Nakuba i-Big Enterprise yakha ukungabaza okuqinile okuvela kubahlaseli nabagebengu bangaphakathi abangaba khona, ubugebengu bokweba imininingwane ebucayi kanye nama-imeyili ogaxekile kusalokhu kuyikhanda ezinkampanini ezilula. Ukube uMarty McFly wayazi ukuthi ngo-2015 (futhi ngisho nangaphezulu ngo-2020) abantu ngeke nje basungule ama-hoverboards, kodwa babengeke bafunde ukuqeda ngokuphelele i-junk mail, cishe wayezolahlekelwa ukholo esintwini. Ngaphezu kwalokho, ugaxekile namuhla awugcini nje ngokucasula, kodwa ngokuvamile uyingozi. Cishe ku-70% wokusetshenziswa kwe-killchain, izigebengu ze-inthanethi zingena kungqalasizinda zisebenzisa uhlelo olungayilungele ikhompuyutha oluqukethwe kokunamathiselwe kwi-imeyili noma ngezixhumanisi zobugebengu bokweba imininingwane ebucayi kuma-imeyili.
Muva nje, kube nokuthambekela okucacile ekusakazeni ubunjiniyela bezenhlalakahle njengendlela yokungena kwingqalasizinda yenhlangano. Uma siqhathanisa izibalo zango-2017 no-2018, sibona ukwanda okucishe kube ngu-50% yenani lezimo lapho uhlelo olungayilungele ikhompuyutha ilethwa khona kumakhompuyutha esisebenzi ngezinanyathiselwa noma izixhumanisi zobugebengu bokweba imininingwane ebucayi emzimbeni we-imeyili.
Ngokuvamile, lonke uhla lwezinsongo ezingenziwa kusetshenziswa i-imeyili zingahlukaniswa ngezigaba ezimbalwa:
- ugaxekile ongenayo
- ukufakwa kwamakhompyutha enhlangano ku-botnet ethumela ugaxekile ophumayo
- okunamathiselwe okunonya namagciwane emzimbeni wencwadi (izinkampani ezincane zivame ukuhlushwa ukuhlaselwa okukhulu njengoPetya).
Ukuze uvikele kuzo zonke izinhlobo zokuhlaselwa, ungasebenzisa amasistimu okuphepha olwazi ambalwa, noma ulandele indlela yemodeli yesevisi. Thina kakade mayelana ne-Unified Cybersecurity Services Platform - umnyombo we-Solar MSS ephethwe i-cybersecurity services ecosystem. Phakathi kwezinye izinto, kuhlanganisa ubuchwepheshe obubonakalayo be-Secure Email Gateway (SEG). Njengomthetho, ukubhaliswa kule sevisi kuthengwa izinkampani ezincane lapho yonke imisebenzi ye-IT kanye nokuphepha kolwazi inikezwa umuntu oyedwa - umlawuli wesistimu. Ugaxekile yinkinga ehlala ibonakala kubasebenzisi nabaphathi, futhi ayikwazi ukuzitshwa. Kodwa-ke, ngokuhamba kwesikhathi, ngisho nabaphathi bayacaca ukuthi akunakwenzeka ukumane "uwise" kumphathi wesistimu - kuthatha isikhathi esiningi kakhulu.
Amahora angu-2 okudlulisa imeyili maningi kancane
Omunye wabathengisi weza kithi enesimo esifanayo. Izinhlelo zokulandelela isikhathi zabonisa ukuthi nsuku zonke abasebenzi bakhe bachitha cishe u-25% wesikhathi sabo sokusebenza (amahora angu-2!) ekuhleleni ibhokisi leposi.
Ngemva kokuxhuma iseva yemeyili yekhasimende, silungiselele isibonelo se-SEG njengesango elinezindlela ezimbili kukho kokubili imeyili engenayo naphumayo. Siqale ukuhlunga ngokwezinqubomgomo ezimiswe ngaphambilini. Sihlanganise Uhlu Oluvinjelwe ngokusekelwe ekuhlaziyweni kwedatha enikezwe ikhasimende kanye nohlu lwethu lwamakheli angaba yingozi atholwe ochwepheshe beSolar JSOC njengengxenye yezinye izinsizakalo - ngokwesibonelo, ukuqapha izigameko zokuphepha kolwazi. Ngemva kwalokho, yonke i-imeyili yathunyelwa kubamukeli kuphela ngemva kokuhlanza, futhi ukuthunyelwa kogaxekile okuhlukahlukene mayelana "nezaphulelo ezinkulu" kuyeka ukuthululela kumaseva eposi ekhasimende ngamathani, kukhulula isikhala kwezinye izidingo.
Kodwa kuye kwaba nezimo lapho incwadi esemthethweni ichazwa ngephutha njengogaxekile, isibonelo, njengetholwe kumthumeli ongathenjwa. Kulokhu, sinikeze ikhasimende ilungelo lesinqumo. Azikho izinketho eziningi kulokho okufanele ukwenze: yisuse ngokushesha noma uyithumele ekuhlukaniseni abantu. Sikhethe indlela yesibili, lapho kugcinwa khona i-junk mail ku-SEG uqobo. Sinikeze umlawuli wesistimu ngokufinyelela kukhonsoli yewebhu, lapho angathola khona incwadi ebalulekile noma kunini, isibonelo, evela kozakwabo, futhi ayidlulisele kumsebenzisi.
Ukususa ama-parasites
Isevisi yokuvikela i-imeyili ihlanganisa imibiko yokuhlaziya, inhloso yayo ukuqapha ukuphepha kwengqalasizinda nokusebenza ngempumelelo kwezilungiselelo ezisetshenzisiwe. Ngaphezu kwalokho, le mibiko ikuvumela ukuthi ubikezele amathrendi. Isibonelo, sithola isigaba esihambelanayo esithi "Ugaxekile Ngomamukeli" noma "Ugaxekile Ngomthumeli" embikweni futhi sibheke ukuthi ikheli likabani elithola inombolo enkulu yemilayezo evinjiwe.
Kwakungesikhathi sihlaziya umbiko onjalo lapho inani lezincwadi elanda ngokuphawulekayo ezivela kwelinye lamakhasimende labonakala liyasolisa kithi. Ingqalasizinda yayo incane, isibalo sezinhlamvu siphansi. Futhi kungazelelwe, ngemva kosuku lokusebenza, inani logaxekile abavinjiwe licishe liphindeke kabili. Sanquma ukubhekisisa.
Siyabona ukuthi inani lezinhlamvu eziphumayo linyukile, futhi zonke endaweni ethi βUmthumeliβ aqukethe amakheli asuka esizindeni esixhunywe kusevisi yokuvikela imeyili. Kodwa kune-nuance eyodwa: phakathi kwamakheli ahlakaniphile, mhlawumbe akhona, kukhona okungajwayelekile. Sibheke ama-IP lapho izinhlamvu zithunyelwa khona, futhi, bekulindelekile, kwavela ukuthi kwakungewona awendawo yekheli elivikelwe. Ngokusobala, umhlaseli ubethumela ugaxekile egameni lekhasimende.
Kulokhu, senze izincomo zekhasimende mayelana nendlela yokulungisa kahle amarekhodi e-DNS, ikakhulukazi i-SPF. Uchwepheshe wethu useluleke ukuba sakhe irekhodi le-TXT eliqukethe umthetho othi βv=spf1 mx ip:1.2.3.4/23 -allβ, eliqukethe uhlu oluphelele lwamakheli avunyelwe ukuthumela izincwadi egameni lesizinda esivikelwe.
Empeleni, kungani lokhu kubalulekile: ugaxekile egameni lenkampani encane engaziwa awujabulisi, kodwa awubucayi. Isimo sihluke ngokuphelele, isibonelo, embonini yamabhange. Ngokwalokho esikubonile, izinga lokuthembela kwesisulu ku-imeyili yobugebengu bokweba imininingwane ebucayi likhuphuka izikhathi eziningi uma kuthiwa ithunyelwe isuka esizindeni selinye ibhange noma elinye iqembu elaziwa yisisulu. Futhi lokhu akuhlukanisi abasebenzi basebhange kuphela; kwezinye izimboni - umkhakha wezamandla ngokwesibonelo - sibhekene nesimo esifanayo.
Ukubulala amagciwane
Kodwa i-spoofing akuyona inkinga evamile njengokuthi, isibonelo, izifo ezibangelwa amagciwane. Uvame ukulwa kanjani nezifo eziwumshayabhuqe? Bafaka i-antivirus futhi banethemba lokuthi βisitha ngeke sidlule.β Kodwa uma yonke into beyilula, ngakho-ke, uma kubhekwa izindleko eziphansi zama-antivirus, wonke umuntu ngabe ukhohlwe kudala ngenkinga ye-malware. Khonamanjalo, sihlala sithola izicelo ezivela ochungechungeni oluthi βsisisize sibuyisele amafayela, sibethele yonke into, umsebenzi umisiwe, idatha ilahlekile.β Asikhathali ukuphinda kumakhasimende ethu ukuthi i-antivirus ayiyona i-panacea. Ngaphezu kweqiniso lokuthi imininingwane egciniwe ye-anti-virus ingase ingabuyekezwa ngokushesha ngokwanele, sivame ukuhlangana ne-malware engadluleli nje kuphela ama-anti-virus, kodwa namabhokisi e-sandbox.
Ngeshwa, izisebenzi ezimbalwa ezijwayelekile zezinhlangano ziyazi ngobugebengu bokweba imininingwane ebucayi nama-imeyili anonya futhi ziyakwazi ukuwehlukanisa nokuxhumana okuvamile. Ngokwesilinganiso, wonke umsebenzisi wesi-7 ongatholi ukuqwashisa okuvamile unqotshwa ubunjiniyela bezenhlalo: ukuvula ifayela elinegciwane noma ukuthumela idatha yabo kubahlaseli.
Nakuba izinga lokuhlaselwa kwezenhlalo, ngokuvamile, liye lakhula kancane kancane, lo mkhuba uye wabonakala ikakhulukazi ngonyaka odlule. Ama-imeyili obugebengu bokweba imininingwane ebucayi ayesefana kakhulu nama-imeyili avamile mayelana namaphromoshini, imicimbi ezayo, njll. Lapha singakhumbula ukuhlasela kwe-Silence emkhakheni wezezimali - abasebenzi basebhange bathola incwadi okusolakala ukuthi inekhodi yokuphromotha yokubamba iqhaza engqungqutheleni yemboni edumile ye-iFin, futhi iphesenti lalabo abanqotshwe ubuqili laliphezulu kakhulu, nakuba, masikhumbule. , sikhuluma ngemboni yasebhange - ehamba phambili kakhulu ezindabeni zokuphepha kolwazi.
Ngaphambi konyaka omusha wokugcina, siphinde sabona izimo ezimbalwa lapho izisebenzi zezinkampani zezimboni zithola izincwadi zobugebengu bokweba imininingwane ebucayi zekhwalithi ephezulu kakhulu βezinohluβ lwamaphromoshini kaNcibijane ezitolo ezidumile ze-inthanethi kanye namakhodi okukhangisa ezaphulelo. Izisebenzi azigcinanga ngokuzama ukulandela isixhumanisi ngokwazo, kodwa futhi zadlulisela incwadi kozakwabo abavela ezinhlanganweni ezihlobene. Njengoba insiza lapho isixhumanisi ku-imeyili yobugebengu bokweba imininingwane ebucayi ivinjiwe, abasebenzi baqala ngobuningi ukuhambisa izicelo kusevisi ye-IT ukuze banikeze ukufinyelela kuyo. Ngokuvamile, impumelelo yokuthunyelwa kweposi kumele ibe ngaphezu kwakho konke obekulindelwe abahlaseli.
Futhi muva nje inkampani βebeyibethelweβ iphendukele kithi ukuze ithole usizo. Konke kwaqala lapho abasebenzi be-accounting bethola incwadi okuthiwa ivela eBhange Elikhulu LeRussian Federation. Umgcinimabhuku uchofoze isixhumanisi encwadini futhi wadawuniloda umvukuzi we-WannaMine emshinini wakhe, owathi, njenge-WannaCry edumile, waxhaphaza ubungozi be-EternalBlue. Okuthakazelisa kakhulu ukuthi ama-antivirus amaningi akwazile ukuthola amasignesha awo kusukela ekuqaleni kuka-2018. Kodwa, kungakhathaliseki ukuthi i-antivirus ikhutshaziwe, noma i-database ayizange ibuyekezwe, noma yayingekho nhlobo - kunoma yikuphi, umvukuzi wayesevele ekhompyutheni, futhi akukho lutho oluvimbile ekusakazeni ngokuqhubekayo kunethiwekhi yonkana, ukulayisha amaseva ' I-CPU neziteshi zokusebenza ku-100%.
Leli khasimende, ngemva kokuthola umbiko ovela ethimbeni lethu labahloli bezobunhloli, labona ukuthi leli gciwane langena kulo nge-imeyili, futhi lethula iphrojekthi yokuhlola yokuxhuma isevisi yokuvikela i-imeyili. Into yokuqala esiyimisayo kwakuyi-antivirus ye-imeyili. Ngasikhathi sinye, ukuskena uhlelo olungayilungele ikhompuyutha kwenziwa njalo, futhi izibuyekezo zesiginesha zaqale zenziwa njalo ngehora, bese ikhasimende lishintshela kabili ngosuku.
Ukuvikeleka okugcwele ekuthelelekeni ngegciwane kufanele kubekwe ungqimba. Uma sikhuluma ngokudluliswa kwamagciwane nge-imeyili, khona-ke kuyadingeka ukuhlunga izinhlamvu ezinjalo emnyango, uqeqeshe abasebenzisi ukuthi babone ubunjiniyela bezenhlalo, bese bethembela kuma-antivirus namabhokisi e-sandbox.
eSEGda eqaphile
Vele, asisho ukuthi izixazululo ze-Secure Email Gateway ziyi-panacea. Ukuhlasela okuhlosiwe, okuhlanganisa nobugebengu bokweba imininingwane ebucayi ngomkhonto, kunzima kakhulu ukukunqanda ngoba... Ukuhlasela ngakunye okunjalo βkwenzelweβ umamukeli othile (inhlangano noma umuntu). Kodwa enkampanini ezama ukunikeza izinga eliyisisekelo lokuphepha, lokhu kuningi, ikakhulukazi ngesipiliyoni esifanele kanye nobuchwepheshe obusetshenziswa emsebenzini.
Imvamisa, lapho kwenziwa ubugebengu bokweba imininingwane ebucayi ngomkhonto, okunamathiselwe okunonya akufakiwe emzimbeni wezinhlamvu, ngaphandle kwalokho uhlelo lwe-antispam luzovimba ngokushesha leyo ncwadi lapho isendleleni eya kumamukeli. Kodwa bahlanganisa izixhumanisi kumthombo wewebhu olungiselelwe kusengaphambili embhalweni wencwadi, bese kuba yindaba encane. Umsebenzisi ulandela isixhumanisi, bese kuthi ngemva kokuqondiswa kabusha okuningana esikhathini esingangemizuzwana kugcine kokokugcina kulo lonke iketango, ukuvulwa kwakho kuzodawuniloda uhlelo olungayilungele ikhompuyutha yakhe.
Okuyinkimbinkimbi nakakhulu: ngesikhathi uthola incwadi, isixhumanisi singaba yingozi futhi kuphela ngemva kokuba sekudlule isikhathi esithile, lapho isivele iskena futhi yeqiwa, ingabe izoqala ukuqondisa kabusha ku-malware. Ngeshwa, ochwepheshe beSolar JSOC, ngisho becabangela amakhono abo, ngeke bakwazi ukumisa isango lemeyili ukuze βbaboneβ uhlelo olungayilungele ikhompuyutha kulo lonke uchungechunge (yize, njengesivikelo, ungasebenzisa ukushintshwa okuzenzakalelayo kwazo zonke izixhumanisi ezincwadini. kuya ku-SEG, ukuze lowo wokugcina ahlole isixhumanisi hhayi kuphela ngesikhathi sokulethwa kwencwadi, nasoguqukweni ngalunye).
Ngaleso sikhathi, ngisho nokuqondisa kabusha okuvamile kungabhekwana nakho ngokuhlanganiswa kwezinhlobo ezimbalwa zobuchwepheshe, okuhlanganisa idatha etholwe yi-JSOC CERT yethu kanye ne-OSINT. Lokhu kukuvumela ukuthi udale izinhla zokuvinjelwa ezinwetshiwe, ezisuselwe lapho ngisho nohlamvu olunokudluliselwa okuningi luzovinjelwa.
Ukusebenzisa i-SEG kumane kuyisitini esincane odongeni noma iyiphi inhlangano efuna ukwakha ukuze ivikele impahla yayo. Kodwa lesi sixhumanisi sidinga futhi ukuhlanganiswa ngendlela efanele esithombeni esiphelele, ngoba ngisho ne-SEG, ngokucushwa okufanele, ingashintshwa ibe yindlela yokuvikela egcwele.
U-Ksenia Sadunina, umeluleki womnyango ochwepheshe othengisa imikhiqizo nezinsizakalo zeSolar JSOC
Source: www.habr.com