introintrotwothreefour示，當(dāng)前網(wǎng)絡(luò)攻擊的規(guī)模和復(fù)雜程度均急劇升級(jí)。數(shù)據(jù)顯示，攻擊者已實(shí)現(xiàn)自動(dòng)化漏洞偵察，漏洞披露與漏洞利用間隔顯著縮短，并借助網(wǎng)絡(luò)犯罪產(chǎn)業(yè)化不斷擴(kuò)大攻攻擊者針對(duì)已暴露數(shù)字基礎(chǔ)設(shè)施的大8攻擊行為趨勢(shì)分析攻擊行為趨勢(shì)分析檢測(cè)量萬(wàn)億檢測(cè)量?jī)|年同比增長(zhǎng)?），）：歐洲、中東和非歐洲、中東和非洲26.3%亞太地區(qū)42.4%拉丁美洲11.1%北美洲20.2%），前期偵察ActiveScanning"ExploitPublicActiveScanning"ExploitPublic-FacingApplication"ValidAccounts"CommandandScriptingInterpreter:PowerShell""ExternalRemoteServices"Information:StrippedPayloads""Commandand"CommandandScriptingInterpreter"WindowsManagementInstrumentationUserExecution"ExploitationforClientExecution""SystemServices:ServiceExecution""ServerSoftwareComponent:WebShell""ScheduledTask/"ServerSoftwareComponent:WebShell""ScheduledTask/Job:ScheduledTask"HardwareAdditionsClearWindowsEventLogs""ValidAccounts:DomainAccounts""Phishing:"ValidAccounts:DomainAccounts""Phishing:SpearphishingLink""CreateorModifySystemProcess:WindowsService""CreateorModifySystemProcess:WindowsService"FilesorInformation""SystemBinaryProxyExecution:Regsvr"SystemBinaryProxyExecution:Regsvr32""Adversary-in-the-Middle:LLMNR/NBT-NSPoisoningandSMBRelay"ScheduledTask/Job:At"ExploitationforPrivilegeEscalation"ATT&CKATT&CK"BootorLogonAutostartExecution"ExfiltrationOverAlternativeProtocolExfiltrationOverC2ChannelDCSync""ExfiltrationOverAlternativeProtocol:ExfiltrationOverAsymmetricEncryptedNon-C2ExfiltrationOverWebServiceTickets:Kerberoasting"OSCredentialDumpingDiscovery:DomainGroups""SystemNetworkConnectionsDiscovery""SystemInformationDiscovery""SystemOwner/UserDiscovery""SystemNetworkConfigurationDiscovery"RemoteSystemDiscoveryNon-StandardPort"Non-ApplicationLayerProtocol""Proxy:Multi-hopProxy""RemoteAccessSoftware""IngressToolTransfer""PermissionGroupsDiscovery:LocalGroups""StealorForgeKerberosTickets:AS-REPRoasting""RemoteServices:WindowsRemoteManagement""RemoteServices:SMB/WindowsAdminShares""ApplicationLayerProtocol:WebProtocols""AccountDiscovery:DomainAccount""FileandDirectoryDiscovery""NetworkServiceDiscovery""RemoteServices:VNC""ApplicationLayerProtocol:DNS""ApplicationLayerProtocol"NetworkDenialofService"ExploitationofRemoteServices""Proxy:ExternalProxy""OSCredentialDumping:NetworkShareDiscovery"StealorForgeKerberosForcedAuthentication"PermissionGroupsLateralToolTransferResourceHijackingRemoteServicesWebServiceBruteForceProxy 數(shù)據(jù)竊取防御規(guī)避數(shù)據(jù)竊取防御規(guī)避6.1%3.3%攻擊執(zhí)行1.2%權(quán)限提升憑據(jù)訪問(wèn)持久駐留初始訪問(wèn)信息收集3.5%危害影響8.4%資產(chǎn)發(fā)現(xiàn)25.3%橫向移動(dòng)?代碼存儲(chǔ)庫(kù)憑據(jù)泄漏：攻擊者經(jīng)常利用?利用命令與腳本解釋器執(zhí)行攻擊）：迅速蛻變、新興勒索軟件攻擊者不斷涌現(xiàn)、黑客行動(dòng)主義攻擊日趨復(fù)雜化，以及政治性間諜組織Lazarus21%其他26%KimsukyAPT29VoltTyphoonAPT28?受影響排名前三的國(guó)家分別是美國(guó)