Namhlanje, umlawuli wenethiwekhi okanye injineli yokhuseleko lolwazi uchitha ixesha elininzi kunye nomzamo wokukhusela umjikelezo wenethiwekhi yeshishini kwizisongelo ezahlukeneyo, ulawula iinkqubo ezintsha zokuthintela kunye nokubeka iliso kwiziganeko, kodwa oku akuqinisekisi ukhuseleko olupheleleyo. Ubunjineli bezentlalo busetyenziswa ngokusebenzayo ngabahlaseli kwaye kunokuba nemiphumo emibi.
Kukangaphi ukhe wazibhaqa ucinga: “Kungakuhle ukwenza amalungiselelo okukhangela abasebenzi ukuze bafunde kukhuseleko lolwazi”? Ngelishwa, iingcinga zibalekela eludongeni lokungaqondi ngendlela yenani elikhulu lemisebenzi okanye ixesha eliqingqiweyo losuku lokusebenza. Siceba ukukuxelela malunga neemveliso zanamhlanje kunye nobuchwepheshe kwintsimi ye-automation yoqeqesho lwabasebenzi, okungayi kufuna ukulungiswa ixesha elide lokulinga okanye ukuphunyezwa, kodwa kuqala kuqala.
Isiseko sethiyori
Namhlanje, ngaphezu kwe-80% yeefayile ezinobungozi zihanjiswa ngeposi (idatha ethathwe kwiingxelo zeengcali ze-Check Point kunyaka odlulileyo usebenzisa inkonzo yeeNgxelo zeNgqondo).
Ingxelo yeVector yoHlaselo lweFayile ekhohlakeleyo (eRussia) - Jonga indawo
Oku kuphakamisa ukuba umxholo kwimiyalezo ye-imeyile usengozini ngokwaneleyo ukuba isetyenziswe ngabahlaseli. Ukuba siqwalasela iifomati zefayile ezikhohlakeleyo ezidume kakhulu kwizinamathiselo (i-EXE, i-RTF, i-DOC), ngoko kuyafaneleka ukuba uqaphele ukuba ngokuqhelekileyo ziqulethe izinto ezizenzekelayo zokwenza ikhowudi (izikripthi, i-macros).
INgxelo yoNyaka kwiiFomathi zeFayile kwiMiyalezo ekhohlakeleyo efunyenweyo-Khangela indawo
Indlela yokujongana nale vector yokuhlaselwa? Ukujonga imeyile kusetyenziswa izixhobo zokhuseleko:
-
Antivirus - Ukuchongwa kotyikityo lwezoyikiso.
-
Ukuqulunqa -ibhokisi yesanti apho izincamatheliso zivulwa kwindawo ekwanti.
-
Ukwazisa Umxholo — ukutsalwa kwezinto ezisebenzayo kumaxwebhu. Umsebenzisi ufumana uxwebhu olucociweyo (ngokuqhelekileyo kwifomathi yePDF).
-
AntiSpam - ukujonga i-domain yomamkeli / umthumeli ngenxa yodumo.
Kwaye, kwithiyori, oku kwanele, kodwa kukho esinye isixhobo esixabiseke ngokulinganayo kwinkampani - idatha yenkampani kunye neyobuqu yabasebenzi. Kwiminyaka yakutshanje, ukuthandwa kolu hlobo lulandelayo lobuqhophololo kwi-Intanethi kukhula ngokusebenzayo:
Phishing (i-phishing yesiNgesi, ekulobeni - ukuloba, ukuloba) - uhlobo lobuqhetseba be-Intanethi. Injongo yayo kukufumana idatha yokuchongwa komsebenzisi. Oku kuquka ukubiwa kwamagama ayimfihlo, amanani ekhadi lokuthenga ngetyala, iiakhawunti zebhanki, kunye nolunye ulwazi olubuthathaka.
Abahlaseli bafezekisa uhlaselo lobuqhetseba, baqondisa ngokutsha izicelo ze-DNS kwiindawo ezidumileyo, kwaye basasaze imikhankaso yonke besebenzisa ubunjineli bezentlalo ukuthumela ii-imeyile.
Ke, ukukhusela i-imeyile yakho yeshishini kwi-phishing, iindlela ezimbini ziyacetyiswa, kwaye ukuzisebenzisa kunye kukhokelela kwiziphumo ezilungileyo:
-
Izixhobo zokukhusela zobuchwephesha. Njengoko bekutshiwo ngaphambili, iitekhnoloji ezahlukeneyo zisetyenziselwa ukujonga kunye nokudlulisa i-imeyile esemthethweni kuphela.
-
Uqeqesho lwethiyori lwabasebenzi. Ibandakanya uvavanyo olubanzi lwabasebenzi ukuchonga amaxhoba anokuba ngamaxhoba. Ngaphezu koko, baphinda baqeqeshwa, izibalo zihlala zirekhodwa.
Musa ukuthemba kwaye uqinisekise
Namhlanje siza kuthetha ngendlela yesibini yokuthintela ukuhlaselwa kwe-phishing, oko kukuthi, uqeqesho oluzenzekelayo lwabasebenzi ukwenzela ukwandisa umgangatho wokhuseleko lwedatha yenkampani kunye neyomntu. Kutheni inokuba yingozi kangaka?
ubunjineli bezentlalo - ukuguqulwa kwengqondo yabantu ukuze benze izenzo ezithile okanye baveze ulwazi oluyimfihlo (ngokumalunga nokhuseleko lolwazi).
Umzobo wemeko yokusasazwa kohlaselo lobutsotsi
Makhe sijonge kwiflowutshati eyonwabisayo ebonisa ngokufutshane indlela yokukhuthaza iphulo lokurhwaphiliza. Inezigaba ezahlukeneyo:
-
Ukuqokelelwa kwedatha yokuqala.
Ngenkulungwane yama-21, kunzima ukufumana umntu ongabhaliswanga kuyo nayiphi na inethiwekhi yoluntu okanye kwiiforum ezahlukeneyo ezinemixholo. Ngokwemvelo, abaninzi bethu bashiya ulwazi olucacileyo malunga nathi: indawo yomsebenzi wangoku, iqela labalingane, ifowuni, i-imeyile, njl. Yongeza kulwazi olulolwakho malunga nezinto anomdla kuzo umntu, kwaye unedatha yokwenza itemplate yokukhohlisa. Nangona kwakungenakwenzeka ukufumana abantu abanolwazi olunjalo, kukho rhoqo iwebhusayithi yenkampani apho ungayifumana khona yonke ingcaciso esinomdla kuyo (i-imeyile yesizinda, oonxibelelwano, oonxibelelwano).
-
Ukuqaliswa kwephulo.
Nje ukuba unyawo lusekiwe, unokusungula umkhankaso wakho wobuqhetseba obujoliswe kuko usebenzisa izixhobo ezihlawulelwayo okanye ezihlawulelwayo. Ngethuba loluhlu lokuposa, uya kuqokelela izibalo: i-imeyile ethunyelwe, i-imeyile evulekileyo, ukucofa amakhonkco, ukufaka iziqinisekiso, njl.
Iimveliso kwimarike
I-Phishing ingasetyenziswa ngabo bobabini abaphuli-mthetho kunye nabasebenzi bokhuseleko lolwazi lwenkampani ukuze kuqhutyelwe uphicotho oluqhubekayo lokuziphatha kwabasebenzi. Imakethi isinika ntoni simahla kunye nezisombululo zorhwebo zenkqubo yoqeqesho oluzenzekelayo lwabasebenzi benkampani:
-
GoPhish yiprojekthi yomthombo ovulekileyo ekuvumela ukuba usebenzise inkampani yokukhohlisa ukuze ukhangele ulwazi lwe-IT lwabasebenzi bakho. Uncedo endiya kubandakanya ukulula kokusasazwa kunye neemfuno zenkqubo encinci. Ukungalungi kukungabikho kweetemplates zokuposa esele zenziwe, ukungabikho kweemvavanyo kunye nezixhobo zokuqeqesha abasebenzi. -
KnowBe4 - iqonga elinenani elikhulu leemveliso ezikhoyo zovavanyo lwabasebenzi. -
Phishman - inkqubo ezenzekelayo yokuvavanya nokuqeqesha abasebenzi. Ineenguqulelo ezahlukeneyo zeemveliso ezixhasa ukusuka kwi-10 ukuya kwabasebenzi abangaphezu kwe-1000. Iikhosi zoqeqesho ziquka ithiyori kunye nemisebenzi ebonakalayo, kunokwenzeka ukuchonga iimfuno ezisekelwe kwizibalo ezifunyenwe emva kwephulo lokukhwabanisa. Isisombululo sirhweba kunye nokwenzeka kokusetyenziswa kovavanyo. -
Antiphishing — inkqubo yoqeqesho oluzenzekelayo kunye nolawulo lokhuseleko. Imveliso yorhwebo inikezela ngohlaselo lokuhlekisa ngamaxesha athile, uqeqesho lwabasebenzi, njl. Njengenguqu yedemo yemveliso, iphulo linikezelwa elibandakanya ukuthunyelwa kweetemplates kunye nokuqhuba ukuhlaselwa koqeqesho kathathu.
Ezi zisombululo zingentla ziyinxalenye kuphela yeemveliso ezikhoyo kwimarike yoqeqesho lwabasebenzi oluzenzekelayo. Kakade ke, nganye ineengenelo kunye neengxaki zayo. Namhlanje siza kwazi
GoPhish
Ke, lixesha lokuziqhelanisa. IGoPhish ayikhethwanga ngamabona-ndenzile: sisixhobo esisebenziseka lula esinezi mpawu zilandelayo:
-
Ufakelo olulula kunye nokuqaliswa.
-
REST API inkxaso. Ikuvumela ukuba wenze izicelo ukusuka
amaxwebhu kwaye usebenzise izikripthi ezizenzekelayo. -
Ujongano lomsebenzisi olululo.
-
Umnqamlezo-iqonga.
Iqela lophuhliso lilungiselele okugqwesileyo
INQAKU ELIBALULEKILEYO!
Ngenxa yoko, kufuneka ufumane ulwazi malunga ne-portal esetyenzisiweyo kwi-terminal, kunye nedatha yogunyaziso (efanelekileyo kwiinguqulelo ezindala kune-version 0.10.1). Ungalibali ukugcina igama eliyimfihlo!
msg="Please login with the username admin and the password <ПАРОЛЬ>"
Ukuqonda ukuseta kweGoPhish
Emva kofakelo, ifayile yoqwalaselo (config.json) iya kwenziwa kulawulo lwesicelo. Makhe sichaze iiparamitha zokuyitshintsha:
Ngundoqo
Ixabiso (ihlala ikho)
inkcazelo
admin_server.mamela_url
127.0.0.1:3333
Idilesi ye-IP yeseva yeGoPhish
admin_server.use_tls
amanga
Ngaba i-TLS isetyenziselwa ukuqhagamshela kwiseva yeGoPhish
admin_server.cert_path
umzekelo.crt
Indlela eya kwisatifikethi se-SSL seGoPhish Admin Portal
admin_server.key_indlela
umzekelo.isitshixo
Indlela eya kwiqhosha le-SSL labucala
phish_server.mamela_url
0.0.0.0:80
Phishing iphepha ibamba idilesi ye IP kunye nezibuko (ibanjwe kumncedisi we GoPhish ngokwayo kwizibuko 80 ngokungagqibekanga)
—> Yiya kwi-portal yolawulo. Kwimeko yethu: https://127.0.0.1:3333
-> Uya kucelwa ukuba utshintshe igama eliyimfihlo elaneleyo ukuya kwelula okanye ngokuchaseneyo.
Ukudala iprofayile yomthumeli
Yiya kwithebhu ethi "Ukuthumela iiProfayili" kwaye ucacise idatha malunga nomsebenzisi oza kuthunyelwa kuye i-imeyile:
Kuphi:
igama
Igama lomthumeli
ukusuka
Imeyile yomthumeli
host
Idilesi ye-IP yeseva yemeyile apho imeyile engenayo izakumanyelwa.
lomsebenzisi
Iseva yemeyile yokungena kwiakhawunti yomsebenzisi.
Inombolo yokuvula
Igama lokugqitha le akhawunti yomsebenzisi weseva yemeyile.
Ungathumela nomyalezo wovavanyo ukuqinisekisa ukuba ukuhanjiswa kube yimpumelelo. Gcina useto usebenzisa iqhosha elithi "Gcina iprofayile".
Yenza iqela lendawo
Okulandelayo, kufuneka wenze iqela labamkeli "iileta zolonwabo". Yiya ku "Umsebenzisi & Amaqela" → "Iqela elitsha". Kukho iindlela ezimbini zokongeza: ngesandla okanye ukungenisa ngaphandle ifayile ye-CSV.
Indlela yesibini ifuna ubukho bemimandla efunekayo:
-
Igama lokuqala
-
Ifani
-
Imeyli
-
indawo
Umzekelo:
First Name,Last Name,Position,Email
Richard,Bourne,CEO,[email protected]
Boyd,Jenius,Systems Administrator,[email protected]
Haiti,Moreo,Sales & Marketing,[email protected]
Yenza itemplate ye-imeyile yokukhohlisa
Emva kokuba sichonge umhlaseli ocingayo kunye namaxhoba anokubakho, kufuneka senze itemplate yomyalezo. Ukwenza oku, yiya kwindawo ethi "Iitemplates ze-imeyile" → "Iitemplates eziNtsha" icandelo.
Xa usenza itemplate, indlela yobugcisa kunye nobuchule isetyenzisiweyo, kufuneka ucacise umyalezo ovela kwinkonzo eya kuba yinto eqhelekileyo kubasebenzisi bexhoba okanye ubangele ukusabela okuthile. Ukhetho olunokwenzeka:
igama
Igama letemplate
Isihloko
Isihloko sencwadi
Umbhalo/HTML
Indawo yokufaka umbhalo okanye ikhowudi yeHTML
I-Gophish ixhasa ukungeniswa kwe-imeyile, kodwa siza kudala ezethu. Ukwenza oku, silinganisa imeko: umsebenzisi wenkampani ufumana ileta enesiphakamiso sokutshintsha igama eliyimfihlo kwi-imeyile yakhe yenkampani. Emva koko, sihlalutya indlela asabela ngayo kwaye sijonge "ukubamba" kwethu.
Siza kusebenzisa izinto eziguquguqukayo ezakhelwe ngaphakathi kwitemplate. Iinkcukacha ezithe kratya zinokufumaneka apha ngasentla
Okokuqala, masilayishe okubhaliweyo kulandelayo:
{{.FirstName}},
The password for {{.Email}} has expired. Please reset your password here.
Thanks,
IT Team
Ngokufanelekileyo, igama lomsebenzisi liya kutshintshwa ngokuzenzekelayo (ngokungqinelana nenqaku elithi “Iqela Elitsha” elisetwe ngaphambili) kwaye idilesi yakhe yeposi iya kuboniswa.
Okulandelayo, kufuneka sinikeze ikhonkco kwisixhobo sethu sokukhohlisa. Ukwenza oku, khetha igama elithi "apha" kwisicatshulwa kwaye ukhethe "Ikhonkco" kwiphaneli yokulawula.
Njenge-URL, siya kuchaza umahluko owakhelwe-ngaphakathi {{.URL}}, esiya kuyigcwalisa kamva. Iza kufakwa ngokuzenzekelayo kumzimba we-imeyile ye-phishing.
Ungalibali ukwenza "Yongeza uMfanekiso wokuKhangela" ngaphambi kokugcina ithempleyithi. Oku kuyakongeza i-1x1 pixel media element eya kulandelela xa umsebenzisi evule i-imeyile.
Ke, akukho nto ingako iseleyo, kodwa kuqala sishwankathela amanyathelo afunekayo emva kogunyaziso kwi-portal yeGophish:
-
Yenza iprofayile yomthumeli;
-
Yenza iqela lokuhambisa apho uchaza abasebenzisi;
-
Yenza itemplate ye-imeyile yenkohliso.
Vuma, ukuseta akuthathanga xesha lininzi kwaye sele sikulungele ukusungula iphulo lethu. Kuhlala ukongeza iphepha lokukhohlisa.
Ukudala iPhepha lokuPhikisana
Yiya kwi "Landing Pages" ithebhu.
Siya kucelwa ukuba sichaze igama laloo nto. Kuyenzeka ukungenisa indawo yomthombo. Kumzekelo wethu, ndizamile ukucacisa i-portal yewebhu ye-imeyile esebenzayo. Ngokufanelekileyo, yayingeniswa njengekhowudi ye-HTML (nangona ingekho ngokupheleleyo). Ezi zilandelayo zikhetho ezinomdla zokuthatha igalelo lomsebenzisi:
-
Thatha iDatha eNgenisiweyo. Ukuba iphepha lesayithi elichaziweyo liqulethe iifom ezahlukeneyo zokufaka, ngoko yonke idatha iya kubhalwa.
-
Bamba amagama ayimfihlo - bamba amagama ayimfihlo. Idatha ibhaliwe kwi-database ye-GoPhish ngaphandle kokufihlwa, njengoko kunjalo.
Ukongezelela, sinokusebenzisa inketho ethi "Redirect to", eya kuthumela kwakhona umsebenzisi kwiphepha elikhankanyiweyo emva kokufaka iziqinisekiso. Mandikukhumbuze ukuba sisete imeko xa umsebenzisi eyalelwe ukuba atshintshe igama lokugqitha le imeyile yenkampani. Ukwenza oku, unikezwa iphepha elikhohlisayo le-portal yogunyaziso lweposi, emva koko umsebenzisi angathunyelwa kuyo nayiphi na isibonelelo senkampani esikhoyo.
Ungalibali ukugcina iphepha eligqityiweyo kwaye uye kwicandelo elithi "Iphulo elitsha".
Ukusungula ukuloba kweGoPhish
Sinike lonke ulwazi olufunekayo. Kwithebhu ethi "Iphulo Elitsha", yenza iphulo elitsha.
Ukuqaliswa kwephulo
Kuphi:
igama
Igama lephulo
Itemplate ye-imeyile
Itemplate yomyalezo
Ukuya kwekhasi
Iphepha le-Phishing
URL
IP yeseva yakho yeGoPhish (kufuneka ibe nokufikeleleka kwinethiwekhi kunye nomnini wexhoba)
Usuku lokuqalisa
Umhla wokuqalisa kwephulo
Thumela i-imeyile Ngo
Umhla wokuphela kwephulo (iposi isasazwe ngokulinganayo)
Ukuthumela iProfayili
Iprofayile yomthumeli
amaqela
Iqela lomamkeli wokuposa
Emva kokuqala, sinokuhlala siqhelana nezibalo, ezibonisa: imiyalezo ethunyelwe, imiyalezo evulekile, ucofa kwiikhonkco, idatha esele, ukudluliselwa kwi-spam.
Ukusuka kwizibalo sibona ukuba umyalezo om-1 uthunyelwe, masijonge imeyile kwicala lomamkeli:
Ewe, ixhoba lifumene ngempumelelo i-imeyile ye-phishing ebacela ukuba balandele ikhonkco lokutshintsha igama lokugqitha leakhawunti yabo. Senza izenzo eziceliwe, sithunyelwa kwiphepha le-Landing Pages, kuthekani ngezibalo?
Ngenxa yoko, umsebenzisi wethu ulandele ikhonkco lokurhwaphiliza apho ebenokuthi ashiye iinkcukacha zeakhawunti yakhe.
Inqaku lombhali: inkqubo yokungeniswa kwedatha ayizange ilungiswe ngenxa yokusetyenziswa koyilo lovavanyo, kodwa kukho ukhetho olunjalo. Ngexesha elifanayo, umxholo awubhalwanga kwaye ugcinwe kwi-database ye-GoPhish, nceda uqaphele oku.
Endaweni yesiphelo
Namhlanje sichukumise umba ophambili wokuqhuba uqeqesho oluzenzekelayo lwabasebenzi ukuze bakhuseleke kuhlaselo lobuqhetseba nokubafundisa kwi-IT. Njengesisombululo esifikelelekayo, iGophish yasetyenziswa, eyenze kakuhle ngokwexesha lokuthunyelwa kwisiphumo. Ngesi sixhobo esifikelelekayo, unokujonga abasebenzi bakho kwaye uvelise iingxelo ngokuziphatha kwabo. Ukuba unomdla kule mveliso, sinikezela ngoncedo lokuyithumela kunye nokuphicotha abasebenzi bakho ([imeyile ikhuselwe]).
Nangona kunjalo, asiyi kumisa ukuphononongwa kwesisombululo esinye kwaye sicwangcise ukuqhubeka nomjikelo, apho siza kuthetha ngezisombululo zeShishini zokuzenzekelayo inkqubo yokufunda kunye nokubeka iliso kukhuseleko lwabasebenzi. Hlala nathi kwaye uphaphe!
umthombo: www.habr.com