抵赖攻击是W通信双方在进行网络交换时,一方面否认自己的行为,尤其是在被发现并收到指责时,通过伪造信息嫁接给其他组织或删除关键证据导致另一方(受害者)无法维护自己权益的攻击行为。
某教育单位网站官网图片被恶意篡改,安全运维人员通过还原问题时间段客户访问网站记录,分析攻击者攻击过程的抵赖操作,具体如下:
1、身份隐匿:通过多次代理实现攻击者身份的隐匿。
2、操作隐匿:攻击者进入服务器,通过指令删除原图片文件,并且上传了具有恶意代码的图片文件,并删除操作日志。
3、工具隐匿:最后删除webshell文件。
英文翻译:
Denial attack is an attack in which the two parties of W communication deny their own behavior during network exchange, especially when they are discovered and criticized, and the other party (the victim) is unable to defend its own rights and interests by forging information and transferring it to other organizations or deleting key evidence.
The picture of the official website of an educational institution is maliciously tampered with. Security operation and maintenance personnel restore the records of customers’ visits to the website during the problem period and analyze the deniability operation of the attacker during the attack process, as follows:
1, identity hiding: through multiple agents to achieve the identity of the attacker hiding.
- Operation hiding: The attacker enters the server, deletes the original image file through instructions, uploads the image file with malicious code, and deletes the operation log.
3, tool hiding: Finally delete the webshell file.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于网络;编辑/翻译:数字化转型网默然。
