏技术在革新发展 ················································································································································192.7 入侵事件平均潜伏时间高达359天 ·······································································································································202.8 人和管理成为主要入侵突破口 ················································································································································233. 安全漏洞变化趋势 ··············································································································································273.1 高危漏洞PoC公开数量增多 ···················································································································································283.1.1 微软远程桌面服务远程代码执行漏洞（CVE-2019-0708） ···············································································································293.1.2 Confluence SSRF及远程代码执行漏洞 ················································································································································303.1.3 WinRAR代码执行漏洞 ············································································································································································313.2 0day漏洞频繁爆发 ···································································································································································323.2.1 SandboxEscaper 再爆0day漏洞 ··························································································································································323.2.2 Chrome PDF文件解析0day漏洞··························································································································································333.2.3 Fastjson 0day ···························································································································································································343.3 国内商用软件安全状况堪忧 ······························