Iinzame ze-Cybercriminals zokusongela iinkqubo ze-IT zihlala zivela. Ngokomzekelo, phakathi kweendlela esizibonileyo kulo nyaka, kuyafaneleka ukuba siqaphele kumawaka eendawo zokurhweba ze-e-commerce ukuba iinkcukacha zomntu kunye nokusebenzisa i-LinkedIn ukufaka ispyware. Ngaphezu koko, obu buchule busebenza: umonakalo ovela kulwaphulo-mthetho lwe-cyber ngo-2018 ufikelele .
Ngoku abaphandi abavela kwiprojekthi ye-IBM ye-X-Force Red baye baphuhlisa ubungqina bengqiqo (i-PoC) enokuba linyathelo elilandelayo kwi-evolution yobugebengu be-cyber. Ibizwa ngokuba , kwaye idibanisa iindlela zobugcisa kunye nezinye, iindlela zemveli.
Isebenza njani inqanawa yemfazwe
Ukukhwela inqanawa isebenzisa ikhompyutha efikelelekayo, engabizi kwaye iphantsi kwamandla ukwenza uhlaselo olukude kwindawo ekufutshane yexhoba, kungakhathaliseki ukuba indawo ye-cyber criminals ngokwabo. Ukwenza oku, isixhobo esincinci esinemodem enonxibelelwano lwe-3G sithunyelwa njengepasela kwiofisi yexhoba ngeposi eqhelekileyo. Ubukho bemodem buthetha ukuba isixhobo sinokulawulwa ukude.
Enkosi kwitshiphu engenazingcingo eyakhelweyo, isixhobo sikhangela iinethiwekhi ezikufutshane ukujonga iipakethi zabo zenethiwekhi. UCharles Henderson, intloko ye-X-Force Red e-IBM, uyacacisa: “Xa sibona 'inqanawa yethu yokulwa' ifika kumnyango wangaphambili wexhoba, kwigumbi leposi okanye kwindawo yokulahla i-imeyile, siyakwazi ukujonga ukude inkqubo kwaye sisebenzise izixhobo ukuya. ngokungenzi nto okanye uhlaselo olusebenzayo kwinethiwekhi yexhoba engenazingcingo. "
Uhlaselo ngenqanawa yemfazwe
Nje ukuba into ebizwa ngokuba "yimfazwe yemfazwe" ingaphakathi kwiofisi yexhoba, isixhobo siqala ukumamela iipakethi zedatha kwinethiwekhi engenazingcingo, enokusebenzisa ukungena kwinethiwekhi. Ikwaphulaphula iinkqubo zogunyaziso lomsebenzisi ukudibanisa kwinethiwekhi ye-Wi-Fi yexhoba kwaye ithumele le datha ngonxibelelwano lweselula kwi-cybercriminal ukuze ikwazi ukukhupha olu lwazi kwaye ifumane igama lokugqitha kwinethiwekhi ye-Wi-Fi yexhoba.
Ukusebenzisa olu xhulumaniso olungenazingcingo, umhlaseli ngoku unokujikeleza umnatha wexhoba, ekhangela iinkqubo ezisengozini, idatha ekhoyo, kwaye ebe ulwazi oluyimfihlo okanye amagama ayimfihlo omsebenzisi.
Usongelo olunamandla amakhulu
NgokukaHenderson, uhlaselo lunamandla okuba sisisongelo esifihlakeleyo, esisebenzayo sangaphakathi: ayibizi kwaye kulula ukuyiphumeza, kwaye inokungabonwa lixhoba. Ngaphezu koko, umhlaseli unokuququzelela esi sisongelo kude, ebekwe kumgama omkhulu. Kwezinye iinkampani apho umthamo omkhulu weposi kunye neepakethe zicutshungulwa yonke imihla, kulula kakhulu ukungahoywa okanye ukungahoywa kwipakethe encinci.
Enye yezinto ezenza ukuba imfazwe ibe yingozi kakhulu kukuba inokugqitha kukhuseleko lwe-imeyile olubekwe lixhoba ukunqanda i-malware kunye nolunye uhlaselo olusasazwa ngokuncamathiselwa.
Ukukhusela ishishini kwesi soyikiso
Ngenxa yokuba oku kubandakanya i-vector yohlaselo lomzimba ekungekho lulawulo phezu kwayo, kunokubonakala ngathi akukho nto inokunqanda esi songelo. Le yenye yezo meko apho ukulumka nge-imeyile kwaye ungathembeli kwizincamatheliso kwii-imeyile akuyi kusebenza. Nangona kunjalo, kukho izisombululo ezinokunqanda esi sisongelo.
Imiyalelo yokulawula ivela kwinqanawa yemfazwe ngokwayo. Oku kuthetha ukuba le nkqubo ingaphandle kwinkqubo ye-IT yombutho. yeka ngokuzenzekelayo naziphi na iinkqubo ezingaziwayo kwinkqubo ye-IT. Ukuqhagamshela kumyalelo womhlaseli kunye nomncedisi wolawulo usebenzisa "inqanawa yemfazwe" enikiweyo yinkqubo engaziwayo ukhuseleko, ngoko ke, inkqubo enjalo iya kuvalwa, kwaye inkqubo iya kuhlala ikhuselekile.
Okwangoku, ukulwa nemfazwe kusebubungqina bengcamango (PoC) kwaye ayisetyenziswa kuhlaselo lokwenyani. Nangona kunjalo, ubuchule obuqhubekayo bobugebenga be-cyber kuthetha ukuba indlela enjalo ingaba yinyani kwixesha elizayo elingekude.
umthombo: www.habr.com