Killnet 和 AnonymousSudan DDoS 攻击澳大利亚的大学网站,并威胁将发起更多攻击。应对措施如下
2023-03-29
过去 24 小时内,Cloudflare 观察到澳大利亚的大学网站遭遇了 HTTP DDoS 攻击。如最近的 Telegram 帖子披露所示,亲俄黑客组织 Killnet 及其附属组织 AnonymousSudan 公开攻击了几个集团,最先攻击的是大学...
\n \n
Killnet 是一个由个人组成的松散团体,通过 Telegram 进行合作。他们的 Telegram 频道为亲俄同情者提供了一个空间,以便他们自愿贡献自己的专业知识,参与针对西方利益的网络攻击。
图:澳大利亚组织中构成 DDoS 攻击流量的百分比
\n这并不是 Cloudflare 第一次报告 Killnet 活动。2023 年 2 月 2 日,我们在博客中指出,一个亲俄黑客组织(自称隶属于 Killnet)正在瞄准美国的多家医疗机构。2022 年 10 月,Killnet 号召攻击美国机场的网站,并在 11 月份攻击了美国财政部。
和该集团过去的攻击一样,最近的这些攻击看起来也不是来自一个单一的僵尸网络,攻击方法和来源似乎也不相同,表明有多个不同技能水平的个人威胁行为者参与其中。
DDoS(分布式拒绝服务)攻击因能破坏关键服务而经常成为头条。Cloudflare 最近宣布成功阻止了迄今最大的攻击,峰值达到每秒 7100 万个请求 (rps),比上次最高纪录(2022 年 6 月)高出 54%。
DDoS 攻击旨在使用大量恶意流量压垮网络,如果执行得当,可以中断服务或使网络。过去几个月中,攻击的规模、复杂性和频率一直在不断增加。
\nKillnet 不是传统的黑客组织:它没有成员,没有工具或基础设施,也不为牟取经济利益。Killnet 是亲俄“黑客分子”支持者的合作空间,自愿贡献自己的专业知识,参与针对西方利益的网络攻击。他们完全通过 Telegram 公开合作,欢迎任何人加入。
Killnet 成立于乌克兰 IT 军团组建之后不久(很可能是为了应对后者的组建),并仿效后者的战术。大多数时候,Killnet 的 Telegram 频道管理员会号召志愿者攻击某个特定目标。为发动成功的攻击,参与者会分享许多不同的工具和技术,经验丰富的个人通常会指导没有经验的个人如何发起网络攻击。
AnonymousSudan 与 Killnet 类似,也是一个非传统黑客组织,表面上是由苏丹“黑客分子”组成。这两个组织最近开始合作,攻击各种西方利益集团。
攻击者(包括这些黑客组织的攻击者)越来越大胆,瞄准的组织规模越来越大。对于企业,特别是网络资源有限的企业,这意味着脆弱的网络面临的威胁越来越大。
各种规模的组织都需要做好准备,应对网络可能遭受的重大 DDoS 攻击。攻击的检测和缓解最好应尽可能自动化,如果仅仅依靠人类来实时缓解,攻击者则占据了主导地位。
\nCloudflare 客户可免于 DDoS 攻击,因为我们的系统一直在自动检测和缓解攻击。我们的团队持续监测网络情况,根据需要部署反制措施。
建议教育、旅游和医疗行业的客户遵循以下建议,作为额外的预防措施。
确保所有其他 DDoS 托管规则设置为默认设置(高灵敏度级别和缓解措施)。
高级 DDoS 防护的企业客户应考虑启用自适应 DDoS 保护。
打开 Bot Fight 模式或可用的同等级别(SBFM、企业机器人管理)。
确保您的源服务器不会暴露在公共互联网上,即只启用对 Cloudflare IP 地址的访问权限。
启用 DDoS 警报。
攻击者发起 DDoS 攻击已经变得很容易,但我们希望确保各种大小组织的防御者对抗各种 DDoS 攻击的工作甚至更加容易,而且免费。自 2017 年以来,我们一直向所有客户免费提供不计量的无限 DDoS 防护。Cloudflare 的使命是帮助构建更好的互联网。更好的互联网是指人人都能更安全、更快速、更可靠使用的互联网,即使面对 DDoS 攻击。
进一步了解重要的 DDoS 趋势,请下载 Cloudflare DDoS 威胁报告,查阅每季度的见解。
"],"published_at":[0,"2023-03-29T12:10:13.000+01:00"],"updated_at":[0,"2024-10-09T23:23:36.302Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4PSCz2cewvn45WcEHFtnaA/ffebd5f608a8c869bc526e9c4321ab59/ddos-attacks-on-australian-universities.png"],"tags":[1,[[0,{"id":[0,"5kIxDMJCg3PXQxVINDL0Cw"],"name":[0,"攻击"],"slug":[0,"attacks"]}],[0,{"id":[0,"2udkw4PkZBJX8HfbLBRBau"],"name":[0,"Australia"],"slug":[0,"australia"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Patrick R. Donahue"],"slug":[0,"patrick"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1LQFonIW7hvlt7UKRMOzlk/268d04eef37cd375ab2063158e74dea2/patrick.png"],"location":[0,"San Francisco, CA"],"website":[0,"https://www.cloudflare.com"],"twitter":[0,"@prdonahue"],"facebook":[0,null]}],[0,{"name":[0,"Ben Munroe"],"slug":[0,"ben-munroe"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2I6xKwSTvERHOgEec8F82G/4f8295727f35e3a9e1d2007cf9fb3e3a/ben-munroe.jpg"],"location":[0,"Singapore"],"website":[0,null],"twitter":[0,"@munrolo"],"facebook":[0,null]}]]],"meta_description":[0,"Over the past 24 hours, Cloudflare has observed HTTP DDoS attacks targeting university websites in Australia. Universities were the first of several groups publicly targeted by the pro-Russian hacker group Killnet and their affiliate AnonymousSudan, as revealed in a recent Telegram post. "],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Killnet and AnonymousSudan DDoS attack Australian university websites, and threaten more attacks — here’s what to do about it Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"Translated for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/ddos-attacks-on-australian-universities"],"metadata":[0,{"title":[0,"Killnet 和 AnonymousSudan DDoS 攻击澳大利亚的大学网站,并威胁将发起更多攻击。应对措施如下"],"description":[0,"Over the past 24 hours, Cloudflare has observed HTTP DDoS attacks targeting university websites in Australia. Universities were the first of several groups publicly targeted by the pro-Russian hacker group Killnet and their affiliate AnonymousSudan, as revealed in a recent Telegram post. "],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6lAXjyUweaHR06ZTbaXA7K/7c5ac10a70a9ab82d6c98da5f1861ab3/ddos-attacks-on-australian-universities-TlhD4m.png"]}]}],"locale":[0,"zh-cn"],"translations":[0,{"posts.by":[0,"作者"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"这篇博文也有 {lang1} 版本。"],"lang_blurb2":[0,"这篇博文也有 {lang1} 和{lang2}版本。"],"lang_blurb3":[0,"这篇博文也有 {lang1}、{lang2} 和{lang3}版本。"],"footer.press":[0,"新闻"],"header.title":[0,"Cloudflare 博客"],"search.clear":[0,"清除"],"search.filter":[0,"过滤"],"search.source":[0,"来源"],"footer.careers":[0,"招聘"],"footer.company":[0,"公司"],"footer.support":[0,"支持"],"footer.the_net":[0,"theNet"],"search.filters":[0,"过滤器"],"footer.our_team":[0,"我们的团队"],"footer.webinars":[0,"网络研讨会"],"page.more_posts":[0,"更多帖子"],"posts.time_read":[0,"{time} 分钟阅读时间"],"search.language":[0,"语言"],"footer.community":[0,"社区"],"footer.resources":[0,"资源"],"footer.solutions":[0,"解决方案"],"footer.trademark":[0,"商标"],"header.subscribe":[0,"订阅"],"footer.compliance":[0,"合规性"],"footer.free_plans":[0,"Free 计划"],"footer.impact_ESG":[0,"影响/ESG"],"posts.follow_on_X":[0,"在 X 上关注"],"footer.help_center":[0,"帮助中心"],"footer.network_map":[0,"网络地图"],"header.please_wait":[0,"请稍候"],"page.related_posts":[0,"相关帖子"],"search.result_stat":[0,"针对 {search_keyword} 的第 {search_range} 个搜索结果(共 {search_total} 个结果)"],"footer.case_studies":[0,"案例研究"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"服务条款"],"footer.white_papers":[0,"白皮书"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"社区中心"],"footer.compare_plans":[0,"比较各项计划"],"footer.contact_sales":[0,"联系销售"],"header.contact_sales":[0,"联系销售团队"],"header.email_address":[0,"电子邮件地址"],"page.error.not_found":[0,"未找到页面"],"footer.developer_docs":[0,"开发人员文档"],"footer.privacy_policy":[0,"隐私政策"],"footer.request_a_demo":[0,"请求演示"],"page.continue_reading":[0,"继续阅读"],"footer.analysts_report":[0,"分析报告"],"footer.for_enterprises":[0,"企业级服务"],"footer.getting_started":[0,"开始使用"],"footer.learning_center":[0,"学习中心"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"较新的帖子"],"pagination.older_posts":[0,"较旧的帖子"],"posts.social_buttons.x":[0,"在 X 上讨论"],"search.icon_aria_label":[0,"搜索"],"search.source_location":[0,"来源/位置"],"footer.about_cloudflare":[0,"关于 Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"成为合作伙伴"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"网络服务"],"footer.trust_and_safety":[0,"信任与安全"],"header.get_started_free":[0,"免费开始使用"],"page.search.placeholder":[0,"搜索 Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare 状态"],"footer.cookie_preference":[0,"Cookie 首选项"],"header.valid_email_error":[0,"必须是有效的电子邮件地址。"],"search.result_stat_empty":[0,"显示第 {search_range} 个结果(共 {search_total} 个结果)"],"footer.connectivity_cloud":[0,"全球连通云"],"footer.developer_services":[0,"开发人员服务"],"footer.investor_relations":[0,"投资者关系"],"page.not_found.error_code":[0,"错误代码:404"],"search.autocomplete_title":[0,"请输入查询内容。按回车键发送"],"footer.logos_and_press_kit":[0,"标识与媒体资料包"],"footer.application_services":[0,"应用程序服务"],"footer.get_a_recommendation":[0,"获得推荐"],"posts.social_buttons.reddit":[0,"在 Reddit 上讨论"],"footer.sse_and_sase_services":[0,"SSE 和 SASE 服务"],"page.not_found.outdated_link":[0,"您可能使用了过期的链接,或者输入了错误的地址。"],"footer.report_security_issues":[0,"报告安全问题"],"page.error.error_message_page":[0,"抱歉,我们找不到您要打开的页面。"],"header.subscribe_notifications":[0,"订阅以接收新文章的通知:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"订阅已确认。感谢订阅!"],"posts.social_buttons.hackernews":[0,"在 Hacker News 上讨论"],"footer.diversity_equity_inclusion":[0,"多元、公平与包容"],"footer.critical_infrastructure_defense_project":[0,"关键基础设施防护项目"]}]}" ssr="" client="load" opts="{"name":"PostCard","value":true}" await-children="">2023-03-29
过去 24 小时内,Cloudflare 观察到澳大利亚的大学网站遭遇了 HTTP DDoS 攻击。如最近的 Telegram 帖子披露所示,亲俄黑客组织 Killnet 及其附属组织 AnonymousSudan 公开攻击了几个集团,最先攻击的是大学...
2023-03-13
我们正在通过自动识别并屏蔽所谓的“易混淆”域名,扩大为 Cloudflare One 客户提供的防钓鱼保护...
2022-09-19
Cloudflare的威胁运营和研究团队 Cloudforce One 现已投入运行,并开始进行威胁简报。如要了解更多信息,欢迎参加预定 10 月 12 日举行的网络研讨会:“YackingYeti:俄罗斯威胁组织如何瞄准乌克兰——以及全世界”...
2022-03-14
我们预计在 2022 年第二季度初会完成对 Area 1 的收购,此后,我们打算允许所有付费自助服务套餐采用其电子邮件安全技术,不收取额外费用...
2021-07-22
Cloudflare 的使命是帮助构建更好的互联网,我们的核心使命是让我们的客户能够轻松地提高其数字资产的性能、安全性和可靠性,无论他们身在何处。这包括中国大陆。自 2015 年以来,Cloudflare 在中国就有客户使用我们的服务,最近,我们通过与中国互联网巨头京东的云部门京东云合作,扩大了我们在中国的业务。...
2021-03-27
Cloudflare 生成、保护和管理的 SSL/TLS 私钥可能比世界上任何组织都要多。私钥必须小心保护,因为攻击者一旦拥有私钥,便可以冒充合法站点并解密 HTTPS 请求。为了减轻这种风险,Cloudflare 在边缘有严格的密钥处理程序和隔离层,旨在不惜一切代价保护密钥。但是对于受到信息安全政策的规定,限定其能(或不能)在何处保管其密钥的少数客户来说,这些保护并不符合他们的要求。...
2020-10-01
API 是连入互联网的现代应用程序的命脉。它们每分每秒都在执行来自移动应用程序的请求:下达这份外卖订单、“点赞”这张图片、发送命令到 IoT 设备、解锁车门、启动洗涤周期,通知有人刚跑完五千米,以及不计其数的其他指令。...