Batun coronavirus a yau ya cika dukkanin ciyarwar labarai, kuma ya zama babban jigon ayyuka daban-daban na maharan da ke amfani da batun COVID-19 da duk abin da ke da alaƙa da shi. A cikin wannan bayanin, Ina so in jawo hankali ga wasu misalan irin wannan mummunan aiki, wanda, ba shakka, ba asiri ba ne ga yawancin kwararrun tsaro na bayanai, amma taƙaitaccen bayanin wanda a cikin rubutu ɗaya zai sauƙaƙe don shirya kanku sani. -Taro abubuwan da ke faruwa ga ma'aikata, wasu daga cikinsu suna aiki daga nesa wasu kuma sun fi fuskantar barazanar tsaro na bayanai daban-daban fiye da da.
Minti ɗaya na kulawa daga UFO
Duniya a hukumance ta ayyana barkewar cutar ta COVID-19, mai yuwuwar kamuwa da cuta mai saurin kamuwa da cutar ta SARS-CoV-2 coronavirus (2019-nCoV). Akwai bayanai da yawa akan Habré akan wannan batu - koyaushe ku tuna cewa yana iya zama abin dogaro/amfani da kuma akasin haka.
Muna ƙarfafa ku ku yi suka ga duk wani bayani da aka buga.
Majiyoyin hukuma
- Shafukan yanar gizo da ƙungiyoyin hukuma na hedkwatar aiki a yankuna
Idan ba ku zaune a Rasha, da fatan za a koma zuwa shafuka iri ɗaya a cikin ƙasar ku.
Wanke hannuwanku, kula da ƙaunatattunku, zauna a gida idan zai yiwu kuma kuyi aiki daga nesa.Karanta wallafe-wallafe game da: |
Ya kamata a lura cewa babu wata sabuwar barazanar da ke da alaƙa da coronavirus a yau. Maimakon haka, muna magana ne game da hare-haren da suka riga sun zama al'ada, kawai ana amfani da su a cikin sabon "miya." Don haka, zan kira manyan nau'ikan barazanar:
- shafukan yanar gizo da wasiƙun labarai masu alaƙa da coronavirus da lambar ɓarna masu alaƙa
- Zamba da ɓarna da nufin amfani da tsoro ko cikakkun bayanai game da COVID-19
- hare-hare kan kungiyoyin da ke da hannu a binciken coronavirus
A Rasha, inda 'yan ƙasa a al'ada ba su amince da hukumomi ba kuma sun yi imanin cewa suna ɓoye musu gaskiya, yiwuwar samun nasarar "inganta" shafukan yanar gizo da jerin wasiƙa, da kuma albarkatun yaudara, ya fi girma fiye da kasashe masu budewa. hukumomi. Ko da yake a yau babu wanda zai iya la'akari da kansu cikakken kariya daga m cyber fraudsters da suke amfani da duk classic mutum rauni na mutum - tsoro, tausayi, zari, da dai sauransu.
Ɗauki, alal misali, rukunin yanar gizo na yaudara da ke siyar da abin rufe fuska.
Hukumomin Amurka sun rufe irin wannan rukunin yanar gizon, CoronavirusMedicalkit[.] com, saboda rarraba rigakafin COVID-19 da babu shi kyauta tare da “kawai” aikawa da maganin. A wannan yanayin, tare da irin wannan ƙananan farashi, ƙididdiga ya kasance don gaggawar buƙatar magani a cikin yanayin firgita a Amurka.
Wannan ba babbar barazanar yanar gizo ba ce, tunda aikin maharan a wannan yanayin ba shine cutar da masu amfani ba ko satar bayanansu ko bayanan sirri, amma kawai a kan fargabar tsoro don tilasta musu fita su sayi abin rufe fuska a farashi mai tsada. ta 5-10-30 sau ƙetare ainihin farashi. Amma ainihin ra'ayin ƙirƙirar gidan yanar gizon karya wanda ke amfani da jigon coronavirus shima masu laifin cyber suna amfani da shi. Misali, ga rukunin yanar gizon da sunansa ya ƙunshi kalmar "covid19", amma kuma shafin yanar gizo ne.
Gabaɗaya, kula da sabis na binciken abubuwan da suka faru a kullun , kun ga yankuna nawa ake ƙirƙira waɗanda sunayensu ke ɗauke da kalmomin covid, covid19, coronavirus, da sauransu. Kuma da yawa daga cikinsu masu mugunta ne.
A wani yanayi da ake mayar da wasu daga cikin ma’aikatan kamfanin zuwa wurin aiki daga gida kuma ba a kiyaye su ta hanyar matakan tsaro na kamfanoni, yana da muhimmanci fiye da kowane lokaci a kula da albarkatun da ake samu daga na’urorin wayar hannu da tebur na ma’aikata, da saninsu ko ba tare da nasu ba. ilimi. Idan ba ku amfani da sabis ɗin don ganowa da toshe irin waɗannan yankuna (da Cisco haɗi zuwa wannan sabis ɗin yanzu kyauta ne), sannan a ƙaramar daidaita hanyoyin sa ido kan hanyar yanar gizo don saka idanu kan yankuna tare da mahimman kalmomin da suka dace. A lokaci guda kuma, ku tuna cewa tsarin gargajiya na baƙar fata, da kuma yin amfani da bayanan martaba, na iya gazawa, tun da an ƙirƙiri wuraren ɓarna da sauri kuma ana amfani da su a cikin hare-hare na 1-2 kawai don ba a wuce 'yan sa'o'i ba - sannan maharan suna canjawa zuwa sabbin yankuna na ephemeral. Kamfanonin tsaro na bayanai kawai ba su da lokacin da za su hanzarta sabunta tushen ilimin su da rarraba su ga duk abokan cinikin su.
Maharan suna ci gaba da yin amfani da tashar imel don rarraba hanyoyin haɗin yanar gizo da malware a cikin haɗe-haɗe. Kuma tasirin su yana da girma sosai, tunda masu amfani, yayin karɓar saƙon labarai na doka gaba ɗaya game da coronavirus, koyaushe ba za su iya gane wani abu mai muni a cikin ƙarar su ba. Kuma yayin da adadin masu kamuwa da cutar ke karuwa kawai, irin wannan barazanar kuma za ta karu kawai.
Misali, wannan shine misalin imel ɗin phishing a madadin CDC yayi kama:
Bi hanyar haɗin yanar gizon, ba shakka, baya kaiwa ga gidan yanar gizon CDC, amma zuwa shafin karya wanda ke satar shiga da kalmar sirrin wanda aka azabtar:
Ga misalin imel ɗin phishing da ake tsammani a madadin Hukumar Lafiya ta Duniya:
Kuma a cikin wannan misali, maharan suna la'akari da gaskiyar cewa mutane da yawa sun gaskata cewa hukumomi suna ɓoye ainihin girman kamuwa da cuta daga gare su, don haka masu amfani da su cikin farin ciki da kusan ba tare da jinkiri ba suna danna waɗannan nau'ikan haruffa masu alaƙa ko haɗin gwiwa waɗanda ke da alaƙa da ɓarna. zato zai tona duk asirin.
Af, akwai irin wannan rukunin yanar gizon , wanda ke ba ka damar bin diddigin alamomi daban-daban, misali, mace-mace, adadin masu shan taba, yawan jama'a a ƙasashe daban-daban, da sauransu. Gidan yanar gizon kuma yana da shafi da aka keɓe don coronavirus. Don haka lokacin da na je wurin a ranar 16 ga Maris, na ga wani shafi wanda na ɗan lokaci ya sa na yi shakkar cewa hukumomi suna gaya mana gaskiya (ban san mene ne dalilin waɗannan lambobin ba, watakila kuskure ne kawai):
Ɗaya daga cikin mashahuran kayayyakin more rayuwa waɗanda maharan ke amfani da su wajen aika irin waɗannan saƙon imel shine Emotet, ɗaya daga cikin mafi haɗari da kuma shaharar barazanar da aka fuskanta a kwanan nan. Takaddun kalmomi da aka makala zuwa saƙonnin imel sun ƙunshi masu saukar da Emotet, waɗanda ke loda sabbin abubuwa masu cutarwa a kan kwamfutar wanda abin ya shafa. An fara amfani da Emotet don haɓaka hanyoyin haɗin yanar gizo na yaudara da ke siyar da abin rufe fuska, wanda aka yi wa mazauna Japan hari. A ƙasa kuna ganin sakamakon nazarin fayil ɗin qeta ta amfani da sandboxing , wanda ke nazarin fayiloli don ƙeta.
Amma maharan suna amfani da ba kawai ikon ƙaddamarwa a cikin MS Word ba, har ma a cikin wasu aikace-aikacen Microsoft, alal misali, a cikin MS Excel (hakan ne yadda ƙungiyar masu fashin kwamfuta ta APT36 suka yi), suna aika shawarwari kan yaƙar coronavirus daga Gwamnatin Indiya mai ɗauke da Crimson. RAT:
Wani kamfen ɗin ɓarna da ke amfani da jigon coronavirus shine Nanocore RAT, wanda ke ba ku damar shigar da shirye-shirye akan kwamfutocin da abin ya shafa don samun dama mai nisa, satar bugun madannai, ɗaukar hotunan allo, samun damar fayiloli, da sauransu.
Kuma Nanocore RAT yawanci ana isar da shi ta imel. Misali, a ƙasa zaku ga saƙon saƙon misali tare da maƙallan tarihin ZIP wanda ya ƙunshi fayil ɗin PIF mai aiwatarwa. Ta danna fayil ɗin da za a iya aiwatarwa, wanda aka azabtar ya sanya shirin shiga nesa (Remote Access Tool, RAT) akan kwamfutarsa.
Kuma ga wani misali na yaƙin neman zaɓe akan batun COVID-19. Mai amfani yana karɓar wasiƙa game da jinkirin bayarwa saboda coronavirus tare da daftarin da aka haɗe tare da tsawo .pdf.ace. A cikin rumbun adana bayanai akwai abun ciki mai aiwatarwa wanda ke kafa haɗi zuwa umarni da uwar garken sarrafawa don karɓar ƙarin umarni da aiwatar da wasu burin maharan.
Parallax RAT yana da irin wannan aiki, wanda ke rarraba fayil mai suna "sabon cutar CORONAVIRUS sky 03.02.2020/XNUMX/XNUMX.pif" kuma wanda ke shigar da mummunan shirin da ke hulɗa da uwar garken umarni ta hanyar ka'idar DNS. Kayan aikin kariya na aji na EDR, misalin wanda shine , kuma ko dai NGFW zai taimaka wajen sa ido kan sadarwa tare da sabar umarni (misali, ), ko kayan aikin sa ido na DNS (misali, ).
A cikin misalin da ke ƙasa, an shigar da malware mai nisa akan kwamfutar wanda aka azabtar wanda, saboda wasu dalilai da ba a sani ba, ya saya cikin talla wanda shirin riga-kafi na yau da kullun da aka shigar akan PC zai iya karewa daga ainihin COVID-19. Kuma bayan haka, wani ya faɗi don irin wannan abin ba'a.
Amma a cikin malware kuma akwai wasu abubuwan ban mamaki. Misali, fayilolin barkwanci waɗanda ke kwaikwayon aikin ransomware. A cikin yanayi ɗaya, sashinmu na Cisco Talos Fayil mai suna CoronaVirus.exe, wanda ya toshe allon yayin aiwatarwa kuma ya fara lokaci da saƙon "share duk fayiloli da manyan fayiloli akan wannan kwamfutar - coronavirus."
Bayan an gama kirgawa, maɓallin da ke ƙasa ya fara aiki kuma lokacin da aka danna shi, sai a nuna sakon da ke gaba, yana cewa wannan duk abin wasa ne kuma ku danna Alt + F12 don ƙare shirin.
Yaƙi da saƙon ƙeta na iya zama ta atomatik, misali, ta amfani da , wanda ke ba ka damar gano abubuwan da ba daidai ba a cikin haɗe-haɗe ba, har ma da bin hanyoyin haɗin yanar gizo da danna su. Amma ko da a wannan yanayin, kada ku manta game da horar da masu amfani da kuma gudanar da wasan kwaikwayo na phishing a kai a kai da kuma motsa jiki na intanet, wanda zai shirya masu amfani don dabaru daban-daban na maharan da ke da nufin masu amfani da ku. Musamman idan suna aiki daga nesa kuma ta hanyar imel ɗin su na sirri, lambar ɓarna na iya shiga cikin cibiyar sadarwar kamfani ko sashe. Anan zan iya ba da shawarar sabon bayani , wanda ke ba da damar ba kawai don gudanar da ƙananan ƙananan da nano-horar da ma'aikata a kan batutuwan tsaro na bayanai ba, amma har ma don tsara masu wasan kwaikwayo na phishing.
Amma idan saboda wasu dalilai ba ku da shirye don amfani da irin waɗannan mafita, to yana da daraja aƙalla shirya wasiku na yau da kullun zuwa ga ma'aikatan ku tare da tunatarwa game da haɗarin phishing, misalan sa da jerin ƙa'idodi don halayen aminci (babban abu shine cewa maharan ba sa canza kansu kamar su). Af, ɗaya daga cikin haɗarin da ke iya yiwuwa a halin yanzu shine wasiƙar phishing da ke nuna wasiƙun wasiƙu daga gudanarwar ku, waɗanda ake zargin suna magana game da sabbin dokoki da hanyoyin aiki na nesa, software na tilas wanda dole ne a sanya shi akan kwamfutoci masu nisa, da sauransu. Kuma kar ku manta cewa ban da imel, masu aikata laifukan yanar gizo na iya amfani da saƙon nan take da hanyoyin sadarwar zamantakewa.
A cikin irin wannan tsarin aikawasiku ko wayar da kan jama'a, zaku iya haɗawa da tsohon misali na taswirar kamuwa da cutar coronavirus na karya, wanda yayi kama da wanda Jami'ar Johns Hopkins. Bambanci shi ne lokacin da ake shiga wani rukunin yanar gizo na phishing, ana shigar da malware akan kwamfutar mai amfani, wanda ya saci bayanan asusun mai amfani kuma ya aika zuwa masu aikata laifuka ta yanar gizo. Ɗayan sigar irin wannan shirin kuma ta ƙirƙiri haɗin gwiwar RDP don samun nisa zuwa kwamfutar wanda abin ya shafa.
Af, game da RDP. Wannan wani nau'in harin ne wanda maharan suka fara amfani da shi sosai yayin barkewar cutar sankara. Kamfanoni da yawa, lokacin da suke canzawa zuwa aiki mai nisa, suna amfani da ayyuka irin su RDP, wanda, idan an daidaita shi ba daidai ba saboda gaggawa, zai iya haifar da maharan kutsawa cikin kwamfutocin masu amfani da nesa da kuma cikin abubuwan haɗin gwiwar kamfanoni. Bugu da ƙari, ko da tare da daidaitaccen tsari, aiwatar da RDP daban-daban na iya samun lahani waɗanda maharan za su iya amfani da su. Misali, Cisco Talos lahani da yawa a cikin FreeRDP, kuma a watan Mayun bara, an gano wani mummunan rauni CVE-2019-0708 a cikin sabis na Desktop Remote, wanda ya ba da izinin aiwatar da lambar sabani akan kwamfutar wanda aka azabtar, da za a gabatar da malware, da sauransu. Har ma aka rarraba wasiƙa game da ita , da, misali, Cisco Talos shawarwari don kariya daga gare ta.
Akwai wani misali na cin gajiyar jigon coronavirus - ainihin barazanar kamuwa da dangin wanda aka azabtar idan sun ƙi biyan fansa a cikin bitcoins. Don haɓaka tasirin, don ba da mahimmancin wasiƙar da kuma haifar da ma'anar ikon mallaka na mai karɓar kuɗi, kalmar sirrin wanda aka azabtar daga ɗaya daga cikin asusunsa, wanda aka samu daga bayanan jama'a na shiga da kalmomin shiga, an shigar da su cikin rubutun wasiƙar.
A cikin ɗaya daga cikin misalan da ke sama, na nuna saƙon phishing daga Hukumar Lafiya ta Duniya. Kuma ga wani misali wanda a cikinsa ake neman masu amfani don taimakon kuɗi don yaƙar COVID-19 (ko da yake a cikin taken a jikin wasiƙar, kalmar "SADAUKARWA" tana nan da nan ana lura da ita) Kuma suna neman taimako a cikin bitcoins don kare kariya daga cutar. cryptocurrency bin diddigin.
Kuma a yau akwai misalai da yawa irin waɗannan masu amfani da tausayi na masu amfani:
Bitcoins suna da alaƙa da COVID-19 ta wata hanya. Alal misali, wannan shine abin da wasiƙun da yawancin 'yan Birtaniya suka karɓa waɗanda ke zaune a gida kuma ba za su iya samun kuɗi ba (a Rasha yanzu wannan kuma zai zama dacewa).
Masquerading a matsayin sanannun jaridu da shafukan labarai, waɗannan wasikun suna ba da kuɗi mai sauƙi ta hanyar haƙar ma'adinan cryptocurrencies akan shafuka na musamman. A gaskiya ma, bayan wani lokaci, za ku sami sakon cewa za a iya cire adadin kuɗin da kuka samu zuwa wani asusu na musamman, amma kuna buƙatar canja wurin kuɗi kaɗan na haraji kafin wannan. A bayyane yake cewa bayan samun wannan kuɗin, masu zamba ba sa canja wurin wani abu a cikin dawowar, kuma mai amfani da yaudara ya rasa kuɗin da aka canjawa wuri.
Akwai wata barazanar da ke da alaka da Hukumar Lafiya ta Duniya. Masu kutse sun yi kutse cikin saitunan DNS na D-Link da Linksys Router, wadanda galibi masu amfani da gida da kananan ‘yan kasuwa ke amfani da su, don tura su zuwa gidan yanar gizo na karya tare da gargadin bullar cutar ta WHO, wanda zai kiyaye su. tare da sabbin labarai game da coronavirus. Bugu da ƙari, aikace-aikacen kanta yana ɗauke da mummunan shirin Oski, wanda ke satar bayanai.
Irin wannan ra'ayi tare da aikace-aikacen da ke ɗauke da halin yanzu na kamuwa da cuta ta COVID-19 ana amfani da shi ta hanyar Android Trojan CovidLock, wanda aka rarraba ta hanyar aikace-aikacen da ake tsammanin "an tabbatar" daga Ma'aikatar Ilimi ta Amurka, WHO da Cibiyar Kula da Cututtuka. CDC).
Yawancin masu amfani a yau suna ware kansu kuma, ba sa son ko kuma ba za su iya dafa abinci ba, suna amfani da sabis na isar da abinci ga abinci, kayan abinci ko wasu kayayyaki, kamar takarda bayan gida. Har ila yau maharan sun mallaki wannan hatsabibin don manufarsu. Misali, wannan shine yadda gidan yanar gizon mugu yayi kama, kama da halaltaccen hanya mallakar Kanada Post. Haɗin kai daga SMS ɗin da wanda aka azabtar ya karɓa yana kaiwa zuwa gidan yanar gizon da ke ba da rahoton cewa ba za a iya isar da samfurin da aka umarta ba saboda $3 kawai ya ɓace, wanda dole ne a biya ƙarin. A wannan yanayin, ana jagorantar mai amfani zuwa shafi inda dole ne ya nuna cikakkun bayanai na katin kiredit ɗinsa ... tare da duk sakamakon da ya biyo baya.
A ƙarshe, Ina so in ba da ƙarin misalai biyu na barazanar yanar gizo masu alaƙa da COVID-19. Misali, plugins “COVID-19 Coronavirus - Live Map WordPress Plugin”, “Coronavirus Spread Prediction Graphs” ko “Covid-19” an gina su a cikin rukunin yanar gizon ta amfani da mashahurin injin WordPress kuma, tare da nuna taswirar yaɗuwar. coronavirus, kuma ya ƙunshi WP-VCD malware. Kuma kamfanin Zoom, wanda, a sakamakon karuwar yawan abubuwan da ke faruwa a kan layi, ya zama sananne sosai, ya fuskanci abin da masana suka kira "Zoombombing." Maharan, amma a gaskiya talakawa batsa trolls, alaka online Hirarraki da online tarurruka da kuma nuna daban-daban batsa videos. Af, irin wannan barazana tana fuskantar yau da kamfanonin Rasha.
Ina tsammanin yawancin mu akai-akai suna bincika albarkatun daban-daban, na hukuma kuma ba na hukuma ba, game da matsayin cutar ta yanzu. Maharan suna amfani da wannan batu, suna ba mu sabon "bayanan" game da coronavirus, gami da bayanan "wanda hukumomi ke ɓoyewa daga gare ku." Amma ko da talakawa masu amfani kwanan nan sun taimaka wa maharan ta hanyar aika lambobin tabbatattun bayanai daga “abokai” da “abokai.” Masana ilimin halayyar dan adam sun ce irin wannan aiki na masu amfani da "alamist" waɗanda ke aika duk abin da ya zo cikin fagen hangen nesa (musamman a cikin cibiyoyin sadarwar jama'a da kuma saƙon gaggawa, waɗanda ba su da hanyoyin kariya daga irin wannan barazanar), yana ba su damar jin shiga cikin yakin da ake yi da su. barazana ce ta duniya kuma , har ma da ji kamar jarumai sun ceci duniya daga coronavirus. Amma, rashin alheri, rashin ilimin musamman yana haifar da gaskiyar cewa waɗannan kyakkyawar niyya "ta kai kowa zuwa jahannama," haifar da sababbin barazanar tsaro ta yanar gizo da kuma fadada yawan wadanda abin ya shafa.
A zahiri, zan iya ci gaba da misalan barazanar cyber da ke da alaƙa da coronavirus; Haka kuma, masu aikata laifuka ta yanar gizo ba su tsaya cak ba kuma suna fito da sabbin hanyoyin amfani da sha'awar ɗan adam. Amma ina ganin za mu iya tsayawa a nan. Hoton ya riga ya bayyana kuma yana gaya mana cewa nan gaba kadan lamarin zai kara ta'azzara. A jiya, hukumomin Moscow sun sanya birnin mai mutane miliyan goma a cikin keɓe kai. Hukumomin yankin Moscow da sauran yankuna da dama na Rasha, da kuma makusantan makusantan mu a tsohon sararin samaniyar bayan Tarayyar Soviet, sun yi haka. Wannan yana nufin adadin wadanda za a iya kamuwa da su ta hanyar yanar gizo za su karu sau da yawa. Don haka bai dace a sake yin la’akari da dabarun ku na tsaro ba, wanda har zuwa kwanan nan aka mayar da hankali kan kare hanyar sadarwa ta kamfani ko na sashe, da tantance irin kayan aikin kariya da ba ku da su, har ma da yin la’akari da misalan da aka bayar a cikin shirin wayar da kan ma’aikatan ku, wanda shine. zama muhimmin sashi na tsarin tsaro na bayanai ga ma'aikatan nesa. A shirye don taimaka muku da wannan!
PS. A cikin shirya wannan kayan, an yi amfani da kayan daga Cisco Talos, Tsaro tsirara, Anti-Phishing, Malwarebytes Lab, ZoneAlarm, Dalili na Tsaro da Kamfanonin RiskIQ, Ma'aikatar Shari'a ta Amurka, albarkatun Kwamfuta na Bleeping, Tsaro, da sauransu.
source: www.habr.com