##弱口令成安全漏洞,国家安全机关发布提示:警惕境外黑客攻击
近年来,随着数字化进程的加速,网络安全问题日益突出。国家安全机关近期发布提示,提醒各单位和个人提高信息安全意识,加强网络防护,避免使用弱口令,防止数据被窃取、泄露,影响国家安全。
提示指出,一些企业和公司因使用弱口令,如连续数字、电话号码、姓名生日等组合,导致密码被境外黑客猜解或破解,进而遭到攻击,造成严重安全隐患。
**案例一:企业内部数据泄露**
国家安全机关工作发现,某境外论坛上出现我国某企业的内部数据,包含多个合作客户的个人隐私信息,如姓名、身份证号、家庭住址和手机号码等。经核查,该数据泄露的原因是企业网络管理员在进行运维测试后,未及时删除测试账号,而该账号恰好具备管理员权限且口令为“admin+连续数字”,极易被猜解,成为信息安全维护的重大漏洞。
**案例二:公用邮箱密码被破解**
某单位在其官方网站公布对外电子邮箱账号,用于联络收信。由于工作人员将所有邮件及附件长期存储于邮箱云空间,未定期清理,且登录密码为单位对外办公的固话号码,长期未修改,导致邮箱密码被境外黑客猜解,邮件数据被窃取。
**案例三:监控摄像头被控制**
某跨境物流公司园区内安装大量摄像头,用于监控物流运转情况。该公司员工发现,摄像头时常自动旋转,寻找并聚焦至停靠、出港的有关船只。经查,监控系统的管理员账号密码为出厂默认的弱口令密码,被境外黑客“撞库”攻击成功登录,获取了操控摄像头权限,进而监控目标海域情况,给我国家安全带来风险隐患。
国家安全机关提醒,数字化时代,有关单位和个人应增强网络安全意识,采取以下措施防范网络攻击:
* **使用复杂密码:**设置密码长度至少为8位,包含大小写字母、数字、特殊字符,提高密码复杂度,不使用设备或账户初始密码及常见的弱口令密码。
* **定期更改密码:**重要网络信息系统应定期(至少3个月内)进行密码更改,避免数套密码轮换修改。
* **避免密码串用:**在不同平台及系统避免使用相同的密码,防止一个密码泄露后其他系统被“撞库”攻击连带攻破。
国家安全机关强调,网络安全是国家安全的重要组成部分,每个人都应积极参与维护网络安全,共同构建安全可靠的网络环境。
英语如下:
##Enterprise Passwords Targeted by Overseas Hackers! National Security Authorities Issue Urgent Warning
**Keywords:** Cyberattack, Password Leakage, Security Alert
## Weak Passwords Create Security Vulnerabilities: National Security Authorities Issue Warning Against Overseas Hacker Attacks
In recent years, with the acceleration of digitalization, cybersecurity issues have becomeincreasingly prominent. The National Security Authorities have recently issued a warning, reminding all organizations and individuals to enhance their information security awareness, strengthen network protection, avoid using weakpasswords, and prevent data theft and leakage, which could affect national security.
The warning points out that some companies and enterprises, due to the use of weak passwords, such as consecutive numbers, phone numbers, or combinations of names and birthdays, have had their passwords guessed or cracked by overseas hackers, leading to attacks and serious security risks.
**Case 1: Enterprise Internal Data Leakage**
National Security Authorities have discovered that internal data from a Chinese company appeared on an overseasforum, including personal privacy information of several cooperating clients, such as names, ID numbers, home addresses, and mobile phone numbers. After investigation, it was found that the data leakage was caused by the company’s network administrator not deleting a test account after conducting maintenance testing. This account had administrator privileges and its password was”admin + consecutive numbers,” making it easily guessable and becoming a major vulnerability in information security maintenance.
**Case 2: Public Email Password Cracked**
A certain organization published its official website’s external email account for communication and receiving emails. Due to the staff’s practice of storing all emails andattachments in the email cloud space for a long time without regular cleaning, and the login password being the organization’s external office phone number, which remained unchanged for a long time, the email password was guessed by overseas hackers, leading to the theft of email data.
**Case 3: Surveillance Cameras Taken Over**
A cross-border logistics company installed numerous cameras in its park to monitor logistics operations. Company employees noticed that the cameras often rotated automatically, searching for and focusing on ships that were docked or departing. Upon investigation, it was found that the administrator account password of the monitoring system was the default weak password from the factory,which was successfully attacked by overseas hackers using a “brute force” attack. They gained control of the cameras and monitored the target maritime area, posing a risk to national security.
The National Security Authorities remind all organizations and individuals to enhance their cybersecurity awareness and take the following measures to prevent cyberattacks:
* **Use complex passwords:** Set passwords that are at least 8 characters long, including uppercase and lowercase letters, numbers, and special characters. Increase password complexity and avoid using default passwords or common weak passwords.
* **Change passwords regularly:** Important network information systems should change passwords regularly (at least every 3 months) toavoid rotating password changes for multiple sets of passwords.
* **Avoid using the same password:** Avoid using the same password across different platforms and systems to prevent “brute force” attacks from compromising other systems if one password is leaked.
The National Security Authorities emphasize that cybersecurity is an important part of national security. Everyoneshould actively participate in maintaining cybersecurity and work together to build a safe and reliable network environment.
【来源】http://www.chinanews.com/gn/2024/08-22/10272676.shtml
Views: 1