An gano ƙungiyar barazanar APT kwanan nan ta amfani da kamfen ɗin mashi don yin amfani da cutar ta kwalara don rarraba malware.
Duniya a halin yanzu tana fuskantar yanayi na musamman saboda cutar sankara na Covid-19 na yanzu. Don ƙoƙarin dakatar da yaduwar cutar, kamfanoni da yawa a duniya sun ƙaddamar da sabon yanayin aiki na nesa (na nesa). Hakan ya kara fadada yadda ake kai hare-hare, wanda ke zama babban kalubale ga kamfanoni ta fuskar tsaron bayanan, tunda a yanzu suna bukatar kafa tsauraran dokoki da daukar mataki. don tabbatar da ci gaba da aiki na kamfani da tsarin IT.
Duk da haka, faffadar harin ba shine kawai haɗarin yanar gizo da ya bayyana a cikin 'yan kwanaki na ƙarshe ba: yawancin masu aikata laifuka ta yanar gizo suna yin amfani da wannan rashin tabbas na duniya don gudanar da yakin basasa, rarraba malware da kuma haifar da barazana ga tsaron bayanan kamfanoni da yawa.
APT tana amfani da cutar ta kwalara
A ƙarshen makon da ya gabata, an gano wata ƙungiyar Advanced Persistent Threat (APT) mai suna Vicious Panda da ke gudanar da yaƙin neman zaɓe. , yin amfani da cutar ta coronavirus don yada malware. Imel ɗin ya gaya wa mai karɓa yana ɗauke da bayanai game da coronavirus, amma a zahiri imel ɗin ya ƙunshi fayilolin RTF (Tsarin Rubutun Rikici) guda biyu na mugunta. Idan wanda aka azabtar ya buɗe waɗannan fayiloli, an ƙaddamar da Trojan (RAT), wanda, a cikin wasu abubuwa, yana da ikon ɗaukar hotunan kariyar kwamfuta, ƙirƙirar jerin fayiloli da kundayen adireshi akan kwamfutar wanda aka azabtar, da zazzage fayiloli.
Ya zuwa yanzu dai wannan gangamin ya shafi bangaren jama'a na kasar Mongoliya, kuma a cewar wasu kwararrun kasashen yammacin duniya, wannan na nuni da harin baya-bayan nan a hare-haren da kasar Sin ke ci gaba da kai wa gwamnatoci da kungiyoyi daban-daban na duniya. A wannan karon, fifikon kamfen ɗin shine cewa tana amfani da sabon yanayin coronavirus na duniya don ƙarin kamuwa da cutar da abin ya shafa.
Da alama imel ɗin ɗin ya fito daga Ma'aikatar Harkokin Waje ta Mongolian kuma ta yi iƙirarin ƙunshi bayanai game da adadin mutanen da suka kamu da cutar. Don yin amfani da wannan fayil ɗin, maharan sun yi amfani da RoyalRoad, sanannen kayan aiki a tsakanin masu yin barazanar Sinawa wanda ke ba su damar ƙirƙirar takaddun al'ada tare da abubuwan da aka saka waɗanda za su iya yin amfani da rashin lahani a cikin Editan Equation da aka haɗa cikin MS Word don ƙirƙirar ƙididdiga masu rikitarwa.
Dabarun Tsira
Da zarar wanda aka azabtar ya buɗe fayilolin RTF masu ɓarna, Microsoft Word yana amfani da raunin don loda malicious fayil (intel.wll) cikin babban fayil ɗin farawa Word (% APPDATA%MicrosoftWordSTARTUP). Yin amfani da wannan hanyar, ba kawai barazanar ta zama mai juriya ba, har ma tana hana duk sarkar kamuwa da cuta fashewa lokacin da ke gudana a cikin akwatin yashi, tunda dole ne a sake kunna Word don ƙaddamar da malware gaba ɗaya.
Fayil ɗin intel.wll sai ya loda fayil ɗin DLL wanda ake amfani da shi don saukar da malware da sadarwa tare da umarni da sarrafa uwar garke. Umurni da uwar garken sarrafawa suna aiki na ƙayyadaddun lokaci a kowace rana, yana sa ya zama da wahala a bincika da samun damar mafi yawan sassan sarkar kamuwa da cuta.
Duk da haka, masu binciken sun iya tantance cewa a matakin farko na wannan sarkar, nan da nan bayan samun umarnin da ya dace, ana loda RAT kuma an cire shi, kuma ana loda DLL, wanda aka loda cikin ƙwaƙwalwar ajiya. Gine-gine-kamar plugin ɗin yana nuna cewa akwai wasu nau'o'in ƙari ga kayan aikin da aka gani a cikin wannan kamfen.
Matakan kariya daga sabon APT
Wannan mummunan yaƙin neman zaɓe yana amfani da dabaru da yawa don kutsa kai cikin tsarin waɗanda abin ya shafa sannan kuma ya lalata amincin bayanan su. Don kare kanka daga irin waɗannan kamfen, yana da mahimmanci a ɗauki matakai da yawa.
Na farko yana da mahimmanci: yana da mahimmanci ga ma'aikata su kasance masu hankali da hankali yayin karɓar imel. Imel na ɗaya daga cikin manyan hanyoyin kai hari, amma kusan babu kamfani da zai iya yin ba tare da imel ba. Idan kun karɓi imel daga wanda ba a sani ba, yana da kyau kada ku buɗe shi, kuma idan kun buɗe shi, to kar ku buɗe wani haɗe-haɗe ko danna kowane hanyar haɗin yanar gizo.
Don lalata amincin bayanan waɗanda abin ya shafa, wannan harin yana amfani da rauni a cikin Word. A gaskiya ma, raunin da ba a ɓoye ba shine dalili , kuma tare da wasu al'amurran tsaro, za su iya haifar da manyan laifukan bayanai. Wannan shine dalilin da ya sa yana da mahimmanci a yi amfani da facin da ya dace don rufe raunin da wuri-wuri.
Don kawar da waɗannan matsalolin, akwai hanyoyin da aka tsara musamman don ganewa, . Tsarin yana bincika facin da ake buƙata ta atomatik don tabbatar da amincin kwamfutocin kamfani, yana ba da fifiko mafi ɗaukaka sabuntawa da tsara tsarin shigarwa. Ana ba da rahoton bayanai game da facin da ke buƙatar shigarwa ga mai gudanarwa koda lokacin da aka gano amfani da malware.
Maganin na iya haifar da shigar da facin da ake buƙata nan da nan, ko kuma za a iya tsara shigarwar su daga na'ura mai sarrafa na'ura ta yanar gizo, idan ya cancanta keɓance kwamfutoci marasa faci. Ta wannan hanyar, mai gudanarwa na iya sarrafa faci da sabuntawa don ci gaba da gudanar da kamfani cikin sauƙi.
Abin takaici, harin yanar gizo da ake magana a kai ba shakka ba zai zama na ƙarshe don cin gajiyar yanayin coronavirus na duniya na yanzu don lalata amincin bayanan kasuwancin ba.
source: www.habr.com