¿À´ÃÀÇ Å°¿öµå : ·¹±ä, ÀüÀÚ´ã¹è, ¾Æ¹Ù½ºÆ®
¾î´À ±¹°¡°¡ ·¹ÁøÀÇ ¹èÈÄ¿¡ ÀÖÀ»±î, ÃʹÌÀÇ °ü½É»ç
´ã¹è´Â »ç¶÷µµ ²÷°í, ÄÄÇ»Å͵µ ²÷¾î¾ß µÉ µí
[º¸¾È´º½º ¹®°¡¿ë] ¿À´Ã ÃÖ´ëÀÇ ¼Ò½ÄÀº ·¹±ä(Regin)À̶ó´Â ½ºÆÄÀÌ¿þ¾îÀÔ´Ï´Ù. ½ºÅνº³ÝÀÇ ÈÄ¿¹¶ó°í ºÒ¸®°í ÀÖ°í¿ä, ¾ÆÁ÷µµ ¸ðµç ³»¿ëÀÌ ´Ù ÆÄ¾ÇµÈ °ÍÀº ¾Æ´Õ´Ï´Ù. ÇöÀç±îÁö´Â ¾î¶² ±¹°¡°¡ ¹èÈÄ¿¡ ÀÖ´Â °Í °°´Ù, ¸ð¹ÙÀÏ ³×Æ®¿öÅ© Áß GSMÀ» °Ü³ÉÇÏ°í ÀÖ´Ù Á¤µµ¸¸ ¾Ë·ÁÁ® ÀÖ´Â »óÅÂÀÔ´Ï´Ù. ¾îÁ¦µµ ±×·¸°í ¿À´Ãµµ ±×·¸°í, ¸Ö¿þ¾î ¼Ò½ÄÀÌ ¿©´À ¶§º¸´Ù ¸¹Àºµ¥ ´Ù°¡¿Ã ºí·¢ÇÁ¶óÀ̵¥ÀÌ¿Í ¿¬°üÀÌ ¾øÁö ¾Ê¾Æ º¸ÀÔ´Ï´Ù.
°³ÀÎÀûÀ¸·Î´Â ÀüÀÚ´ã¹è°¡ ÄÄÇ»ÅÍ¿¡ ÇØ·Ó´Ù´Â ¼Ò½ÄÀÌ Àç¹ÌÀÖ½À´Ï´Ù. Áß±¹»ê ÀüÀÚ´ã¹è¿¡¼ ¸Ö¿þ¾î°¡ ¹ß°ßµÇ¾ú´Âµ¥¿ä, Áß±¹Àº ÀÌ·¸°Ô ¾Ç¸íÀ» °è¼ÓÇؼ ¶³Ãĵµ ±¦Âú´Ù´Â °É±î¿ä? ¸ÞÀ̵åÀÎ Â÷À̳ªÀÇ À̹ÌÁö°¡ ¿¹Àüº¸´Ù¾ß ³ª¾ÆÁ³´ÙÁö¸¸ ¾ÆÁ÷ ¿ÏÀüÈ÷ ½Å¿ëÀ» ¾ò°í ÀÖ´Â °Ô ¾Æ´Ñµ¥ ¸»ÀÔ´Ï´Ù. ±× ¿ÍÁß¿¡ ±¸±Û¿¡¼´Â ¸Æ »ç¿ëÀڵ鿡°Ô »êŸ¸¦ ÆÄ°ßÇ߳׿ä.
1. ½ºÅνº³Ý°ú ºñ½ÁÇÏÁö¸¸ ´õ °·ÂÇÑ ½ºÆÄÀÌ¿þ¾î, ·¹±ä(Dark Reading)
http://www.darkreading.com/attacks-breaches/newly-revealed-cyber-espionage-attack-more-complex-than-stuxnet-flame/d/d-id/1317710?
½Ã¸¸ÅØ, ½ºÅνº³Ý°ú ºñ½ÁÇÏÁö¸¸ ±¹°¡°¡ ÈÄ¿øÇÏ´Â ½ºÆÄÀÌ¿þ¾î ¹ß°ß(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/symantec-spots-state-backed-spyware/
»õ·Î¿î »çÀ̹ö½ºÆÄÀÌ Ç÷§Æû ·¹±ä, GSM ³×Æ®¿öÅ©¿¡ ½ºÆÄÀÌ ÇàÀ§(Threat Post)
http://threatpost.com/regin-cyberespionage-platform-also-spies-on-gsm-networks/109539
»õ·Î¿î ½ºÅνº³ÝÀΰ¡? °·ÂÇÑ ±â´ÉÀÇ ·¹±ä(The Register)
http://www.theregister.co.uk/2014/11/24/regin/
·¹±ä : ºñ¹Ð½º·¯¿î ¸ðµâÇü ½ºÆÄÀÌ ¸Ö¿þ¾î, ±¹°¡°¡ ¹èÈÄ¿¡ ÀÖ´Â µí(SC Magazine)
http://www.scmagazine.com/spying-tool-is-being-called-groundbreaking/article/385076/
½ºÆÄÀÌ ¸Ö¿þ¾î °æ°í ÀÎÅͳݿ¡ ¿ï·Á(CU Infosecurity)
http://www.cuinfosecurity.com/espionage-malware-alert-sounded-a-7603
·¹±ä : GSM ³×Æ®¿öÅ©¿¡ ´ëÇÑ ±¹°¡ÀÇ °ø°Ý(Secure List)
http://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
·¹±ä °ø°Ý Ç÷§Æû, GSM ³×Æ®¿öÅ© ³ë·Á(Security Week)
http://www.securityweek.com/regin-attack-platform-targeted-gsm-networks
¿Í¿ì. ÁÖ¿ä ¿Â¶óÀÎ º¸¾È °ü·Ã ¸Åü ¡®¿Ãų¡¯ ´Þ¼ºÇß½À´Ï´Ù. ·¹±äÀ̶ó´Â »õ·Î¿î ½ºÆÄÀÌ ¸Ö¿þ¾î°¡ µîÀåÇß½À´Ï´Ù. Çìµå¶óÀθ¸ ´ëÃæ ÈȾîºÁµµ °ü·Ã Å°¿öµå°¡ ³ª¿É´Ï´Ù. ±¹°¡ ¹èÈÄ, ½ºÅνº³Ý, GSM ³×Æ®¿öÅ©°¡ ¹Ù·Î ±×°ÍÀÌÁÒ. ÇϳªÇϳª ´ë·«ÀûÀ¸·Î »ìÆ캾½Ã´Ù.
¾î´À ³ª¶óÀÎÁö ¸ð¸£°ÚÁö¸¸ ±¹°¡ÀÇ ÈÄ¿øÀÌ ÀÖÀ» °ÍÀ̶ó´Â ¿¹»óÀº ÀÌ ¸Ö¿þ¾î°¡ »ó´çÈ÷, ºñÁ¤»óÀûÀ¸·Î º¹ÀâÇÏ°Ô ¸¸µé¾îÁ® Àֱ⠶§¹®À̶ó°í ÇÕ´Ï´Ù. ¿©Å±îÁö ¹àÇôÁø ¹Ù¿¡ ÀÇÇÏ¸é ·¹±äÀº ¹éµµ¾î À¯Çü Æ®·ÎÀ̸ñ¸¶ÀÇ ÀÏÁ¾ÀÌ¸ç ¸ñÇ¥¿¡ µû¶ó Ä¿½ºÅ͸¶ÀÌ¡ÀÌ °¡´ÉÇÏ´Ù°í ÇÕ´Ï´Ù. ¶ÇÇÑ °ø°Ý ´Ü°è¸¶´Ù ¾ÏÈ£È Ã³¸®°¡ µÇ¾î °¨Áö°¡ »ó´çÈ÷ ¾î·Æ´Ù°í Çϳ׿ä.
¶ÇÇÑ ½ºÅνº³ÝÀº ¿¹Àü¿¡ ¾Ç¸í ³ô¾Ò´ø ¿ú ¹ÙÀÌ·¯½ºÀÇ ÀÏÁ¾À¸·Î ƯÈ÷ ½ºÄ«´Ù ½Ã½ºÅÛÀ» °¨¿°½ÃÄ×´ø, ±²ÀåÈ÷ º¹ÀâÇÑ ±¸¼ºÀ» º¸¿©ÁÖ´Â ¸Ö¿þ¾î¿´½À´Ï´Ù. ´ç½Ã À̶õÀÇ ¿øÀÚ·Â ¹ßÀü¼Ò°¡ ÁÖ¿ä Ÿ±êÀ̾úÀ¸¸ç ±× º¹À⼺°ú °ø°ÝÀÇ Á¤±³ÇÔÀº ÀÏ°³ ´Üü¿¡¼´Â ÀüÇô ±¸ÇöÇÒ ¼ö ¾ø´Â °ÍÀ̶ó´Â °á·ÐÀÌ ÀÖ¾úÁÒ. ±×·± Á¡¿¡¼ À̹ø ·¹±äÀÌ ½ºÅνº³Ý°ú Âü ¸¹ÀÌ ´à¾Ò´Ù°í ÇÕ´Ï´Ù.
¶ÇÇÑ GSM ³×Æ®¿öÅ©´Â À¯·´Àü±âÅë½Å Ç¥ÁØÇùȸ¿¡¼ Á¦Á¤ÇÑ °³ÀÎ ÈÞ´ë Åë½Å ½Ã½ºÅÛ È¤Àº ±â¼úÀ̶ó°í º¼ ¼ö ÀÖ½À´Ï´Ù. À¯·´¿¡¼ ½ÃÀ۵ǾúÁö¸¸ ¼¼°è¿¡¼ °¡Àå ³Î¸® »ç¿ëµÇ°í ÀÖ´Â ³×Æ®¿öÅ© ¹æ½ÄÀÔ´Ï´Ù. ´ë·« 80%¶ó´Â Åë°èµµ ÀÖÀ» Á¤µµÀÔ´Ï´Ù. Çѱ¹¿¡¼µµ GSMÀÌ ¹«¼±Åë½ÅÀÇ ÀϺθ¦ Â÷ÁöÇÏ°í ÀÖ°í¿ä.
ÀÚ, ±×·³ ¾î´À ±¹°¡°¡ ÀÌ·± ÁþÀ» Çß´À³Ä°¡ ±Ã±ÝÇØÁö´Âµ¥¿ä, ¿¡ÇÁ½ÃÅ¥¾î¿¡ µû¸£¸é ÈçÈ÷µé ¶°¿Ã¸®´Â °Íó·³ Áß±¹°ú ·¯½Ã¾Æ´Â ¾Æ´Ñ °Íó·³ º¸Àδٰí ÇÕ´Ï´Ù. Á» ´õ ÀÚ¼¼ÇÑ ±â»ç´Â ¼Ò½ÄÀÌ ³ª¿À´Â ´ë·Î ¾÷µ¥ÀÌÆ® ÇÒ ¿¹Á¤ÀÔ´Ï´Ù.
2. ÀüÀÚ´ã¹è, »ç¶÷ »Ó ¾Æ´Ï¶ó ÄÄÇ»ÅÍ¿¡µµ Çطοö(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/malware-alert-ecigarettes-bad-for/
Áß±¹»ê ÀüÀÚ´ã¹è Áß ÀϺο¡ ¸Ö¿þ¾î°¡ ÇϵåÄÚµùµÈ °ÍÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù. Âü »ý°¢Çϱâ Èûµç °æ·Î·Î ¸Ö¿þ¾î°¡ ½É°ÜÁö´Âµ¥¿ä, ·¹µ÷¿¡ ÇÑ Ä¿¹Â´ÏƼ »ç¿ëÀÚ°¡ ÀÚ½ÅÀÇ À̾߱⸦ ¿Ã¸®¸é¼ ´ã¹è ¸Ö¿þ¾î À̾߱Ⱑ È®»êµÇ¾ú½À´Ï´Ù. ȸ»ç¿¡¼ ´ë±Ô¸ð À¯Ãâ»ç°í°¡ ÀÖ¾ú´Âµ¥ ¾Æ¹«¸® »ìÆìµµ ¸Ö¿þ¾îÀÇ Ä§Åõ °æ·Î¸¦ ãÀ» ¼ö°¡ ¾ø¾ú´Ù°í ÇÕ´Ï´Ù. ±×·¡¼ ÁöÄ£ ¼ö»çÆÀ¿¡¼ ÇØ´ç ½Ã½ºÅÛÀÇ »ç¿ëÀÚ¿¡°Ô ±×³É ¾Æ¹« »ç¼ÒÇÑ °ÍÀÌ¶óµµ ÃÖ±Ù »ýÈ° ÆÐÅÏ Áß ¹Ù²ï °Ô ÀÖ´Ù¸é ¸»ÇØ´Þ¶ó°í ¹«½ÉÄÚ ¹°¾îºÃ´Âµ¥ ¡°´ã¹è¸¦ ²÷¾ú´Ù¡±°í ´äÀ» ÇÏ´õ¶ø´Ï´Ù. ±×¸®°í °Å±â¿¡ µ¡ºÙ¿© ¡°±×¸®°í ÀüÀÚ´ã¹è¸¦ ÇDZ⠽ÃÀÛÇß¾î¿ä¡±¶ó°í Çߴµ¥ ±×°Ô °á±¹ Á¤´äÀ̾ú´ø ¡®¿ôÇ¡¯ À̾߱⿴½À´Ï´Ù. È£¶ûÀÌ ´ã¹èÇÇ´ø ½ÃÀýÀÌ ¾î´À »õ ÄÄÇ»ÅÍ ´ã¹è ÇÇ¿ì´Ù º´ °É¸®´Â ½ÃÀýÀÌ µÇ¾î¹ö·È½À´Ï´Ù.
3. ¾Æ¹Ù½ºÆ® ¹é½Å, À©µµ¿ì ÇȽº ÀüÇô °¨´çÇÏÁö ¸øÇØ(The Register)
http://www.theregister.co.uk/2014/11/24/you_stupid_brick_pcs_running_avast_av_cant_handle_windows_fixes/
°·ÂÇÑ ¹é½ÅÀ¸·Î À¯¸íÇÏ°í ¶Ç ½Å·Úµµµµ ³ôÀº ¾Æ¹Ù½ºÆ®°¡ ÃÖ±Ù À©µµ¿ì ÆÐÄ¡¿Í ¾÷µ¥ÀÌÆ®¿Í Ãæµ¹À» ÀÏÀ¸Å°°í ÀÖ½À´Ï´Ù. ƯÈ÷ À©µµ¿ì 8°ú 8.1 »ç¿ëÀÚµé Áß ¾Æ¹Ù½ºÆ®°¡ ¼³Ä¡µÈ ä·Î ÃÖ±Ù À©µµ¿ìÀÇ KB3000850 ¾÷µ¥ÀÌÆ®¸¦ ¼³Ä¡ÇÑ °æ¿ì, PC°¡ ÀüÇô ºÎÆõÇÁö ¾Ê´Â´Ù´Â ºÒ¸¸ÀÌ ¿©·µ Á¦±âµÇ°í ÀÖ´Ù°í ÇÕ´Ï´Ù. ¾Æ¹Ù½ºÆ® Ãøµµ ºü¸£°Ô ÆÐÄ¡¸¦ ¹ßÇ¥ÇßÁö¸¸ ´Ù¿î·Îµå ¼Óµµ°¡ ´À·ÁÁö´Â µîÀÇ ÀÌ»ó Çö»óÀÌ °è¼ÓÇؼ ¹ß»ýÇÏ°í ÀÖ´Ù´Â º¸°í°¡ ¿Ã¶ó¿À°í ÀÖ´Â ÁßÀÔ´Ï´Ù. ÀßÀ߸øÀÌ ´Ù °¡·ÁÁöÁö ¾ÊÀº °¡¿îµ¥, »ç¿ëÀÚµéÀº ÀüÀûÀÌ ¿©·µ ÀÖ´Â ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®¿¡ ºñ³ÀÇ È»ìÀ» ÁÖ·Î µ¹¸®´Â µí ÇÕ´Ï´Ù.
4. ±¸±ÛÀÇ ¡°»êŸ¡±, ¸Æ¿ë OS XÀÇ ¹ÙÀ̳ʸ® È®ÀÎ(Security Week)
http://www.securityweek.com/googles-santa-tracks-naughty-and-nice-binaries-mac-os-x
±¸±ÛÀÇ ¸ÅŲÅä½Ã ¿î¿µ ÆÀ¿¡¼ ÃÖ±Ù »êŸ¶ó´Â ¼Ò½ºÄڵ带 ¹ßÇ¥Çß½À´Ï´Ù. ¾ÖÇÃÀÇ OS X¿¡¼ ¹ÙÀ̳ʸ®µéÀ» È®ÀÎÇØ ÈÀÌÆ®¸®½ºÆ® ¹× ºí·¢¸®½ºÆ® ½ÃÅ°´Â ±â´ÉÀ» °¡Áø ÅøÀ̶ó°í ÇÕ´Ï´Ù. ÃÖ±Ù ¸ÆŲÅä½Ã ȯ°æÀ» °Ü³ÉÇÑ °ø°ÝÀÌ ºó¹øÇÏ°Ô ÀÌ·ç¾îÁö°í ÀÖ´Â °¡¿îµ¥ ±¸±ÛÀÌ ºü¸£°Ô ´ëÀÀÀ» ÇÑ °ÍÀä, ¾Èµå·ÎÀ̵åÀÇ ¸ðüÀÎ ±¸±Û¿¡¼, ¶óÀ̹úÀÎ iOSÀÇ ¸ðÅÂÀÎ OS X¸¦ º¸È£ÇÒ ¼ö´ÜÀ» ¸¶·ÃÇß´Ù´Â °Ô ¾ÆÀÌ·¯´ÏÇϱ⵵ ÇÏ°í ¹¦Çϱ⵵ ÇÏ°í ÀÇÁßÀÌ ¹»±î ±Ã±ÝÇϱ⵵ ÇÕ´Ï´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>