Niaj hnub no, tus thawj coj ntawm lub network lossis cov ntaub ntawv kev ruaj ntseg engineer siv sijhawm ntau thiab kev siv zog los tiv thaiv ib puag ncig ntawm kev lag luam network los ntawm ntau yam kev hem thawj, paub txog cov txheej txheem tshiab rau kev tiv thaiv thiab saib xyuas cov xwm txheej, tab sis txawm tias qhov no tsis tuaj yeem lav tag nrho kev ruaj ntseg. Social engineering tau nquag siv los ntawm cov neeg tawm tsam thiab tuaj yeem muaj qhov tshwm sim loj.
Feem ntau koj tau ntes koj tus kheej xav li cas: "Nws yuav zoo rau kev npaj ib qho kev sim rau cov neeg ua haujlwm ntawm kev paub txog kev paub txog kev nyab xeeb"? Hmoov tsis zoo, kev xav khiav mus rau hauv ib phab ntsa ntawm kev nkag siab tsis zoo nyob rau hauv daim ntawv ntawm ntau cov dej num los yog txwv sij hawm nyob rau hauv hnub ua hauj lwm. Peb npaj yuav qhia koj txog cov khoom lag luam niaj hnub thiab cov thev naus laus zis hauv kev ua haujlwm ntawm automation ntawm cov neeg ua haujlwm kev cob qhia, uas yuav tsis xav tau kev cob qhia ntev rau kev tsav tsheb lossis kev siv, tab sis hais txog txhua yam hauv kev txiav txim.
Theoretical foundation
Niaj hnub no, ntau dua 80% ntawm cov ntaub ntawv tsis zoo raug xa tawm los ntawm email (cov ntaub ntawv muab los ntawm cov ntawv ceeb toom los ntawm cov kws tshaj lij Check Point xyoo dhau los siv cov kev pabcuam Kev Txawj Ntse).
Tshaj tawm rau 30 hnub dhau los ntawm kev tawm tsam vector rau kev faib tawm cov ntaub ntawv tsis zoo (Russia) - Kos Point
Qhov no qhia tau tias cov ntsiab lus hauv email yog qhov yooj yim heev rau kev siv los ntawm cov neeg tawm tsam. Yog tias peb xav txog cov ntaub ntawv phem tshaj plaws hauv cov ntawv txuas (EXE, RTF, DOC), nws tsim nyog sau cia tias lawv, raws li txoj cai, muaj cov ntsiab lus tsis siv neeg ntawm kev ua tiav (scripts, macros).
Daim ntawv tshaj tawm txhua xyoo ntawm cov ntaub ntawv tawm tswv yim tau txais cov lus tsis zoo - Check Point
Yuav ua li cas nrog no attack vector? Kev kuaj xa ntawv suav nrog kev siv cov cuab yeej ruaj ntseg:
-
Antivirus - kos npe tshawb pom kev hem.
-
emulation - lub sandbox uas txuas tau qhib rau hauv ib qho chaw nyob ib puag ncig.
-
Kev Paub Txog Cov Ntsiab Lus - rho tawm cov ntsiab lus nquag ntawm cov ntaub ntawv. Tus neeg siv tau txais cov ntaub ntawv ntxuav (feem ntau hauv PDF hom).
-
AntiSpam - kuaj xyuas tus neeg txais / xa tuaj rau lub koob npe nrov.
Thiab, nyob rau hauv txoj kev xav, qhov no txaus, tab sis muaj lwm yam khoom muaj txiaj ntsig zoo sib xws rau lub tuam txhab - cov ntaub ntawv ntawm cov neeg ua haujlwm thiab tus kheej. Nyob rau hauv xyoo tas los no, qhov nrov ntawm hom kev dag hauv Is Taws Nem hauv qab no tau nce zuj zus:
Phishing (Lus Askiv phishing, los ntawm kev nuv ntses - nuv ntses, nuv ntses) - hom kev dag hauv Internet. Nws lub hom phiaj yog kom tau txais cov ntaub ntawv qhia tus neeg siv. Qhov no suav nrog kev nyiag tus password, tus lej credit card, cov txhab nyiaj hauv txhab nyiaj thiab lwm yam ntaub ntawv rhiab heev.
Attackers tab tom txhim kho txoj hauv kev ntawm phishing tawm tsam, hloov pauv DNS thov los ntawm cov chaw nrov, thiab pib tag nrho cov phiaj xwm siv social engineering xa email.
Yog li, txhawm rau tiv thaiv koj tus email lag luam los ntawm phishing, nws raug nquahu kom siv ob txoj hauv kev, thiab lawv siv ua ke ua rau cov txiaj ntsig zoo tshaj plaws:
-
Kev tiv thaiv cov cuab yeej. Raws li tau hais ua ntej, ntau yam thev naus laus zis tau siv los kuaj xyuas thiab xa mus tsuas yog xa ntawv raug cai.
-
Kev cob qhia theoretical ntawm cov neeg ua haujlwm. Nws muaj kev sim ua tiav ntawm cov neeg ua haujlwm txhawm rau txheeb xyuas cov neeg raug tsim txom. Tom qab ntawd lawv raug retrained thiab cov txheeb cais raug kaw tas li.
Tsis txhob ntseeg thiab xyuas
Niaj hnub no peb yuav tham txog qhov thib ob txoj hauv kev los tiv thaiv phishing tawm tsam, uas yog kev cob qhia cov neeg ua haujlwm ua haujlwm txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau tiv thaiv phishing. Vim li cas qhov no yuav txaus ntshai?
social engineering - Kev tswj xyuas kev puas siab puas ntsws ntawm tib neeg txhawm rau ua qee yam kev ua lossis nthuav tawm cov ntaub ntawv tsis pub lwm tus paub (nrog rau cov ntaub ntawv kev ruaj ntseg).
Daim duab ntawm ib tug raug phishing nres xa tawm scenario
Cia peb saib ntawm daim ntawv qhia kev lom zem uas piav qhia luv luv txog kev taug kev ntawm phishing phiaj los nqis tes. Nws muaj ntau theem:
-
Kev sau cov ntaub ntawv tseem ceeb.
Nyob rau hauv lub xyoo pua 21st, nws yog ib qhov nyuaj rau nrhiav tau ib tug neeg uas tsis tau sau npe nyob rau hauv ib tug social network los yog nyob rau hauv ntau yam thematic forums. Lawm, ntau ntawm peb tawm cov ncauj lus kom ntxaws txog peb tus kheej: qhov chaw ua haujlwm tam sim no, pab pawg rau cov npoj yaig, xov tooj, xa ntawv, thiab lwm yam. Ntxiv rau cov ntaub ntawv ntiag tug no hais txog tus neeg nyiam thiab koj muaj cov ntaub ntawv los ua tus qauv phishing. Txawm hais tias peb nrhiav tsis tau cov neeg uas muaj cov ntaub ntawv zoo li no, yeej ib txwm muaj lub tuam txhab lub vev xaib uas peb tuaj yeem nrhiav tau tag nrho cov ntaub ntawv uas peb xav tau (sau email, hu, sib txuas).
-
Tshaj tawm ntawm kev sib tw.
Thaum koj muaj lub caij nplooj ntoo hlav hauv qhov chaw, koj tuaj yeem siv cov cuab yeej pub dawb lossis them nyiaj los tsim koj tus kheej phiaj xwm phishing. Thaum lub sij hawm xa ntawv, koj yuav sau cov txheeb cais: xa ntawv xa tuaj, xa ntawv qhib, txuas nyem, cov ntawv pov thawj nkag, thiab lwm yam.
Cov khoom lag luam hauv khw
Phishing tuaj yeem siv los ntawm ob tus neeg tawm tsam thiab cov tuam txhab cov ntaub ntawv kev ruaj ntseg cov neeg ua haujlwm txhawm rau ua qhov kev tshuaj xyuas tsis tu ncua ntawm cov neeg ua haujlwm tus cwj pwm. Dab tsi yog kev ua lag luam ntawm kev lag luam dawb thiab kev daws teeb meem rau cov kev cob qhia automated rau cov neeg ua haujlwm hauv tuam txhab muab rau peb:
-
yog qhov qhib qhov phiaj xwm uas tso cai rau koj siv lub phiaj xwm phishing los kuaj xyuas IT kev paub ntawm koj cov neeg ua haujlwm. Kuv yuav xav txog qhov zoo yog qhov yooj yim ntawm kev xa mus thiab cov kev xav tau tsawg kawg nkaus. Qhov tsis zoo yog qhov tsis muaj cov qauv xa ntawv xa tuaj, tsis muaj cov ntawv xeem thiab cov ntaub ntawv qhia rau cov neeg ua haujlwm.
-
- ib qhov chaw uas muaj ntau yam khoom muaj rau cov neeg ua haujlwm kuaj.
-
- automated system rau kev sim thiab kev cob qhia cov neeg ua haujlwm. Muaj ntau yam khoom siv txhawb nqa los ntawm 10 mus rau ntau dua 1000 tus neeg ua haujlwm. Cov kev cob qhia muaj xws li kev xav thiab kev ua haujlwm; nws muaj peev xwm txheeb xyuas cov kev xav tau raws li cov txheeb cais tau txais tom qab kev sib tw phishing. Qhov kev daws teeb meem yog kev lag luam nrog rau kev sim siv.
-
- automated kev cob qhia thiab kev saib xyuas kev ruaj ntseg. Cov khoom lag luam muaj kev qhia tawm tsam ib ntus, kev cob qhia neeg ua haujlwm, thiab lwm yam. Ib qho kev sib tw yog muaj raws li qhov kev ua yeeb yam ntawm cov khoom, uas suav nrog kev xa cov qauv thiab ua peb qhov kev tawm tsam.
Cov kev daws teeb meem saum toj no tsuas yog ib feem ntawm cov khoom muaj nyob rau ntawm cov neeg ua haujlwm kev cob qhia ua lag luam. Tau kawg, txhua tus muaj nws qhov zoo thiab qhov tsis zoo. Hnub no peb yuav tau paub nrog , simulate phishing nres, thiab tshawb nrhiav cov kev xaiv muaj.
GoPhish
Yog li, nws yog lub sijhawm los xyaum. GoPhish tsis raug xaiv los ntawm lub sijhawm: nws yog cov cuab yeej siv tau zoo nrog cov yam ntxwv hauv qab no:
-
Yooj yim installation thiab pib.
-
Kev them nyiaj yug REST API. Tso cai rau koj los tsim cov lus nug los ntawm thiab siv automated scripts.
-
Yooj yim graphical tswj interface.
-
Hla-platform.
Pab neeg txhim kho tau npaj ib qho zoo heev ntawm deploying thiab configuring GoPhish. Qhov tseeb, txhua yam koj yuav tsum ua yog mus , rub tawm ZIP archive rau cov OS sib xws, khiav cov ntaub ntawv binary sab hauv, tom qab ntawd cov cuab yeej yuav raug teeb tsa.
CEEB TOOM!
Yog li ntawd, koj yuav tsum tau txais cov ntaub ntawv nyob rau hauv lub davhlau ya nyob twg hais txog lub deployed portal, nrog rau cov ntaub ntawv tso cai (tseem ceeb rau versions laus dua version 0.10.1). Tsis txhob hnov qab khaws tus password rau koj tus kheej!
msg="Please login with the username admin and the password <ПАРОЛЬ>"Nkag siab txog kev teeb tsa GoPhish
Tom qab kev teeb tsa, cov ntaub ntawv teeb tsa (config.json) yuav raug tsim nyob rau hauv daim ntawv teev npe thov. Cia peb piav qhia txog cov kev hloov pauv rau nws:
Ntsiab
Tus nqi (default)
piav qhia
admin_server.listen_url
127.0.0.1:3333
GoPhish server IP chaw nyob
admin_server.use_tls
cuav
Puas yog TLS siv los txuas rau GoPhish server
admin_server.cert_path
piv. crt
Txoj kev mus rau SSL daim ntawv pov thawj rau GoPhish admin portal
admin_server.key_path
example.key
Txoj kev mus rau tus yuam sij SSL
phish_server.listen_url
0.0.0.0:80
IP chaw nyob thiab chaw nres nkoj uas nplooj phishing yog hosted (los ntawm lub neej ntawd nws yog hosted ntawm GoPhish server nws tus kheej ntawm chaw nres nkoj 80)
—> Mus rau qhov chaw tswj xyuas. Hauv peb qhov xwm txheej: https://127.0.0.1:3333
—> Koj yuav raug hais kom hloov tus password ntev ntev mus rau ib qho yooj yim dua lossis rov ua dua.
Tsim ib tug sender profile
Mus rau "Xa Profiles" tab thiab muab cov ntaub ntawv hais txog tus neeg siv los ntawm peb qhov kev xa ntawv yuav los:
Qhov twg:
lub npe
Tus xa npe
Los ntawm
Xa tus email
party
IP chaw nyob ntawm tus neeg rau zaub mov xa ntawv los ntawm cov ntawv xa tuaj yuav raug mloog.
Username
Mail server tus neeg siv tus account nkag mus.
Lo lus zais
Mail server user account password.
Koj tseem tuaj yeem xa cov lus xeem kom paub meej tias kev xa khoom tiav. Txuag cov chaw siv lub pob "Txuag profile".
Tsim ib pab neeg tau txais kev pab
Tom ntej no, koj yuav tsum tsim ib pab pawg ntawm "chain letters" tau txais. Mus rau "Cov Neeg Siv & Pab Pawg" → "Cov Pab Pawg Tshiab". Muaj ob txoj hauv kev ntxiv: manually lossis importing CSV cov ntaub ntawv.
Qhov thib ob txoj kev yuav tsum muaj cov nram qab no yuav tsum tau teb:
-
Lub npe
-
Lub xeem lub npe
-
Email
-
Txoj hauj lwm
Ua piv txwv:
First Name,Last Name,Position,Email
Richard,Bourne,CEO,[email protected]
Boyd,Jenius,Systems Administrator,[email protected]
Haiti,Moreo,Sales & Marketing,[email protected]Tsim Phishing Email Template
Thaum peb tau txheeb xyuas qhov xav txog tus neeg tawm tsam thiab cov neeg raug tsim txom, peb yuav tsum tsim ib daim qauv nrog cov lus. Txhawm rau ua qhov no, mus rau "Email Templates" → "Cov Qauv Tshiab" ntu.
Thaum tsim ib tus qauv, siv txoj hauv kev thiab kev muaj tswv yim; cov lus los ntawm cov kev pabcuam yuav tsum tau teev tseg uas yuav paub txog cov neeg siv raug tsim txom lossis yuav ua rau lawv muaj qee yam tshuaj tiv thaiv. Cov kev xaiv ua tau:
lub npe
Template npe
Subject
Tsab ntawv
Text/HTML
Teb rau nkag mus rau cov ntawv nyeem lossis HTML code
Gophish txhawb nqa cov ntawv sau, tab sis peb yuav tsim peb tus kheej. Txhawm rau ua qhov no, peb simulate qhov xwm txheej: ib tus neeg siv lub tuam txhab tau txais tsab ntawv thov kom nws hloov tus password los ntawm nws lub tuam txhab email. Tom ntej no, cia peb txheeb xyuas nws cov lus teb thiab saib peb "ntes".
Peb yuav siv built-in variables nyob rau hauv lub template. Cov ntsiab lus ntxiv tuaj yeem pom nyob rau saum toj no seem .
Ua ntej, cia peb thauj cov ntawv hauv qab no:
{{.FirstName}},
The password for {{.Email}} has expired. Please reset your password here.
Thanks,
IT TeamYog li, tus neeg siv lub npe yuav raug nkag mus rau hauv (raws li yav dhau los teev "Tshiab Pab Pawg" yam khoom) thiab nws qhov chaw nyob xa ntawv yuav raug qhia.
Tom ntej no, peb yuav tsum muab qhov txuas rau peb cov peev txheej phishing. Txhawm rau ua qhov no, taw qhia lo lus "ntawm no" hauv cov ntawv nyeem thiab xaiv "Txuas" kev xaiv ntawm cov tswj vaj huam sib luag.
Peb mam li teeb qhov URL mus rau qhov sib txawv ua ke {{.URL}}, uas peb yuav sau rau tom qab. Nws yuav cia li muab tso rau hauv cov ntawv ntawm phishing email.
Ua ntej txuag tus qauv, tsis txhob hnov qab qhib qhov "Add Tracking Image" kev xaiv. Qhov no yuav ntxiv 1x1 pixel media caij uas yuav taug qab seb tus neeg siv tau qhib email.
Yog li, tsis muaj ntau ntau, tab sis ua ntej peb yuav xaus cov kauj ruam yuav tsum tau tom qab nkag mus rau hauv Gophish portal:
-
Tsim tus xa ntawv profile;
-
Tsim ib pab pawg neeg faib khoom uas koj qhia cov neeg siv;
-
Tsim ib tug phishing email template.
Pom zoo, qhov teeb tsa tsis siv sijhawm ntau thiab peb yuav luag npaj los pib peb txoj kev sib tw. Txhua yam uas tseem tshuav yog ntxiv rau nplooj ntawv phishing.
Tsim ib nplooj phishing
Mus rau "Lavxias teb sab Pages" tab.
Peb yuav raug ceeb toom kom qhia lub npe ntawm cov khoom. Nws muaj peev xwm mus import qhov chaw. Hauv peb qhov piv txwv, kuv tau sim qhia qhov ua haujlwm lub vev xaib ntawm tus xa ntawv xa ntawv. Raws li, nws tau imported li HTML code (txawm tias tsis tag). Cov hauv qab no yog cov kev xaiv nthuav rau kev ntes cov neeg siv tswv yim:
-
Capture xa cov ntaub ntawv. Yog tias nplooj ntawv teev npe muaj ntau cov ntaub ntawv nkag, ces tag nrho cov ntaub ntawv yuav raug kaw.
-
Capture Passwords - ntes cov passwords nkag. Cov ntaub ntawv sau rau GoPhish database tsis muaj encryption, zoo li yog.
Tsis tas li ntawd, peb tuaj yeem siv qhov "Redirect to" kev xaiv, uas yuav hloov tus neeg siv mus rau nplooj ntawv teev npe tom qab nkag mus rau daim ntawv pov thawj. Cia kuv ceeb toom rau koj tias peb tau teeb tsa qhov xwm txheej uas tus neeg siv tau hais kom hloov tus password rau kev lag luam email. Txhawm rau ua qhov no, nws tau muab nplooj ntawv tso cai xa ntawv cuav, tom qab ntawd tus neeg siv tuaj yeem xa mus rau txhua lub tuam txhab muaj peev txheej.
Tsis txhob hnov qab khaws cov nplooj ntawv ua tiav thiab mus rau ntu "Kev Sib Tw Tshiab".
Tua tawm GoPhish nuv ntses
Peb tau muab tag nrho cov ntaub ntawv tsim nyog. Hauv "Kev Sib Tw Tshiab" tab, tsim kev sib tw tshiab.
Tua tawm ib qho kev sib tw
Qhov twg:
lub npe
Lub npe phiaj xwm
Email Qauv
Cov lus template
Yuav tsaws Page
Phishing nplooj
URL
IP ntawm koj tus neeg rau zaub mov GoPhish (yuav tsum muaj peev xwm ncav cuag lub network nrog tus neeg raug tsim txom tus tswv tsev)
Pib Hnub
Hnub pib phiaj xwm
Xa Emails Los ntawm
Hnub kawg ntawm kev sib tw (kev xa ntawv xa tuaj sib npaug)
Xa Profile
Xa ntawv profile
Cov pawg lwm
Pab pawg neeg txais kev xa ntawv
Tom qab pib, peb yeej ib txwm tau paub nrog cov txheeb cais, uas qhia tias: xa cov lus, qhib cov lus, nyem rau ntawm qhov txuas, sab laug cov ntaub ntawv xa mus rau spam.
Los ntawm cov txheeb cais peb pom tias 1 cov lus tau xa, cia peb kuaj cov ntawv xa los ntawm tus neeg txais kev pab sab:
Tseeb tiag, tus neeg raug tsim txom tau txais ib qho email phishing nug nws kom ua raws li qhov txuas los hloov nws tus lej account tus neeg siv khoom. Peb ua raws li qhov kev thov, peb raug xa mus rau Cov Ntawv Tshaj Tawm, ua li cas txog cov txheeb cais?
Yog li ntawd, peb cov neeg siv tau nyem rau ntawm qhov txuas phishing, qhov twg nws tuaj yeem tso nws cov ntaub ntawv tus account.
Tus sau ntawv: cov txheej txheem nkag cov ntaub ntawv tsis tau sau tseg vim yog siv qhov kev sim layout, tab sis muaj qhov kev xaiv ntawd. Txawm li cas los xij, cov ntsiab lus tsis yog encrypted thiab khaws cia hauv GoPhish database, thov nco ntsoov qhov no.
Es tsis txhob ib tug xaus
Niaj hnub no peb tau chwv cov ncauj lus tam sim no ntawm kev ua haujlwm automated rau cov neeg ua haujlwm txhawm rau tiv thaiv lawv los ntawm phishing tawm tsam thiab txhim kho IT kev paub hauv lawv. Gophish tau siv los ua qhov kev daws teeb meem pheej yig, uas pom tau tias muaj txiaj ntsig zoo ntawm lub sijhawm xa mus thiab qhov tshwm sim. Nrog rau cov cuab yeej siv tau no, koj tuaj yeem tshawb xyuas koj cov neeg ua haujlwm thiab tsim cov ntawv ceeb toom ntawm lawv tus cwj pwm. Yog tias koj txaus siab rau cov khoom no, peb muab kev pabcuam hauv kev xa nws thiab tshuaj xyuas koj cov neeg ua haujlwm ([email tiv thaiv]).
Txawm li cas los xij, peb yuav tsis tso tseg ntawm kev tshuaj xyuas ib qho kev daws teeb meem thiab npaj mus txuas ntxiv lub voj voog, qhov twg peb yuav tham txog Enterprise cov kev daws teeb meem rau automating txheej txheem kev cob qhia thiab saib xyuas cov neeg ua haujlwm ruaj ntseg. Nyob nrog peb thiab ceev faj!
Tau qhov twg los: www.hab.com