Barka da zuwa sabon jerin labarai, wannan karon kan batun binciken abin da ya faru, wato nazarin malware ta amfani da bincike na Check Point. Mun buga a baya
Me yasa masu binciken binciken abubuwan da suka faru ke da mahimmanci? Da alama kun kama kwayar cutar, ta riga ta yi kyau, me yasa kuke magance ta? Kamar yadda aikin ya nuna, yana da kyau ba kawai don toshe harin ba, amma kuma don fahimtar ainihin yadda yake aiki: menene ma'anar shigarwa, abin da aka yi amfani da rashin lahani, abin da matakai ke ciki, ko tsarin rajista da tsarin fayil ya shafi, menene iyali. na ƙwayoyin cuta, menene yiwuwar lalacewa, da dai sauransu. Ana iya samun wannan da sauran bayanai masu amfani daga cikakkun rahotannin binciken bincike na Check Point (duka na rubutu da na hoto). Yana da matukar wahala a sami irin wannan rahoton da hannu. Wannan bayanan na iya taimakawa wajen daukar matakan da suka dace da kuma hana irin wadannan hare-hare samun nasara a nan gaba. A yau za mu kalli rahoton bincike na bincike na Check Point SandBlast Network.
SandBlast Network
Yin amfani da akwatunan yashi don ƙarfafa kariyar kewayen hanyar sadarwa ya daɗe ya zama ruwan dare kuma yana da mahimmanci kamar IPS. A Check Point, Tushen Ƙirar Barazana, wanda wani ɓangare ne na fasahar SandBlast (akwai Haɗin Barazana), yana da alhakin aikin akwatin yashi. Mun riga mun buga a baya
- Kayan Aikin Gida na SandBlast - an shigar da ƙarin kayan aikin SandBlast akan hanyar sadarwar ku, wanda ake aika fayiloli don bincike.
- SandBlast Cloud - Ana aika fayiloli don bincike zuwa gajimaren Check Point.
Sandbox za a iya la'akari da layin tsaro na ƙarshe a kewayen cibiyar sadarwa. Yana haɗawa kawai bayan bincike ta hanyar gargajiya - riga-kafi, IPS. Kuma idan irin waɗannan kayan aikin sa hannu na gargajiya ba su samar da kusan kowane nazari ba, to, akwatin yashi na iya "bayyana" dalla-dalla dalilin da ya sa aka toshe fayil ɗin da abin da yake aikata mugunta. Ana iya samun wannan rahoton binciken bincike daga duka akwatin yashi na gida da gajimare.
Bincika Rahoton Ƙididdigar Ƙididdiga
Bari mu ce kai, a matsayinka na ƙwararren tsaro na bayanai, ka zo aiki ka buɗe dashboard a SmartConsole. Nan da nan za ku ga abubuwan da suka faru a cikin sa'o'i 24 da suka gabata kuma hankalinku ya ja hankali ga abubuwan da suka faru na Barazana - hare-hare mafi haɗari waɗanda ba a toshe su ta hanyar binciken sa hannu ba.
Kuna iya "zuba ƙasa" cikin waɗannan abubuwan da suka faru kuma ku ga duk rajistan ayyukan na Barazana Kwaikwayo.
Bayan wannan, zaku iya kuma tace rajistan ayyukan ta hanyar barazanar matakin mahimmanci (Mai tsanani), da kuma ta Matsayin Amincewa (amincin amsa):
Bayan fadada taron da muke sha'awar, za mu iya sanin cikakken bayani (src, dst, tsanani, mai aikawa, da sauransu):
Kuma a can za ku iya ganin sashin Masu bincike tare da samuwa Summary rahoto. Danna kan shi zai buɗe cikakken bincike na malware a cikin nau'in shafin HTML mai mu'amala:
(Wannan wani bangare ne na shafin.
Daga wannan rahoton, za mu iya zazzage ainihin malware (a cikin rumbun adana kalmar sirri), ko tuntuɓi ƙungiyar amsawar Check Point nan da nan.
A ƙasa za ku iya ganin kyakkyawar raye-rayen da ke nunawa a cikin sharuddan kashi waɗanda riga aka san lambar ɓarna misalin mu yana da alaƙa (ciki har da lambar kanta da macros). Ana isar da waɗannan nazarce-nazarcen ta amfani da koyan na'ura a cikin Cloud Cloud Barazana.
Sa'an nan za ku iya ganin ainihin ayyukan da ke cikin akwatin yashi ya ba mu damar yanke cewa wannan fayil ɗin yana da mugunta. A wannan yanayin, muna ganin amfani da dabarun kewayawa da ƙoƙarin zazzage ransomware:
Ana iya lura cewa a cikin wannan yanayin, an aiwatar da kwaikwayi a cikin tsarin guda biyu (Win 7, Win XP) da nau'ikan software daban-daban (Office, Adobe). A ƙasa akwai bidiyo ( nunin faifai) tare da aiwatar da buɗe wannan fayil a cikin akwatin yashi:
Misalin bidiyo:
A ƙarshe muna iya ganin dalla-dalla yadda harin ya kasance. Ko dai a sigar tambura ko a hoto:
A can za mu iya zazzage wannan bayanin a cikin tsarin RAW da fayil ɗin pcap don cikakken nazari na zirga-zirgar da aka samar a cikin Wireshark:
ƙarshe
Amfani da wannan bayanin, zaku iya ƙarfafa kariyar cibiyar sadarwar ku sosai. Toshe rundunonin rarraba ƙwayoyin cuta, kusa da raunin da aka yi amfani da su, toshe yuwuwar martani daga C&C da ƙari mai yawa. Bai kamata a yi watsi da wannan bincike ba.
A cikin labarai masu zuwa, hakazalika za mu kalli rahotannin Wakilin SandBlast, SnadBlast Mobile, da CloudGiard SaaS. Don haka ku kasance tare (
source: www.habr.com