Mumwe mushumiri weJapan akashamisa sei matsotsi?
Huwandu hwenzira dzekuvanza, kuvanza nekutsausa muvengi - ingave cybercrime kana cyberwarfare - iri kukura zvisingaite. Zvinogona kutaurwa kuti nhasi hackers kashoma, nekuda kwemukurumbira kana bhizinesi, vanoratidza zvavakaita.
Mutsara wekukundikana kwehunyanzvi panguva yekuvhura kwegore rapfuura Winter Olympics muKorea, yaive mhedzisiro yecyberattack. The Guardian yakashuma kuti kusawanikwa kwewebhusaiti yeMitambo, kutadza kweWi-Fi munhandare uye terevhizheni dzakaputsika mukamuri yekutsikisa zvakakonzerwa nekurwiswa kwakanyanya kupfuura zvaifungidzirwa pakutanga. Vapambi vakawana mukana kune network yevarongi pachine nguva uye vakaremadza makomputa mazhinji nenzira ine hunyengeri - kunyangwe akawanda ekuchengetedza matanho.
Kutozosvikira migumisiro yayo yaonekwa, muvengi akanga asingaoneki. Pakangoonekwa kuparadzwa, kwakaramba kwakadaro (1). Pave paine dzidziso dzakati wandei dzekuti ndiani aive ari kukonzeresa kurwiswa uku. Maererano nevanonyanya kufarirwa, maitiro akatungamirira kuRussia - maererano nevamwe vatauriri, izvi zvinogona kutsiva kubviswa kwezvikwangwani zvehurumende zveRussia kubva muMitambo.
Zvimwe fungidziro dzakanangana kuNorth Korea, iyo inogara ichitsvaga kuseka muvakidzani wayo wekumaodzanyemba, kana China, inova simba rehacker uye kazhinji iri pakati pevanofungidzirwa. Asi zvese izvi zvaive zvekubviswa kwemutikitivha pane mhedziso yakavakirwa paumboo husingarambike. Uye mune dzakawanda dzezviitiko izvi, isu takatongerwa chete kune rudzi urwu rwekufungidzira.
Sezvo mutemo, kusimbisa kunyorwa kweiyo cyber kurwisa ibasa rakaoma. Havangoiti chete matsotsi anowanzosiya zvisaririra zvinozivikanwa, asi anowedzerawo zviratidzo zvinovhiringa nzira dzavo.
Zvakanga zvakaita seizvi kurwisa pamabhangi ePoland pakutanga kwe2017. BAE Systems, iyo yakatanga kutsanangura kurwiswa kwepamusoro-soro kuBanglaki National Bank, yakanyatsoongorora zvimwe zvinhu zvemarware iyo yakanangana nemakomputa mumabhangi ePoland uye yakagumisa kuti vanyori vayo vaiedza kutevedzera vanhu vanotaura chiRussia.
Code zvinhu zvine mazwi echiRussia ane kududzira kunoshamisa - semuenzaniso, izwi rechiRussia mune isina kujairika fomu "mutengi". BAE Systems inofungidzira kuti vapambi vakashandisa Google Translate kunyepedzera kunge matsotsi ekuRussia vachishandisa mazwi ekuRussia.
Chivabvu 2018 Banco de Chile akabvuma kuti aive nematambudziko uye akakurudzira kuti vatengi vashandise masevhisi emabhengi epamhepo nefoni, pamwe nemaATM. Pazvidzitiro zvemakomputa ari mumadhipatimendi, nyanzvi dzakawana zviratidzo zvekukuvadza kune zvikamu zvebhoti zve disks.
Mushure memazuva akati wandei ekutarisa mambure, zvakawanikwa zvichisimbisa kuti huwori hukuru hwemadhisiki hwakaitika pazviuru zvemakomputa. Zvinoenderana neruzivo rusina pamutemo, mhedzisiro yacho yakabata 9 zviuru zvevanhu. makomputa uye 500 maseva.
Imwezve ongororo yakaratidza kuti hutachiona hwakanga hwanyangarika mubhanga panguva yekurwiswa. $ 11 mamirioniuye mamwe manyuko anonongedzera kuchitsama chakatokura! Vanamazvikokota vezvekuchengetedzwa kwenyika vakazopedzisira vaona kuti madhisiki akanga aparara ekombuta yebhanga aingova maficha ekuti matsotsi aba. Zvisinei, bhangi harisimbisi zviri pamutemo izvi.
Zero mazuva ekugadzirira uye zero mafaira
Mugore rapfuura, zvingangoita zvikamu zviviri muzvitatu zvemakambani makuru pasi rose zvakabudirira kurwiswa nematsotsi. Ivo vaiwanzo shandisa matekiniki anoenderana nekusagadzikana kwezuva-zero uye izvo zvinodaidzwa. fileless kurwisa.
Izvi ndizvo zvakawanikwa neState of Endpoint Security Risk report yakagadzirwa nePonemon Institute yakamiririra Barkly. Ese ari maviri maitiro ekurwisa marudzi emuvengi asingaoneki ari kuwedzera mukurumbira.
Maererano nevanyori vekudzidza, mugore rekupedzisira chete, nhamba yekurwisa masangano makuru enyika yakawedzera ne20%. Isu tinodzidzawo kubva mushumo kuti avhareji kurasikirwa kwakaitika nekuda kwezviito zvakadaro inofungidzirwa pamadhora 7,12 miriyoni imwe neimwe, inova $440 pachinzvimbo chakarwiswa. Mari idzi dzinosanganisira kurasikirwa chaiko kwakakonzerwa nematsotsi uye mutengo wekudzoreredza masisitimu akarwiswa kumamiriro awo epakutanga.
Kurwiswa kwakajairika kwakaoma zvakanyanya kupikisa, sezvo kazhinji kunoenderana nekusagadzikana mumasoftware izvo zvisingazivikanwe nemugadziri kana vashandisi. Iyo yekutanga haigone kugadzirira iyo yakakodzera yekuchengetedza gadziriso, uye iyo yekupedzisira haigone kuita nzira dzakakodzera dzekuchengetedza.
"Inosvika makumi manomwe neshanu muzana ekurwiswa kwakabudirira kwakavakirwa pakushandiswa kwekusagadzikana kwezuva rezero kana imwe malware yaimbozivikanwa, zvinoreva kuti yakashanda zvakapetwa kana kupfuura nzira dzekare dzaimboshandiswa nematsotsi," vanotsanangura vamiriri vePonemon Institute. .
Nzira yechipiri isingaoneki, fileless kurwisa, ndeyekumhanyisa kodhi yakashata pane sisitimu uchishandisa "matipi" akasiyana (semuenzaniso, nekupinza chibairo muwebhusaiti), pasina kuda kuti mushandisi atore kana kumhanyisa chero faira.
Matsotsi ari kushandisa nzira iyi zvakanyanya uye kazhinji sekurwisa kwekare kutumira mafaera ane hutsinye (senge magwaro eHofisi kana mafaera ePDF) kuvashandisi zvinova zvishoma uye zvishoma kushanda. Pamusoro pezvo, kurwiswa kunowanzo kunoenderana nekusagadzikana kwesoftware izvo zvinotozivikanwa uye zvakagadziriswa - dambudziko nderekuti vashandisi vazhinji havagadzirise maapplication avo kazhinji zvakakwana.
Kusiyana nemamiriro ari pamusoro, iyo malware haiisi iyo inogoneka pa diski. Pane kudaro, inomhanya pandangariro yemukati yekombuta yako, inova RAM.
Izvi zvinoreva kuti chinyakare antivirus software ichave yakaoma kuona hutachiona husina kunaka nekuti haiwane faira inonongedzera kwairi. Kuburikidza nekushandiswa kwemalware, munhu anorwisa anogona kuvanza kuvepo kwake pakombuta pasina kusimudza alarm uye kukonzera kwakasiyana kukuvara (kuba ruzivo, kudhawunirodha imwe malware, kuwana mukana wepamusoro ropafadzo, nezvimwewo).
Fileless malware inonzi zvakare (AVT). Dzimwe nyanzvi dzinoti zvakatoipa kupfuura (APT).
2. Ruzivo nezve saiti yakabiwa
Kana HTTPS Isingabatsire
Zvinoita sokuti nguva apo matsotsi akatora nzvimbo yacho, achichinja zviri papeji huru, achiisa mashoko pairi mumavara makuru (2), aenda zvachose.
Parizvino, chinangwa chekurwisa ndechekunyanya kuwana mari, uye matsotsi anoshandisa nzira dzese kuti awane mabhenefiti anooneka emari mune chero mamiriro ezvinhu. Mushure mekutora, mapato anoedza kuramba akavigwa kwenguva yakareba sezvinobvira uye kuita purofiti kana kushandisa zvigadzirwa zvakawanikwa.
Kupinza kodhi yakaipa mumawebhusaiti asina kuchengetedzwa zvakanaka kunogona kuve nezvinangwa zvakasiyana, sezvemari (kuba kweruzivo rwekadhi rechikwereti). Zvakambonyorwa nezvazvo Bulgarian zvinyorwa yakaunzwa pawebhusaiti yeHofisi yeMutungamiriri weRepublic of Poland, asi hazvina kukwanisa kutaura zvakajeka kuti chinangwa chekubatanidza kune mafonti ekunze chaive chii.
Imwe nzira itsva ndiyo inodaidzwa kuti, kureva, mabheji anoba nhamba dzekadhi rechikwereti pamawebhusaiti ezvitoro. Mushandisi wewebhusaiti anoshandisa HTTPS(3) akatodzidziswa uye akajairira kutarisa kana webhusaiti yakapihwa yakanyorwa nechiratidzo ichi, uye kuvapo chaiko kwekichi kwave humbowo hwekuti hapana kutyisidzira.
3. Mazita eHTTPS mukero yeInternet
Nekudaro, matsotsi anoshandisa iyi-kunyanya kuvimba nesaiti chengetedzo nenzira dzakasiyana: vanoshandisa zvitupa zvemahara, vanoisa favicon muchimiro chekuvhara pasaiti, uye vanobaya kodhi ine hutachiona mune kodhi kodhi yesaiti.
Ongororo yenzira dzehutachiona hwezvimwe zvitoro zvepamhepo zvinoratidza kuti vapambi vakatamisa ma skimmers emuviri eATM kune cyber world nenzira ye. Paunenge uchiita dhizaini yekuchinjisa kutenga, mutengi anozadza fomu rekubhadhara raanoratidza data rese (nhamba yekadhi rechikwereti, zuva rekupera, nhamba yeCVV, yekutanga uye yekupedzisira zita).
Kubhadhara kunotenderwa nechitoro nenzira yechinyakare, uye nzira yese yekutenga inoitwa nemazvo. Zvisinei, munyaya yekushandiswa, kodeti (mutsara mumwe chete weJavaScript wakakwana) unopinzwa panzvimbo yechitoro, izvo zvinoita kuti data ipinde mufomu inotumirwa kune server yevanorwisa.
Imwe yemhosva dzakakurumbira dzerudzi urwu kwaive kurwiswa kwewebhusaiti US Republican Party Store. Mukati memwedzi mitanhatu, kadhi rechikwereti remutengi rakabiwa ndokuendeswa kune server yeRussia.
Nekuongorora traffic yezvitoro uye dhata remusika mutema, zvakatemwa kuti makadhi echikwereti akabiwa aunza purofiti yemadhora mazana matanhatu emakumi matanhatu ematsotsi. madhora.
Muna 2018, vakabiwa nenzira yakafanana. smartphone mugadziri OnePlus mutengi data. Iyo kambani yakabvuma kuti sevha yayo yakanga yatapukirwa, uye ruzivo rwekadhi rechikwereti rwakavigwa mubrowser chaimo ndokutumirwa kumatsotsi asingazivikanwe. Zvakanzi data yevanhu makumi mana yakagoverwa nenzira iyi. vatengi.
Njodzi mumidziyo
Nzvimbo yakakura uye inokura yekutyisidzira kusingaonekwe kwecyber inogadzirwa nemhando dzese dzehunyanzvi hwakavakirwa pamidziyo yedhijitari, ingave iri muchimiro chemachipisi akaiswa muchivande muzvinhu zvinoita kunge zvisingakuvadze kana spy zvishandiso.
Pakuwanikwa kwekuwedzera, kwakaziviswa muna Gumiguru gore rapfuura neBloomberg, miniature spy chips mumidziyo yekufambisa mashoko, kusanganisira. muEthernet zvitoro (4) inotengeswa neApple kana Amazon yakava yekunzwa muna 2018. Nzira iyi yakatungamira kuna Supermicro, mugadziri wemidziyo muChina. Nekudaro, ruzivo rweBloomberg rwakazorambwa nevose vanofarira - kubva kuChinese kuenda kuApple neAmazon.
4. Ethernet network ports
Sezvazvakazoitika, zvakare isina ma implants akakosha, "zvakajairika" komputa hardware inogona kushandiswa mukurwisa chinyararire. Semuenzaniso, zvakaonekwa kuti bug muIntel processors, iyo yatichangobva kunyora nezvayo muMT, iyo inosanganisira kugona "kufanotaura" mashandiro anotevera, inokwanisa kubvumira chero software (kubva painjini yedatabase kuenda kuJavaScript iri nyore kumhanya. mubrowser) kuwana chimiro kana zviri mukati menzvimbo dzakachengetedzwa dzekernel memory.
Makore mashoma apfuura, takanyora nezve midziyo inobvumidza iwe kubira muchivande uye kunosora pamidziyo yemagetsi. Isu takatsanangura makumi mashanu-mapeji "ANT Shopping Catalog" yaiwanikwa online. Sekunyora kwaSpiegel, zvinobva kwaari kuti vamiriri vehungwaru vanonyanya kurwa necyber warfare vanosarudza "zvombo" zvavo.
Rondedzero iyi inosanganisira zvigadzirwa zvemakirasi akasiyana, kubva painzwi wave uye iyo $30 LOUDAUTO yekuteerera mudziyo kusvika kumadhora makumi mana. CANDYGRAM madhora, ayo anoshandiswa kuisa yako kopi yeGSM cell tower.
Rondedzero iyi haisanganisi Hardware chete, asiwo yakakosha software, yakadai seDROPOUTJEEP, iyo, mushure me "kuiswa" mu iPhone, inobvumira, pakati pezvimwe zvinhu, kudzoreredza mafaera kubva mundangariro dzayo kana kuchengetedza mafaira kwairi. Saka, iwe unogona kugamuchira zvinyorwa zvetsamba, mameseji eSMS, mameseji ezwi, pamwe nekudzora uye kutsvaga kamera.
Kutarisana nesimba uye kuvepo kwevavengi vasingaoneki, dzimwe nguva unonzwa usingabatsiri. Ndicho chikonzero nei asiri munhu wese ari kushamisika uye kunakidzwa maitiro eYoshikaka Sakurada, gurukota rinoona nezvegadziriro dzemitambo yeOlympics yeTokyo 2020 uye mutevedzeri wemukuru wehofisi yehurumende yecybersecurity strategy, anonzi haana kumbobvira ashandisa kombiyuta.
Pamwe aisaonekwa nemuvengi, kwete muvengi kwaari.
Rondedzero yematemu ane hukama neasingaoneki cyber muvengi
Software yakaipa yakagadzirirwa kupinda muchivande musystem, mudziyo, komputa, kana software, kana nekunzvenga matanho echinyakare ekuchengetedza.
Iyo bot - chishandiso chakasiyana chakabatana neInternet, chine malware uye chinosanganisirwa munetiweki yemidziyo yakafanana ine hutachiona. iyi inowanzova komputa, asi inogona zvakare kuve smartphone, piritsi, kana IoT-yakabatana michina (senge router kana firiji). Inogashira mirairo yekushanda kubva kumirairo uye control server kana zvakananga, uye dzimwe nguva kubva kune vamwe vashandisi pane network, asi nguva dzose pasina ruzivo kana ruzivo rwemuridzi. vanogona kusanganisira michina inosvika miriyoni uye kutumira spam inosvika mabhiriyoni makumi matanhatu pazuva. Izvo zvinoshandiswa pazvinangwa zvekubiridzira, kugamuchira ongororo dzepamhepo, kugadzirisa masocial network, pamwe nekuparadzira spam uye.
- mu2017, tekinoroji nyowani yekuchera Monero cryptocurrency mumabhurawuza ewebhu yakaonekwa. Iyo script yakagadzirwa muJavaScript uye inogona kuiswa nyore nyore mune chero peji. Kana mushandisi
komputa inoshanyira peji rakadaro rine hutachiona, iyo komputa simba remudziyo wayo rinoshandiswa kuchera cryptocurrency. Iyo yakawanda nguva yatinoshandisa pamhando idzi dzewebhusaiti, iyo yakawanda CPU kutenderera mumidziyo yedu inogona kushandiswa necybercriminal.
-Yakashata software inoisa imwe mhando yemalware, senge hutachiona kana backdoor. kazhinji yakagadzirirwa kudzivirira kuonekwa nemhinduro dzechinyakare
antivirus, kusanganisira. nekuda kwekunonoka activation.
Malware inoshandisa kusazvibata mune software yepamutemo kukanganisa komputa kana system.
-Kushandisa software kuunganidza ruzivo rwunechekuita nerumwe rudzi rwemashandisirwo ekhibhodi, senge kutevedzana kwealphanumeric/special characters ine chekuita nemamwe mazwi.
mazwi akakosha akadai se "bankofamerica.com" kana "paypal.com". Kana ichimhanya pazviuru zvemakomputa akabatana, cybercriminal inokwanisa kuunganidza ruzivo rwakadzama nekukurumidza.
-Yakashata software yakagadzirirwa kukuvadza komputa, system, kana data. Inosanganisira akati wandei ezvishandiso, kusanganisira Trojans, mavhairasi, uye makonye.
- kuedza kuwana ruzivo rwakadzama kana rwakavanzika kubva kumushandisi wemidziyo yakabatana neInternet. MaCybercriminals anoshandisa nzira iyi kugovera zvemagetsi kune akasiyana siyana evakabatwa, zvichiita kuti vatore mamwe matanho, sekudzvanya pane chinongedzo kana kupindura kune email. Mune ino kesi, ivo vanozopa ruzivo rwemunhu senge zita rekushandisa, password, bhangi kana ruzivo rwemari kana ruzivo rwekadhi rechikwereti ivo vasingazive. Nzira dzekugovera dzinosanganisira email, kushambadzira kwepamhepo uye SMS. Musiyano kurwiswa kwakanangidzirwa kune chaivo vanhu kana mapoka evanhu, sevakuru vemakambani, vane mukurumbira, kana vakuru vakuru vehurumende.
-Yakashata software iyo inokutendera iwe kuti uwane pachivande nzvimbo dzekombuta, software kana system. Iyo inowanzo gadzirisa iyo hardware inoshanda sisitimu nenzira yekuti inoramba yakavanzika kubva kumushandisi.
-Marware iyo inosora pamushandisi wekombuta, kubata makiyi, maemail, zvinyorwa, uye kunyange kuvhura vhidhiyo kamera pasina ruzivo rwake.
- nzira yekuvanza faira, meseji, mufananidzo kana bhaisikopo mune imwe faira. Tora mukana weiyi tekinoroji nekurodha mafaira emifananidzo anoita seasina kukuvadza ane hova dzakaoma.
mameseji anotumirwa pamusoro peC&C chiteshi (pakati pekombuta neserver) akakodzera kushandiswa zvisiri pamutemo. Mifananidzo inogona kuchengetwa pawebhusaiti yakabiwa kana kunyange
mumasevhisi ekugovana mifananidzo.
Encryption/complex protocol inzira inoshandiswa mukodhi kuvharidzira kutapurirana. Mamwe mapurogiramu ane malware, akadai seTrojan, encrypt zvose malware kugovera uye C & C (kutonga) kutaurirana.
imhando yekusadzokorora malware iyo ine yakavanzika mashandiro. Iyo Trojan kazhinji haiedzi kuparadzira kana kuzvipinza mune mamwe mafaera.
- kusanganiswa kwemazwi ("izwi") uye. Zvinoreva kushandisa nharembozha kuwana ruzivo rwakadzama rwemunhu senge nhamba dzebhangi kana dzekiredhiti.
Kazhinji, munhu akabatwa anogashira otomatiki meseji dambudziko kubva kune mumwe munhu anoti anomiririra sangano rezvemari, ISP, kana kambani yehunyanzvi. Iyo meseji inogona kukumbira nhamba yeakaundi kana PIN. Kana iyo yekubatanidza ichinge yaitwa, inotungamirwa kuburikidza nesevhisi kune anorwisa, uyo anobva akumbira yakawedzera yakavanzika data yemunhu.
(BEC) - rudzi rwekurwisa kune chinangwa chekunyengedza vanhu kubva kukambani kana sangano rakapihwa uye kuba mari nekutevedzera.
inotongwa na. Matsotsi anowana mukana kune yekambani system kuburikidza neyakajairwa kurwiswa kana malware. Ivo vanobva vadzidza chimiro chesangano rekambani, masisitimu ayo emari, uye manejimendi eemail maitiro uye hurongwa.
Onawo:
