建構混合雲APT電子郵件防禦系統之實務研究-以M公司為例

Abstract

隨著網際網路技術的快速進展，傳統的入侵攻擊模式也伴隨著持續進化，惡意的網路攻擊行為漸趨多元且難以防範。駭客攻擊手法亦由早期非針對特定對象所傳播的病毒感染，慢慢轉變到近年來在資訊安全領域持續受到關注與探討的進階持續性滲透威脅（Advanced Persistent Threat, APT）。而根據Phishme.com於2016年的報告顯示，電子郵件是大多數網絡攻擊的首選起點，有91％的目標攻擊是用電子郵件，攻擊者顯然認為電子郵件是最佳的攻擊路徑，可以規避現有的安全防禦，進而獲取機敏資料。 對高科技產業而言，APT是各公司的IT（Information Technology）人員必須面對的棘手且需積極防範的工作。本研究探討台灣IC設計公司進行APT防禦系統導入的前期概念性驗證（Proof of Concept，POC），以及後續有別於一般企業的內部自建，而以更為進階的混合雲架構進行系統建置。驗證新系統導入的實質效益及所需建構的系統架構，並以真實數據驗證解決方案的可行性。透過本研究之案例分析，瞭解高科技公司目前所面臨的APT攻擊樣態、特性與混合雲系統導入效益，同時亦可瞭解如何針對公司電子郵件系統進行預防性防護，減低 APT攻擊所帶來的衝擊與影響。 關鍵詞：網路安全、進階持續性滲透攻擊、針對性攻擊、概念性驗證

With the rapid development of Internet technology, traditional intrusion attacks are continuously improved. Accordingly, malicious network attacks become increasingly diverse and difficult to defense. The hacker attack method changes from virus infection to Advanced Persistent Threat (APT), which has been continuously discussed in the field of information security in recent years. Based on Phishme.com Report 2016, 91% of Cyber Attacks begin with a spear phishing email. For the current high-tech industries in Taiwan, the IT teams of companies must face the APT issues and prevent APT attacks actively. This study investigates the Hybrid APT defense system based on the Proof of Concept (POC) performed in a Taiwan IC design company. In order to verify the substantial benefits of the APT defense system, we build the system architecture and verify the feasibility by using real data. This case study contributes to realizing different kinds of APT attacks, the features and benefits of the Hybrid APT defense system, as well as how to prevent or reduce the impact of APT attacks. Keywords： Cyber Security, Advanced Persistent Threat, Targeted Attack, Proof of Concept