Nhasi, maneja wetiweki kana ruzivo rwekuchengetedza mainjiniya anoshandisa nguva yakawanda uye simba kuchengetedza perimeter yebhizinesi network kubva kune akasiyana tyisidziro, kugona masisitimu matsva ekudzivirira nekutarisa zviitiko, asi kunyangwe izvi hazvivimbisi kuchengetedzwa kwakazara. Social engineering inoshandiswa nesimba nevanorwisa uye inogona kuva nemigumisiro yakakomba.
Kangani kawakazvibata uchifunga kuti: "Zvingava zvakanaka kuronga bvunzo yevashandi nezve ruzivo rwekuchengetedza ruzivo"? Nehurombo, pfungwa dzinopinda mumadziro ekusanzwisisa muchimiro chenhamba huru yemabasa kana nguva shoma muzuva rekushanda. Isu tinoronga kukuudza nezve zvigadzirwa zvemazuva ano uye matekinoroji mumunda weautomation yekudzidziswa kwevashandi, izvo zvisingazode kudzidziswa kwenguva refu kwekutyaira kana kuita, asi nezve zvese zvakarongeka.
Theoretical hwaro
Nhasi, anopfuura makumi masere muzana emafaira akashata anogoverwa kuburikidza neemail (data rakatorwa kubva kumishumo kubva kuCheck Point nyanzvi pamusoro pegore rapfuura vachishandisa Intelligence Reports sevhisi).
Taura kwemazuva makumi matatu ekupedzisira pane vector yekurwisa yekugovera mafaira ane hutsinye (Russia) - Check Point
Izvi zvinoratidza kuti zviri mumameseji eemail zviri panjodzi yekubatwa nevanorwisa. Kana tikafunga anonyanya kufarirwa mafomu efaira mune zvakabatanidzwa (EXE, RTF, DOC), zvakakosha kuziva kuti ivo, sekutonga, vane otomatiki zvinhu zvekodhi kuuraya (zvinyorwa, macros).
Chirevo chegore pane mafomu emafaira mune akagamuchirwa mameseji ane hutsinye - Tarisa Point
Nzira yekubata neiyi kurwisa vector? Kutarisa tsamba kunosanganisira kushandisa maturusi ekuchengetedza:
-
Antivirus - kusaina kuonekwa kwekutyisidzira.
-
godo - bhokisi rejecha iro zvinosungirirwa zvinovhurwa munzvimbo iri yoga.
-
Content Awareness - kutora zvinhu zvinoshanda kubva mumagwaro. Mushandisi anogamuchira gwaro rakacheneswa (kazhinji riri muPDF fomati).
-
AntiSpam - kutarisa anogamuchira / anotumira domain kune mukurumbira.
Uye, muchirevo, izvi zvakakwana, asi kune imwe yakaenzana yakakosha sosi yekambani - yekambani uye yega data yevashandi. Mumakore achangopfuura, kufarirwa kwemhando inotevera yekubiridzira paInternet kwave kukura zvakanyanya:
Phishing (ChiShona phishing, kubva kubata hove - hove, hove) - rudzi rwekubiridzira kweInternet. Chinangwa chayo ndechekuwana data yekuzivikanwa kwevashandisi. Izvi zvinosanganisira kubiwa kwemapassword, nhamba dzekadhi rechikwereti, maakaundi ekubhanga uye mamwe mashoko anonetsa.
Vapambi vari kuvandudza nzira dzekubira, kuendesa zvakare zvikumbiro zveDNS kubva kunzvimbo dzakakurumbira, uye kutanga mishandirapamwe yese vachishandisa social engineering kutumira maemail.
Saka, kuchengetedza email yako yekambani kubva kune phishing, zvinokurudzirwa kushandisa nzira mbiri, uye kushandiswa kwavo kwakasanganiswa kunotungamira kune zvakanakisa mhedzisiro:
-
Zvishandiso zvekudzivirira zvehunyanzvi. Sezvambotaurwa, matekinoroji akasiyana-siyana anoshandiswa kutarisa uye kutumira tsamba dzepamutemo chete.
-
Theoretical kudzidziswa kwevashandi. Inosanganisira kuyedzwa kwakadzama kwevashandi kuti vaone vangangobatwa. Zvadaro vanodzidziswazve uye nhamba dzinogara dzichinyorwa.
Usavimbe uye tarisa
Nhasi tichataura nezve nzira yechipiri yekudzivirira kurwiswa kwe phishing, kureva otomatiki kudzidziswa kwevashandi kuitira kuti uwedzere huwandu hwese hwekuchengetedzeka kwekambani uye yemunhu data. Nei izvi zvingava nengozi?
social engineering - kunyengera kwepfungwa dzevanhu kuitira kuti vaite zvimwe zviito kana kuburitsa ruzivo rwakavanzika (maererano nekuchengetedzwa kwemashoko).
Dhiagiramu yeyakajairika phishing deployment scenario
Ngatitarisei kune inonakidza flowchart inotsanangura muchidimbu rwendo rwedanidziro ye phishing. Iine matanho akasiyana:
-
Kuunganidzwa kwedata rekutanga.
Muzana ramakore rechi21, zvakaoma kuwana munhu asina kunyoreswa pane chero pasocial network kana pane akasiyana thematic forum. Sezvingatarisirwa, vazhinji vedu tinosiya ruzivo rwakadzama nezvedu: nzvimbo yebasa razvino, boka revashandi pamwe navo, runhare, tsamba, nezvimwe. Wedzera kune iyi ruzivo rwemunhu nezve zvinofarirwa nemunhu uye iwe une data rekugadzira phishing template. Kunyange kana isu tisingakwanisi kuwana vanhu vane ruzivo rwakadaro, pane nguva dzose webhusaiti yekambani apo tinogona kuwana ruzivo rwese rwatinofarira (domain email, contacts, connections).
-
Kutangwa kwemushandirapamwe.
Paunenge uchinge uine chitubu munzvimbo, unogona kushandisa emahara kana akabhadharwa maturusi kuvhura yako yakanangwa phishing mushandirapamwe. Munguva yekutumira mameseji, iwe unounganidza zviverengero: tsamba inounzwa, tsamba yakavhurwa, zvinongedzo zvakadzvanywa, zvitupa zvakapinda, nezvimwe.
Zvigadzirwa pamusika
Phishing inogona kushandiswa nevanorwisa uye nevashandi vekuchengetedza ruzivo rwekambani kuitira kuti vaite ongororo inoenderera yemaitiro evashandi. Ko iyo musika yemahara uye yekutengeserana mhinduro yeiyo otomatiki yekudzidzisa sisitimu yevashandi vekambani inotipa:
-
GoPhish ipurojekiti yakavhurika sosi iyo inokutendera kuti utumire mushandirapamwe we phishing kuti utarise IT kuverenga kwevashandi vako. Ini ndaizofunga zvakanakira kuve nyore kutumira uye zvishoma zvinodiwa system. Izvo zvisingabatsiri kushaikwa kweakagadzirira-akagadzirwa matemplate ekutumira, kushaikwa kwebvunzo uye zvekudzidzisa zvevashandi. -
KuzivaBe4 - saiti ine nhamba huru yezvigadzirwa zviripo zvekuyedza vashandi. -
Phishman - otomatiki sisitimu yekuyedza uye kudzidziswa kwevashandi. Iine mhando dzakasiyana dzezvigadzirwa zvinotsigira kubva gumi kusvika kune vanopfuura 10 vashandi. Iwo makosi ekudzidzisa anosanganisira theory uye anoshanda maassignments; zvinokwanisika kuona zvinodiwa zvichibva pahuwandu hwakawanikwa mushure memushandirapamwe we phishing. Mhinduro yacho ndeyekutengesa pamwe nemukana wekushandiswa kwekuedza. -
Anti-phishing - otomatiki kudzidziswa uye chengetedzo yekutarisa system. Chigadzirwa chekutengesa chinopa nguva nenguva kudzidziswa kurwiswa, kudzidziswa kwevashandi, nezvimwe. Mushandirapamwe unopihwa sedemo vhezheni yechigadzirwa, iyo inosanganisira kutumira matemplate uye kuitisa matatu ekudzidzisa kurwisa.
Mhinduro dziri pamusoro ingori chikamu chezvigadzirwa zviripo pamusika wekudzidzira vashandi. Chokwadi, chimwe nechimwe chine zvazvakanakira nezvazvakaipira. Nhasi tichazivana
GoPhish
Saka, inguva yekudzidzira. GoPhish haina kusarudzwa nemukana: chishandiso-chinoshamwaridzika chishandiso chine anotevera maficha:
-
Kuiswa kwakareruka uye kutanga.
-
REST API rutsigiro. Inokutendera iwe kugadzira mibvunzo kubva
zvinyorwa uye shandisa zvinyorwa zvinyorwa. -
Yakanaka graphical control interface.
-
Muchinjikwa-chikuva.
Chikwata chebudiriro chakagadzirira zvakanakisa
CHINOKOSHA CHINOKOSHA!
Nekuda kweizvozvo, iwe unofanirwa kugamuchira mune terminal ruzivo nezve yakatumirwa portal, pamwe nemvumo data (inoenderana neshanduro dzakakura pane vhezheni 0.10.1). Usakanganwa kuchengetedza password yako!
msg="Please login with the username admin and the password <ΠΠΠ ΠΠΠ¬>"
Kunzwisisa iyo GoPhish setup
Mushure mekuisa, faira yekumisikidza (config.json) ichagadzirwa mudhairekitori rekushandisa. Ngatitsanangurirei maparameter ekuchinja:
Key
Kukosha (default)
tsananguro
admin_server.teerera_url
127.0.0.1:3333
GoPhish server IP kero
admin_server.use_tls
venhema
Iyo TLS inoshandiswa kubatanidza kune GoPhish server
admin_server.cert_path
example.crt
Nzira yeSSL chitupa cheGoPhish admin portal
admin_server.key_path
muenzaniso.kiyi
Nzira yekuenda kune yakavanzika SSL kiyi
phish_server.teerera_url
0.0.0.0:80
IP kero uye chiteshi pane iyo phishing peji inobatwa (nekusagadzika inogarwa paGoPhish server pachayo pachiteshi 80)
-> Enda kune manejimendi portal. Muchiitiko chedu: https://127.0.0.1:3333
-> Iwe uchakumbirwa kuti uchinje password yakarebesa kuita iri nyore kana zvinopesana.
Kugadzira chimiro chekutumira
Enda kune "Sending Profiles" tebhu uye upe ruzivo nezve mushandisi kubva kwaari kutumira kwedu:
Kupi:
zita
Sender zita
From
email yemutumiri
Host
IP kero yeesevha yetsamba panobuda tsamba inoteererwa.
Username
Mail server user account login.
Pasiwedhi
Mail server user account password.
Iwe unogona zvakare kutumira meseji yekuyedza kuti uve nechokwadi chekuburitsa kubudirira. Sevha zvigadziriso uchishandisa bhatani re "Chengetedza chimiro".
Kugadzira boka revagamuchiri
Tevere, iwe unofanirwa kuumba boka re "chetani mavara" vanogamuchira. Enda ku "Mushandisi & Mapoka" β "Boka Idzva". Pane nzira mbiri dzekuwedzera: nemaoko kana kupinza faira re CSV.
Yechipiri nzira inoda minda inotevera inodiwa:
-
Zita rokutanga
-
Zita rokupedzisira
-
enamel
-
nzvimbo
Somuenzaniso:
First Name,Last Name,Position,Email
Richard,Bourne,CEO,[email protected]
Boyd,Jenius,Systems Administrator,[email protected]
Haiti,Moreo,Sales & Marketing,[email protected]
Kugadzira Phishing Email template
Kana tangoziva munhu wekufungidzira anorwisa uye vangango batwa, isu tinofanirwa kugadzira template ine meseji. Kuti uite izvi, enda ku "Email Templates" β "New Templates" chikamu.
Paunenge uchigadzira template, nzira yehunyanzvi uye yekugadzira inoshandiswa; meseji kubva kune sevhisi inofanirwa kutsanangurwa iyo inozozivikanwa kune vashandisi vakabatwa kana kuvakonzeresa kuita. Zvimwe zvingasarudzwa:
zita
Zita retemplate
chidzidzo
Nyaya yetsamba
Chinyorwa/HTML
Munda wekuisa mavara kana HTML kodhi
Gophish inotsigira kupinza mavara, asi isu tichagadzira edu. Kuti tiite izvi, tinotevedzera mamiriro ezvinhu: mushandisi wekambani anogamuchira tsamba ichimukumbira kuti achinje password kubva kune yake yekambani email. Tevere, ngationgororei maitiro ake uye titarise "kubata" kwedu.
Isu tichashandisa akavakirwa-mukati akasiyana mune template. Mamwe mashoko anogona kuwanikwa mune zviri pamusoro
Chekutanga, ngatiisei zvinyorwa zvinotevera:
{{.FirstName}},
The password for {{.Email}} has expired. Please reset your password here.
Thanks,
IT Team
Saizvozvo, zita remushandisi richaiswa otomatiki (maererano nezvakambotaurwa "Boka Idzva" chinhu) uye kero yake yepositi icharatidzwa.
Tevere, isu tinofanirwa kupa chinongedzo kune yedu phishing sosi. Kuti uite izvi, simbisa izwi rekuti "pano" mune zvinyorwa uye sarudza iyo "Link" sarudzo pane control panel.
Tichaseta URL kune yakavakirwa-mukati shanduko {{.URL}}, yatinozozadza gare gare. Ichaiswa otomatiki mune zvinyorwa zve phishing email.
Usati wachengeta template, usakanganwa kugonesa iyo "Wedzera Tracking Mufananidzo" sarudzo. Izvi zvichawedzera 1x1 pixel media element iyo inoteedzera kana mushandisi avhura iyo email.
Saka, hapana zvakawanda zvasara, asi chekutanga tichapfupisa matanho anodiwa mushure mekupinda muGophish portal:
-
Gadzira chimiro chekutumira;
-
Gadzira boka rekugovera kwaunotsanangura vashandisi;
-
Gadzira phishing email template.
Bvumiranai, kuseta hakuna kutora nguva yakawanda uye tave kutogadzirira kutanga mushandirapamwe wedu. Chasara kuwedzera peji re phishing.
Kugadzira peji re phishing
Enda kune "Landing Mapeji" tab.
Tichakurudzirwa kuti titaure zita rechinhu chacho. Zvinogoneka kupinza iyo sosi saiti. Mumuenzaniso wedu, ndakaedza kutsanangura kushanda kwewebhu portal ye mail server. Saizvozvo, yakaunzwa kunze seHTML kodhi (zvisinei kwete zvachose). Aya anotevera anonakidza sarudzo dzekutora mushandisi kupinza:
-
Bata Yakatumirwa Dhata. Kana iyo saiti peji peji ine akasiyana mafomu ekuisa, ipapo data rese rinorekodhwa.
-
Bata mapassword - tora mapassword akanyorwa. Dhata inonyorerwa kuGoPhish dhatabhesi isina encryption, sezvazviri.
Pamusoro pezvo, isu tinogona kushandisa iyo "Redirect to" sarudzo, iyo inotungamira mushandisi kune yakatarwa peji mushure mekuisa zvitupa. Rega ndikuyeuchidze kuti takaisa mamiriro ezvinhu apo mushandisi anokurudzirwa kushandura password ye email yekambani. Kuti aite izvi, anopihwa fake mail mvumo portal peji, mushure mezvo mushandisi anogona kutumirwa kune chero inowanikwa kambani sosi.
Usakanganwa kuchengetedza peji rakapedzwa uye enda kuchikamu che "New Campaign".
Kutangwa kweGoPhish hove
Takapa ruzivo rwese rwunodiwa. Mu "New Campaign" tab, gadzira mushandirapamwe mutsva.
Campaign kutanga
Kupi:
zita
Zita remushandirapamwe
Email template
Message template
Kubva Peji
Phishing peji
URL
IP yeGoPhish server yako (inofanirwa kuve netiweki yekusvikika nemuiti weakabatwa)
Kutanga Musi
Zuva rekutanga Campaign
Send Emails By
Zuva rekupera kwemushandirapamwe (kutumira tsamba kwakagoverwa zvakafanana)
Kutumira Profile
Sender profile
Groups
Boka rinogamuchira tsamba
Mushure mekutanga, tinogona kugara tichizivana nenhamba, iyo inoratidza: yakatumirwa meseji, yakavhurwa mameseji, kudzvanya pane zvinongedzo, yakasara data yakaendeswa kune spam.
Kubva pazviverengero tinoona kuti meseji 1 yakatumirwa, ngatitarisei tsamba kubva kudivi reanogamuchira:
Chokwadi, akabatwa akabudirira kugamuchira email yekunyepedzera ichimukumbira kuti ateedzere chinongedzo chekuchinja password yekambani account yake. Isu tinoita zviito zvakakumbirwa, tinotumirwa kuMapeji eKudzika, ko nezvehuwandu?
Nekuda kweizvozvo, mushandisi wedu akadzvanya pa phishing link, kwaaigona kusiya ruzivo rweakaundi yake.
Chiziviso chemunyori: iyo data yekupinda maitiro haina kunyorwa nekuda kwekushandiswa kweyedzo marongero, asi sarudzo yakadaro iripo. Nekudaro, zvirimo hazvina kuvharirwa uye zvakachengetwa muGoPhish dhatabhesi, ndapota chengeta izvi mupfungwa.
Pane mhedziso
Nhasi tabata pamusoro wenyaya yazvino yekuitisa otomatiki kudzidzisa kwevashandi kuitira kuti vadzivirire kubva mukurwiswa kwehutsotsi uye kuvandudza IT kuverenga mavari. Gophish yakashandiswa semhinduro inokwanisika, iyo yakaratidza zvibereko zvakanaka maererano nenguva yekuendesa uye mhedzisiro. Neichi chishandiso chinowanikwa, unogona kuongorora vashandi vako uye kugadzira mishumo pamafambiro avo. Kana iwe uchifarira chigadzirwa ichi, tinopa rubatsiro mukuchiendesa uye kuongorora vashandi vako ([email inodzivirirwa]).
Nekudaro, isu hatisi kuzomira pakuongorora imwe mhinduro uye kuronga kuenderera mberi kutenderera, kwatinozotaura nezve Enterprise mhinduro dze otomatiki maitiro ekudzidzisa uye kutarisa kuchengetedza kwevashandi. Gara nesu uye uve wakangwarira!
Source: www.habr.com