Uphando lwe-Sophos Active Adversary Playbook 2022 lutyhila 'ixesha lokuhlala kwi-cybercriminals kunxibelelwano lwamaxhoba abo' linyuke ngama-36%.

Sophos, inkokeli yehlabathi kwisizukulwana esilandelayo se-cybersecurity, epapashwe namhlanje "Incwadi yokudlala yoMchasi osebenzayo ka-2022 ", il report che riassume i comportamenti cybercriminali osservati sul campo dal team Rapid Response di Sophos nel corso del 2021.

Idatha evele kuphando ibonisa a Ukunyuka kwe-36% kwixesha abaphuli-mthetho be-cyber bahlala ngaphakathi kweenkqubo ezichaphazelekayo ngo-2021 nomndilili weentsuku ezili-15 xa kuthelekiswa ne-11 ngo-2020.

Ingxelo ikwaqaqambisa ifuthe lobuthathaka beProxyShell ngaphakathi kweMicrosoft Exchange, leyo uSophos akholelwa ukuba ixhatshazwa ngabathile abaQalayo boFikelelo lweeBroker (IABs) ukophula uthungelwano kwaye baphinde bathengise ukufikelela kwabo kwabanye.

“Ilizwe lolwaphulo-mthetho kwi-intanethi liye lahluka ngendlela emangalisayo kwaye likhethekile. I I-Broker yoFikelelo lokuqala (ezibonelela ishishini lolwaphulo-mthetho lwe-cyber ukufikelela kwiinkqubo ze-IT ezihlangeneyo) baphuhlise ishishini lokwenyani elingena ekujoliswe kuko, liphonononga imeko-bume yalo ye-IT okanye lifakele ucango olungemva, lize liphinde lithengise ukufikelela kumaqela emigulukudu ajongene nalo. ransomware uyachaza uJohn Shier, umcebisi omkhulu wezokhuseleko eSophos. “Kule meko iguqukayo nekhethekileyo, kunokuba nzima kwiinkampani ukugcina isantya sokuvela kwezixhobo kunye neendlela ezisetyenziswa ngabaphulimthetho be-cyber. Kubalulekile ukuba umkhuseli azi ukuba ajonge ntoni kwinqanaba ngalinye lokulandelelana kohlaselo, ukuze bakwazi ukubona kwaye banciphise iinzame zokwaphula ngokukhawuleza kangangoko kunokwenzeka ”.

Uphando lwe-Sophos lukwabonisa ukuba ixesha lokuhlala labangeneleli lide kwiindawo ze-IT zeshishini kunoninzi encinci: malunga neentsuku ezingama-51 ngokwenyani kunye nabasebenzi abangama-250 ngokuchasene neentsuku ezingama-20 kwabo banabasebenzi abangama-3.000 ukuya kuma-5.000.

“Abaphuli-mthetho be-intanethi babeka ixabiso elikhulu kwiinkampani ezinkulu, ngoko bayakhuthazeka ngakumbi ukuba bangene, benze oko bafanele bakwenze, baze baphume. Iinkampani ezincinci zinexabiso eliphantsi lokuqondwa 'kwexabiso', ukuze abahlaseli bakwazi ukuhlala ngaphakathi kwinethiwekhi ixesha elide. Kwakhona kunokwenzeka ukuba kwezi meko abahlaseli abanamava amancinci kwaye ngoko ke bathathe ixesha elide lokuqonda ukuba benze ntoni kanye ngaphakathi kwinethiwekhi. Amashishini amancinci nawo ngokubanzi abonakale kancinci kulandelelwano lohlaselo kwaye ngenxa yoko abe nexesha elinzima lokufumanisa kunye nokunciphisa ulwaphulo-mthetho, ngaloo ndlela bandisa ubukho babaphuli-mthetho, ”utshilo uShier. “Ngamathuba avela kubuthathaka obungasonjululwanga beProxyLogon kunye neProxyShell kunye nokusasazeka kwe-Intial Access Brokers, siya sijonga ngakumbi abahlaseli abaninzi kwixhoba elinye. Ukuba kukho izaphuli-mthetho ezininzi kuthungelwano, ngamnye kubo uya kufuna ukwenza ngokukhawuleza kangangoko anako ukubetha ukhuphiswano ngexesha ”.

 Phakathi kwezona datha zifanelekileyo ziye zavela, oku kulandelayo kufuneka kuqatshelwe:

• Ubude bexesha eliphakathi abakwa-cybercriminal bahlala ngaphambi kokuba babhaqwe bukhulu kungenelelo olufihlakeleyo olungabangeli uhlaselo olucacileyo njenge-ransomware, kunye namashishini amancinci kunye namacandelo amancinci amashishini anezixhobo zokhuseleko ze-IT ezimbalwa. Ixabiso eliphakathi lexesha lokuhlala kwiinkampani ezichatshazelwa yi-ransomware yaba 11 iintsuku. Kwi ityala lokuphulwa okungazange kulandelwe luhlaselo olucacileyo olufana ne-ransomware (i-23% yazo zonke iziganeko ezihlalutyiweyo), i-median yayiyi-34 iintsuku. Iinyani zecandelo lesikolo okanye ukuba nabasebenzi abangaphantsi kwama-500 barekhode amaxesha amade okuhlala.

• Amaxesha amade okuhlala kunye neendawo zokungena ezivulekileyo zishiya iinkampani zichanabeke kuhlaselo oluninzi. Kwakukho ubungqina bamatyala apho inkampani enye yayiphantsi kohlaselo oluvela kwiintshaba ezininzi ezifana ne-IAB, amaqela emigulukudu asebenza kwi-ri-ansomware, i-cryptominers kwaye ngamanye amaxesha nabaqhubi badityaniswe ne-ransomware eninzi.

• Nangona ukuncipha kokusetyenziswa kweProtocol ye-Remote Desktop (RDP) yokufikelela kwangaphandle, abahlaseli baye bandisa ukusetyenziswa kwayo kwiinjongo zentshukumo zangaphakathi. Ngo-2020, i-RDP yasetyenziselwa imisebenzi yangaphandle kwi-32% yamatyala ahlalutyiweyo, inani lehle laya kutsho kwi-13% ngowama-2021. Ngelixa olu tshintsho lwamkelekile kwaye lucebisa ulawulo olungcono lweendawo zohlaselo lwangaphandle ziinkampani, abaphuli-mthetho be-intanethi bayaqhubeka nokusebenzisa kakubi i-RDP kwiintshukumo zabo zangaphakathi zangaphakathi. USophos wafumanisa ukuba ukusetyenziswa kwe-RDP yeentshukumo zangaphakathi zangaphakathi kwenzeka kwi-82% yamatyala ahlalutyiweyo ngo-2021. ukulawula il 69% del 2020

• Iindibaniselwano eziqhelekileyo zezixhobo ezisetyenziselwa ukuhlasela ziluphawu lwesilumkiso somsebenzi ongafunwayo. Umzekelo, uhlalutyo lweziganeko zokhuseleko lwafumanisa ukuba izikripthi zabonwa ngo-2021 Imibhalo engalunganga ye-PowerShell kunye ne-non-PowerShell kunye ne-64% yexesha; I-PowerShell kunye ne-Cobalt Strike kunye kwi-56% yamatyala; Kwaye I-PowerShell kunye ne-PSExec kunye kwi-51% yamatyala. Ukufunyanwa konxulumano olunjalo kunokusebenza njengesilumkiso kwangethuba sohlaselo oluzayo okanye njengesiqinisekiso sohlaselo oluqhubekayo.

• I-50% yeziganeko ze-ransomware eziqatshelweyo zibandakanya ukukhutshwa kwedatha - kunye nedatha ekhoyo, ikhefu eliphakathi phakathi kokubiwa kwedatha kunye nokusebenza kwe-ransomware yayiyi-4,28 iintsuku. I-73% yeziganeko apho uSophos wangenelela ngo-2021 ubandakanya amatyala e-ransomware. Kwezi, i-50% ikwabandakanya ukukhutshwa kwedatha. I-Exfiltration idla ngokuba sisigaba sokugqibela sohlaselo ngaphambi kokuba i-ransomware isebenze, kwaye uhlalutyo lwesiganeko lubalwe ikhefu eliphakathi kweziganeko ezimbini zeentsuku ze-4,28 kunye ne-median yeentsuku ze-1,84.

• I-Conti yayiliqela lemigulukudu uninzi lwe-ransomware phakathi kwezo zibonwe ngo-2021, zinoxanduva lwe-18% yezehlo zizonke. I-ransomware Bubi kubandakanyeke isiganeko esi-1 kwezili-10, ngoxa ezinye iintsapho ezazixhaphakile ze-ransomware zazinjalo Icala elimnyama, I-RaaS inetyala lokuhlaselwa kweMibhobho yeColonial e-USA, e Ubukhosi Bamnyama, enye yeentsapho "ezintsha" ze-ransomware evele ngo-Matshi ka-2021 emva kokuba sesichengeni se-ProxyLogon. Abasebenzisi be-ransomware abahlukeneyo abangama-41 bachongiwe kwiziganeko ze-144 ezigutyungelwe luhlalutyo; kwezi, 28 ngamaqela amatsha aqala ukuvela ngo-2021. Imigewu elishumi elinesibhozo ejongene neengozi ngo-2020 yanyamalala kuluhlu luka-2021.

"Iimpawu ezimele zilumkise abaphathi bezokhuseleko ze-IT ziquka ukufunyanwa kwesixhobo, ukudibanisa izixhobo okanye imisebenzi kwindawo engalindelekanga kwinethiwekhi okanye ngexesha elingalindelekanga," kuchaza uShier. “Kufanelekile ukukhumbula ukuba kusenokubakho amaxesha okwenziwa kancinci okanye kungabikho nto, kodwa oko akuthethi ukuba inkampani ayikagezelwanga. Kusenokwenzeka, ngokomzekelo, uninzi lokunyhashwa kweProxyLogon okanye iProxyShell kunoko kwaziwa ngoku, apho amaqokobhe ewebhu kunye neecango ezingemva zifakelwe ukufumana ufikelelo oluzingileyo kwaye ngoku ezihlala zingasebenzi de ukufikelela kusetyenziswe okanye kuthengiswe kwakhona kwabanye. Iipetshi kufuneka zisetyenziswe ukulungisa iimpazamo ezibalulekileyo, ngakumbi kwisoftware eyaziwayo kwaye, njengento ephambili, yomeleza ukhuseleko lweenkonzo zokufikelela kude. Kude kube iindawo zokungena eziveziweyo zivaliwe kwaye yonke into eyenziwe ngabahlaseli ukuseka nokugcina ukufikelela isusiwe, nabani na uya kukwazi ukungena kunye nabo, kwaye mhlawumbi uya ”.

Uphononongo lwe-Sophos Active Adversary Playbook 2022 lusekelwe kwiziganeko ze-144 ezenzeke ngo-2021 kwiinkampani zabo bonke ubukhulu kunye namacandelo oshishino akula mazwe alandelayo: USA, Canada, UK, Germany, Italy, Spain, France, Switzerland, Belgium, Netherlands , EOstriya, eUnited Arab Emirates, eSaudi Arabia, ePhilippines, eBahamas, eAngola naseJapan.

Awona macandelo amelweyo ngamashishini (17%), ukuthengisa (14%), ukhathalelo lwempilo (13%), IT (9%), ulwakhiwo (8%) kunye nesikolo (6%).

Injongo yengxelo yeSophos kukunceda abaphathi be-cybersecurity baqonde ukuba benza ntoni abachasi babo ngexesha lokuhlaselwa kunye nendlela yokufumanisa nokuzikhusela kwimisebenzi engalunganga ejikeleza kwinethiwekhi. Ukufumana ulwazi oluthe kratya malunga nokuziphatha, izixhobo kunye nobuchule be-cybercriminal, bona iSophos Active Adversary Playbook 2022 kwiSophos News.