Ngakhale Bizinesi yayikulu ikupanga ma echeloned redoubts kuchokera kwa omwe angawawukire ndi kubera, kubweza ndi kutumiza ma spam kumakhalabe mutu kwamakampani osavuta. Ngati Marty McFly ankadziwa kuti mu 2015 (ndipo makamaka mu 2020) anthu sakanangopanga hoverboards, koma sakanatha kuphunzira kuchotsa makalata opanda pake, akhoza kutaya chikhulupiriro mwa anthu. Komanso, sipamu masiku ano sikuti amangokwiyitsa, koma nthawi zambiri amavulaza. Pafupifupi 70% ya kukhazikitsa kwa killchain, zigawenga zapaintaneti zimalowa mnyumbamo pogwiritsa ntchito pulogalamu yaumbanda yomwe ili mu zomata kapena kudzera pa ulalo wachinyengo mumaimelo.
Posachedwapa, pakhala njira yodziwikiratu yokhudzana ndi kufalikira kwa chikhalidwe cha anthu monga njira yolowera m'magulu a bungwe. Poyerekeza ziwerengero za 2017 ndi 2018, tikuwona chiwonjezeko pafupifupi 50% cha kuchuluka kwa milandu yomwe pulogalamu yaumbanda imaperekedwa kumakompyuta a ogwira ntchito kudzera pazomata kapena maulalo achinyengo mu imelo.
Nthawi zambiri, ziwopsezo zonse zomwe zitha kuchitidwa pogwiritsa ntchito imelo zitha kugawidwa m'magulu angapo:
- spam yomwe ikubwera
- kuphatikiza makompyuta a bungwe mu botnet yomwe imatumiza sipamu yotuluka
- zomata njiru ndi ma virus m'thupi la kalatayo (makampani ang'onoang'ono nthawi zambiri amavutika ndi ziwopsezo zazikulu ngati Petya).
Kuti muteteze ku mitundu yonse ya ziwopsezo, mutha kugwiritsa ntchito njira zingapo zotetezera zidziwitso, kapena kutsatira njira yachitsanzo. Ife kale za Unified Cybersecurity Services Platform - maziko a Solar MSS yoyendetsedwa ndi cybersecurity services ecosystem. Mwa zina, zikuphatikiza ukadaulo wa Secure Email Gateway (SEG). Monga lamulo, kulembetsa kwa ntchitoyi kumagulidwa ndi makampani ang'onoang'ono omwe ntchito zonse za IT ndi chitetezo cha chidziwitso zimaperekedwa kwa munthu mmodzi - woyang'anira dongosolo. Sipamu ndi vuto lomwe nthawi zonse limawoneka kwa ogwiritsa ntchito ndi oyang'anira, ndipo silinganyalanyazidwe. Komabe, m'kupita kwa nthawi, ngakhale kasamalidwe zimaonekeratu kuti n'zosatheka "kugwetsa" kwa woyang'anira dongosolo - zimatenga nthawi yochuluka.
Maola a 2 kuti mutumize makalata ndizovuta kwambiri
Mβmodzi wa ogulitsawo anatifikira ndi mkhalidwe wofananawo. Machitidwe otsata nthawi adawonetsa kuti tsiku lililonse antchito ake amathera pafupifupi 25% ya nthawi yawo yogwira ntchito (maola a 2!) Pokonza bokosi la makalata.
Titalumikiza seva yamakalata amakasitomala, tidakonza chitsanzo cha SEG ngati njira yanjira ziwiri pamakalata obwera ndi otuluka. Tinayamba kusefa motsatira ndondomeko zomwe zidakhazikitsidwa kale. Tidapanga Blacklist kutengera kusanthula kwazomwe kasitomala amaperekedwa komanso mindandanda yathu yama adilesi omwe angakhale oopsa omwe akatswiri a Solar JSOC amapeza ngati gawo la mautumiki ena - mwachitsanzo, kuyang'anira zochitika zachitetezo chazidziwitso. Pambuyo pake, makalata onse anaperekedwa kwa olandira pokhapokha atayeretsedwa, ndipo makalata osiyanasiyana a spam okhudza "kuchotsera kwakukulu" anasiya kutsanulira mu ma seva a makalata a kasitomala mu matani, kumasula malo pazosowa zina.
Koma pakhala pali zochitika pamene kalata yovomerezeka inaikidwa molakwika kukhala sipamu, mwachitsanzo, ngati yolandiridwa kuchokera kwa munthu wosadalirika. Pankhaniyi, tinapereka ufulu wachigamulo kwa kasitomala. Palibe zosankha zambiri pazomwe mungachite: chotsani nthawi yomweyo kapena tumizani kuti mukhale kwaokha. Tinasankha njira yachiwiri, momwe makalata opanda pake amasungidwa pa SEG yokha. Tidapatsa woyang'anira dongosolo mwayi wofikira pa intaneti, momwe angapeze kalata yofunika nthawi iliyonse, mwachitsanzo, kuchokera kwa mnzake, ndikutumiza kwa wogwiritsa ntchito.
Kuchotsa tiziromboti
Ntchito yoteteza maimelo imaphatikizapo malipoti owunikira, cholinga chake ndikuwunika chitetezo chazomwe zikuchitika komanso momwe makonda omwe amagwiritsidwa ntchito. Kuphatikiza apo, malipoti awa amakupatsani mwayi wolosera zomwe zikuchitika. Mwachitsanzo, timapeza gawo lofananira "Spam by Recipient" kapena "Spam by Sender" mu lipotilo ndikuyang'ana kuti ndi adilesi ya ndani yomwe imalandira mauthenga ambiri oletsedwa.
Pamene tinali kusanthula lipoti loterolo mβpamene chiwonkhetso chowonjezereka cha chiwonkhetso cha makalata ochokera kwa mmodzi wa makasitomalawo chinawoneka chokayikitsa kwa ife. Zomangamanga zake ndizochepa, chiwerengero cha makalata ndi otsika. Ndipo mwadzidzidzi, pambuyo pa tsiku logwira ntchito, kuchuluka kwa spam otsekedwa pafupifupi kuwirikiza kawiri. Tinaganiza zoyang'anitsitsa.
Tikuwona kuti chiwerengero cha makalata otuluka chawonjezeka, ndipo onse mu gawo la "Sender" ali ndi maadiresi ochokera ku domeni yomwe imagwirizanitsidwa ndi ntchito yoteteza makalata. Koma pali mawonekedwe amodzi: pakati pa maadiresi anzeru, mwinanso omwe alipo, pali zachilendo. Tidayang'ana ma IP omwe makalatawo adatumizidwa, ndipo, mwachiyembekezo, zidapezeka kuti sanali a malo otetezedwa. Mwachiwonekere, wowukirayo anali kutumiza sipamu m'malo mwa kasitomala.
Pankhaniyi, tidapanga malingaliro kwa kasitomala momwe angasinthire molondola ma DNS rekodi, makamaka SPF. Katswiri wathu adatilangiza kuti tipange zolemba za TXT zomwe zili ndi lamulo lakuti "v=spf1 mx ip:1.2.3.4/23 -all", lomwe lili ndi mndandanda wa maadiresi omwe amaloledwa kutumiza makalata m'malo mwa malo otetezedwa.
Kwenikweni, chifukwa chiyani izi zili zofunika: sipamu m'malo mwa kampani yaying'ono yosadziwika ndi yosasangalatsa, koma osati yovuta. Zinthu ndizosiyana kwambiri, mwachitsanzo, mumakampani akubanki. Malinga ndi zomwe tawonera, kudalira kwa wozunzidwayo mu imelo yachinyengo kumawonjezeka kambirimbiri ngati akutumizidwa kuchokera ku banki ina kapena mnzake yemwe amadziwika ndi wozunzidwayo. Ndipo izi sizimasiyanitsa antchito akubanki okha; m'mafakitale ena - gawo lamagetsi mwachitsanzo - tikukumana ndi zomwezi.
Kupha ma virus
Koma spoofing si vuto wamba monga, mwachitsanzo, matenda tizilombo. Kodi nthawi zambiri mumalimbana bwanji ndi miliri ya ma virus? Amakhazikitsa antivayirasi ndipo akuyembekeza kuti "mdani sadzadutsa." Koma ngati zonse zinali zophweka, ndiye, chifukwa cha mtengo wotsika kwambiri wa antivayirasi, aliyense akanayiwala kale za vuto la pulogalamu yaumbanda. Pakadali pano, timalandira zopempha kuchokera pamndandanda wakuti "tithandizeni kubwezeretsa mafayilo, tabisa chilichonse, ntchito yayimitsidwa, deta yatayika." Sititopa kubwereza kwa makasitomala athu kuti antivayirasi si mankhwala. Kuphatikiza pa mfundo yakuti nkhokwe zotsutsana ndi ma virus mwina sizingasinthidwe mwachangu, nthawi zambiri timakumana ndi pulogalamu yaumbanda yomwe imatha kudutsa osati ma anti-virus okha, komanso ma sandbox.
Tsoka ilo, antchito wamba ochepa m'mabungwe amadziwa zachinyengo komanso maimelo oyipa ndipo amatha kuwasiyanitsa ndi makalata omwe amalemberana nthawi zonse. Pafupifupi, aliyense wogwiritsa ntchito nambala 7 yemwe sadziwa nthawi zonse amatsatira uinjiniya: kutsegula fayilo yomwe ili ndi kachilombo kapena kutumiza zidziwitso zake kwa omwe akuukira.
Ngakhale kuti chikhalidwe cha anthu omwe akuukira, nthawi zambiri, chikuwonjezeka pang'onopang'ono, izi zakhala zikuwonekera kwambiri chaka chatha. Maimelo a phishing anali akufanana kwambiri ndi ma imelo anthawi zonse okhudza kukwezedwa, zochitika zomwe zikubwera, ndi zina. Apa titha kukumbukira kuukira kwa Chete pazachuma - ogwira ntchito ku banki adalandira kalata yomwe akuti ali ndi nambala yotsatsira kuti achite nawo msonkhano wamakampani otchuka iFin, ndipo kuchuluka kwa omwe adachita chinyengocho kunali kwakukulu, ngakhale, tiyeni tikumbukire. , tikukamba za makampani a banki - apamwamba kwambiri pankhani za chitetezo cha chidziwitso.
Chaka Chatsopano chisanafike, tidawonanso zochitika zingapo zochititsa chidwi pomwe ogwira ntchito m'makampani azogulitsa mafakitale adalandira makalata apamwamba kwambiri achinyengo okhala ndi "mndandanda" wazotsatsa za Chaka Chatsopano m'masitolo otchuka apaintaneti komanso ndi ma code otsatsa ochotsera. Ogwira ntchito sanayese kutsata chiyanjano okha, komanso adatumiza kalatayo kwa ogwira nawo ntchito kuchokera ku mabungwe okhudzana nawo. Popeza gwero lomwe ulalo wa imelo ya phishing udatsekedwa, ogwira ntchito adayamba ambiri kutumiza zopempha ku ntchito ya IT kuti azitha kuzipeza. Kawirikawiri, kupambana kwa makalata kuyenera kuti kunaposa zonse zomwe otsutsawo ankayembekezera.
Ndipo posachedwa kampani yomwe "idali yobisidwa" idatembenukira kwa ife kuti itithandize. Zonse zinayamba pamene ogwira ntchito zowerengera ndalama adalandira kalata yochokera ku Central Bank of the Russian Federation. Wowerengera ndalama adadina ulalo womwe uli m'kalatayo ndikutsitsa woyendetsa mgodi wa WannaMine pamakina ake, omwe, monga WannaCry wotchuka, adapezerapo mwayi pachiwopsezo cha EternalBlue. Chosangalatsa kwambiri ndichakuti ma antivayirasi ambiri atha kuzindikira ma signature ake kuyambira koyambirira kwa 2018. Koma, mwina antivayirasi anali wolephereka, kapena nkhokwe sizinasinthidwe, kapena sizinalipo konse - mulimonse, wochita mgodi anali kale pa kompyuta, ndipo palibe chomwe chinalepheretsa kufalikira pa intaneti, kukweza ma seva ' CPU ndi malo ogwirira ntchito pa 100%.
Makasitomala uyu, atalandira lipoti kuchokera ku gulu lathu lazamalamulo, adawona kuti kachilomboka kadamulowa kudzera pa imelo, ndikuyambitsa projekiti yolumikizira maimelo achitetezo. Chinthu choyamba chomwe tidakhazikitsa chinali antivayirasi ya imelo. Nthawi yomweyo, kusanthula kwa pulogalamu yaumbanda kumachitika pafupipafupi, ndipo zosintha siginecha zidachitika ola lililonse, kenako kasitomala amasinthidwa kawiri patsiku.
Chitetezo chathunthu ku matenda a virus chiyenera kukhala chosanjikiza. Ngati tikulankhula za kufala kwa ma virus kudzera pa imelo, ndiye kuti m'pofunika kusefa zilembo zotere pakhomo, phunzitsani ogwiritsa ntchito kuzindikira uinjiniya wa anthu, ndikudalira ma antivayirasi ndi ma sandbox.
ku SEGda pachitetezo
Zachidziwikire, sitikunena kuti Mayankho Otetezedwa a Email Gateway ndi panacea. Kuwukira komwe kumawunikiridwa, kuphatikiza chinyengo chamikondo, ndikovuta kwambiri kupewa chifukwa ... Kuukira kulikonse koteroko "kumakhala koyenera" kwa wolandira (gulu kapena munthu). Koma kwa kampani yomwe ikuyesera kupereka gawo lofunikira lachitetezo, izi ndizochuluka, makamaka ndi chidziwitso choyenera ndi ukadaulo womwe umagwiritsidwa ntchito pantchitoyo.
Nthawi zambiri, pamene phishing yamkondo ikuchitika, zomata zoyipa sizimaphatikizidwa mu zilembo, apo ayi, antispam system imatsekereza kalata yotereyi popita kwa wolandira. Koma amaphatikiza maulalo kutsamba lomwe lakonzedwa kale m'mawu a kalatayo, ndiyeno ndi nkhani yaying'ono. Wogwiritsa ntchito amatsatira ulalo, ndiyeno pambuyo pakusintha kangapo pakangotha ββββmasekondi pang'ono amathera pa yomaliza pamndandanda wonse, kutsegulira komwe kumatsitsa pulogalamu yaumbanda pakompyuta yake.
Zowonjezereka kwambiri: panthawi yomwe mumalandira kalatayo, ulalowo ukhoza kukhala wopanda vuto ndipo pakapita nthawi, itafufuzidwa kale ndikudumphidwa, iyamba kupita ku pulogalamu yaumbanda. Tsoka ilo, akatswiri a Solar JSOC, ngakhale poganizira luso lawo, sangathe kukonza njira yolowera makalata kuti "awone" pulogalamu yaumbanda kudzera mu unyolo wonse (ngakhale, ngati chitetezo, mutha kugwiritsa ntchito kusinthana kwa maulalo onse m'makalata. ku SEG, kotero kuti womalizayo ayang'ane ulalo osati pa nthawi yopereka kalatayo, komanso pakusintha kulikonse).
Pakadali pano, ngakhale kuwongolera komwe kutha kuthetsedwa ndikuphatikiza ukadaulo wamitundu ingapo, kuphatikiza zomwe zidapezedwa ndi JSOC CERT ndi OSINT. Izi zimakulolani kuti mupange mindandanda yakuda yotalikirapo, kutengera zomwe ngakhale kalata yokhala ndi kutumiza kangapo idzatsekedwa.
Kugwiritsa ntchito SEG ndi njerwa yaying'ono pakhoma yomwe bungwe lililonse likufuna kumanga kuti liteteze katundu wake. Koma ulalo uwu uyeneranso kuphatikizidwa bwino mu chithunzi chonse, chifukwa ngakhale SEG, ndi kasinthidwe koyenera, ikhoza kusinthidwa kukhala njira yodzitetezera.
Ksenia Sadunina, mlangizi wa dipatimenti yogulitsa zinthu za Solar JSOC ndi ntchito
Source: www.habr.com