Riaan Bheka wonke amaseshini adingeka kakhulu ku-Intelligent Security Summit lapha.
I-Ransomware abahlaseli bathola izindlela ezintsha zokuxhaphaza ubuthakathaka bezokuphepha bezinhlangano ngokuhlomisa ubungozi obudala.
Ukuhlanganisa amathuluzi okuhlasela e-ransomware esikhathi eside nakamuva I-AI futhi ukufunda ngomshini ubuchwepheshe, izinhlangano zobugebengu obuhleliwe kanye usongo oluqhubekayo oluqhubekayo (APT) amaqembu qhubeka nokusungula amabhizinisi amasha.
Umbiko omusha ovela I-Cyber Security Works (CSW), I-Ivanti, I-Cyware futhi I-Securin iveza inani elibi le-ransomware ezinhlanganweni emhlabeni jikelele ngo-2022. Futhi u-76% wobungozi okwamanje obuxhashazwa amaqembu e-ransomware atholwe okokuqala phakathi kuka-2010 no-2019.
I-ajenda ephezulu ye-Ransomware yama-CISO, abaholi bomhlaba ngokufanayo
I 2023 Spotlight Report enesihloko esithi “Ransomware Through the Lens of Threat and Vulnerability Management” ihlonze ubungozi obusha obungu-56 obuhlobene nezinsongo ze-ransomware ngo-2022, zafinyelela inani elingama-344 — ukukhuphuka okungu-19% ngaphezu kokungu-288 okwakutholwe kusukela ngo-2021. Iphinde yathola ukuthi kusukela 264 ubungozi obudala, 208 banokuzuza okutholakala esidlangalaleni.
Kunobuthakathaka obungu-160,344 obusohlwini Lwedatha Yedatha Yengozi Kazwelonke (NVD), lapho u-3.3% (5,330) wabo uyingxenye yezinhlobo zokuxhaphaza eziyingozi kakhulu – ukukhishwa kwekhodi yerimothi (RCE) kanye nokwenyuka kwelungelo (PE). Ezingozini zezikhali ezingu-5,330, ezingu-344 zihlotshaniswa nemindeni engu-217 ye-ransomware kanye namaqembu angu-50 okusongela okuqhubekayo (APT), okuwenza abe yingozi kakhulu.
“I-Ransomware ibaluleke kakhulu kuzo zonke izinhlangano, kungaba ezimbonini ezizimele noma zomphakathi,” kusho uSrinivas Mukkamala, oyisikhulu semikhiqizo kwa-. I-Ivanti. “Ukulwa ne-ransomware kubekwe phambili ohlwini lwezinhlelo zabaholi bomhlaba ngenxa yokukhuphuka kwenani elibhekene nezinhlangano, imiphakathi nakubantu ngabanye. Kubalulekile ukuthi zonke izinhlangano ziyiqonde ngempela indawo yazo yokuhlasela futhi zinikeze ukuphepha okuqinile enhlanganweni yazo ukuze zikwazi ukumelana nokuhlasela okwandayo.”
Lokho abahlaseli be-ransomware abakwaziyo
Ubugebengu obuhleliwe obuxhaswe kahle kanye namaqembu e-APT anikezela amalungu amathimba awo ekufundeni amaphethini okuhlasela kanye nokuba sengozini okudala angakwazi ukukukhomba kungabonwa. Umbiko we-Spotlight wango-2023 uthola ukuthi abahlaseli be-ransomware bavame ukundiza ngaphansi kwe-radar yezikena ezisengozini, okuhlanganisa lezo ze-Nessus, Nexpose kanye ne-Qualys. Abahlaseli bakhetha ukuthi ibuphi ubungozi obudala okufanele buhlasele ngokusekelwe ekutheni bangagwema kanjani ukutholwa.
Ucwaningo luhlonze ubungozi obungu-20 obuhlobene ne-ransomware lapho ama-plugin namasiginesha okutholayo angakatholakali. Ababhali balolu cwaningo baveza ukuthi lokho kubandakanya bonke ubungozi obuhlobene ne-ransomware ababuhlonze ekuhlaziyeni kwabo phakathi nekota edlule, ngezengezo ezimbili ezintsha – I-CVE-2021-33558 (Bowa) futhi CVE-2022-36537 (Zkoss).
I-VentureBeat ifunde ukuthi abahlaseli be-ransomware baphinde babeke phambili ukuthola izinqubomgomo zezinkampani zomshuwalense we-cyber kanye nemikhawulo yazo yokuvikela. Bafuna isihlengo ngenani eliphelele lenkampani. Lokhu kuthola kuyajabulisa ngengxoxo yevidiyo esanda kuqoshwa evela ku-Paul Furtado, umhlaziyi we-VP, u-Gartner. Ukuhlaselwa kwe-Ransomware: Okudingeka Abaholi Be-IT Bakwazi Ukukulwa ikhombisa ukuthi lo mkhuba wande kangakanani nokuthi kungani ukuhlomisa ubungozi obudala kudume kangaka namuhla.
UFurtado uthe “abadlali ababi bebecela inkokhelo ye-ransomware engu-$2 million. [The victim] utshele abalingisi ababi ukuthi abanawo amaRandi ayizigidi ezimbili. Ngokulandelayo, abalingisi abangalungile babe sebebathumelela ikhophi yomshwalense wabo obonisa ukuthi bayasebenza.
“Into eyodwa okufanele uyiqonde nge-ransomware, ngokungafani nanoma yiluphi olunye uhlobo lwesigameko sokuphepha esenzekayo, ibeka ibhizinisi lakho esibali sikhathi sokubala.”
Ukuba sengozini kwezikhali kusabalala ngokushesha
Izinhlangano ezisezingeni eliphakathi zivame ukushayeka kakhulu ngokuhlaselwa kwe-ransomware ngoba kuncane i-cybersecurity izabelomali abangakwazi ukuzikhokhela ukuze bangeze abasebenzi ukuze bavikeleke.
Sophos‘isifundo sakamuva ithole ukuthi izinkampani ezisembonini yokukhiqiza zikhokha izihlengo eziphezulu kakhulu, ezifinyelela ku-$2,036,189, ngaphezu kwesilinganiso semboni ehlukahlukene esingu-$812,000. Ngezingxoxo nama-CEO nama-COO abakhiqizi abasezingeni eliphakathi, i-VentureBeat ikufundile lokho ukuhlaselwa kwe-ransomware kufinyelele emazingeni obhubhane lwedijithali kulo lonke elaseNyakatho Melika ngonyaka odlule futhi uqhubeke ukhula.
Abahlaseli be-Ransomware bakhetha okuqondiwe okuthambile futhi baqalise ukuhlasela lapho kunzima kakhulu kubasebenzi be-IT besigaba esimaphakathi noma ibhizinisi elincane ukuthi basabele. “Amaphesenti angu-76 akho konke ukuhlaselwa kwe-ransomware kuzokwenzeka ngemva kwamahora okusebenza. Izinhlangano eziningi ezishaywayo ziqondiswe ezikhathini ezilandelayo; kunamathuba angu-80% okuthi uzoqondiswa futhi phakathi kwezinsuku ezingu-90. Amaphesenti angamashumi ayisishiyagalolunye akho konke ukuhlaselwa kwe-ransomware ashaya izinkampani ezinemali engaphansi kwezigidigidi zamaRandi,” kweluleka uFurtado engxoxweni yevidiyo.
Abahlaseli be-Cyberate bayazi ukuthi yini okufanele bayibheke
Ukuhlonza ubungozi obudala kuyisinyathelo sokuqala sokuzihlomisa. Okutholwe okuphawuleka kakhulu kwalolu cwaningo kubonisa ukuthi ubugebengu obuhleliwe obusezingeni eliphezulu kanye namaqembu e-APT baba kanjani ekutholeni ubungozi obuthaka kakhulu ongabusebenzisa. Nazi izibonelo ezimbalwa kweziningi ezivela embikweni:
Ukubulala amaketanga anomthelela emikhiqizweni ye-IT eyamukelwa kabanzi
Ukwenza imephu bonke ubungozi be-344 obuhlobene ne-ransomware, ithimba locwaningo likhombe ukukhubazeka okuyingozi okungu-57 okungase kusetshenziswe, kusukela ekufinyeleleni kokuqala kuya ekuchithweni. I-MITER ATT&CK ephelele manje isikhona kulabo sengozini engama-57.
Amaqembu e-Ransomware angasebenzisa amaketanga okubulala ukuze asebenzise ubungozi obuhlanganisa imikhiqizo engu-81 evela kubathengisi abafana ne-Microsoft, Oracle, F5, VMWare, Atlassian, Apache kanye ne-SonicWall.
I-MITER ATT&CK kill chain iyimodeli lapho isigaba ngasinye sokuhlasela kwe-inthanethi singachazwa, sichazwe futhi silandelelwe, sibuke ngeso lengqondo umnyakazo ngamunye owenziwe umhlaseli. Iqhinga ngalinye elichazwe phakathi kochungechunge lokubulala linamasu amaningi okusiza umhlaseli afeze umgomo othile. Lolu hlaka luphinde lube nezinqubo ezinemininingwane zenqubo ngayinye, futhi lubeka ikhathalogi yamathuluzi, izivumelwano kanye nezinhlobo ze-malware ezisetshenziswa ekuhlaselweni komhlaba wangempela.
Abacwaningi bezokuphepha basebenzisa lezi zinhlaka ukuze baqonde amaphethini okuhlasela, bathole ukuchayeka, bahlole ukuzivikela kwamanje futhi balandelele amaqembu abahlaseli.
Amaqembu e-APT aqala ukuhlasela kwe-ransomware enolakaly
I-CSW ibone amaqembu angaphezu kuka-50 e-APT aqala ukuhlasela kwe-ransomware, okuwukukhuphuka okungama-51% ukusuka ku-33 ngo-2020. Amaqembu amane e-APT – DEV-023, DEV-0504, DEV-0832 kanye ne-DEV-0950 – ayesanda kuhlotshaniswa ne-ransomware ku-Q4 2022 futhi afakwa. ukuhlasela okukhubazayo.
Umbiko uthola ukuthi enye yezindlela eziyingozi kakhulu ukuthunyelwa kwe-malware ne-ransomware njengesandulela sempi yangempela. Ekuqaleni kuka-2022, ithimba labacwaningi labona ukwanda kwempi phakathi kweRussia ne-Ukraine lapho laba bakamuva bahlaselwa amaqembu e-APT ahlanganisa i-Gamaredon (Primitive Bear), i-Nobelium (APT29), i-Wizard Spider (Grim Spider) kanye ne-Ghostwriter (UNC1151) eqondise kwe-Ukraine ebucayi. ingqalasizinda.
Ithimba labacwaningi liphinde labona opharetha be-Conti ransomware bememezela ngokukhululekile ukwethembeka kwabo eRussia futhi behlasela i-US namanye amazwe aye asekela i-Ukraine. Sikholelwa ukuthi lo mkhuba uzoqhubeka nokukhula. Kusukela ngoDisemba 2022, amaqembu angu-50 e-APT asebenzisa i-ransomware njengesikhali ongasikhetha. Phakathi kwabo, iRussia isahola iphakethe elinamaqembu ayi-11 aqinisekisiwe afuna ukuthi adabuka ezweni futhi asebenzisana nezwe. Phakathi kwezidume kabi kulesi sifunda kukhona i-APT28/APT29.
Imikhiqizo eminingi yesofthiwe yebhizinisi ethintwa izinkinga zomthombo ovulekile
Isebenzisa kabusha umthombo ovulekile ikhodi emikhiqizweni yesofthiwe iphindaphinda ubungozi, njengaleyo etholakala ku-Apache Log4j. Isibonelo, i-CVE-2021-45046, ukuba sengozini kwe-Apache Log4j, ikhona emikhiqizweni engama-93 evela kubathengisi abayi-16. I-AvosLocker ransomware iyasizakala. Okunye ukuba sengozini kwe-Apache Log4j, i-CVE-2021-45105, ikhona emikhiqizweni engu-128 evela kubathengisi abayi-11 futhi iphinde ixhashazwe yi-AvosLocker ransomware.
Ukuhlaziywa okwengeziwe kwama-CVE okwenziwa ithimba labacwaningi kugqamisa ukuthi kungani abahlaseli be-ransomware bephumelela ukusebenzisa i-ransomware ngezikali. Amanye ama-CVE amboza izinkundla eziningi zesoftware yebhizinisi ehamba phambili nezinhlelo zokusebenza.
Enye yi-CVE-2018-363, ubungozi kubathengisi abangama-26 kanye nemikhiqizo engama-345. Okuphawulekayo phakathi kwalabo bathengisi kukhona iRed Hat, i-Oracle, i-Amazon, iMicrosoft, i-Apple ne-VMWare.
Lokhu kuba sengozini kukhona emikhiqizweni eminingi, okuhlanganisa i-Windows Server kanye ne-Enterprise Linux Server, futhi kuhlotshaniswa ne-Stop ransomware. Ithimba labacwaningi lithole ukuthi lobu bungozi buthrendayo ku-inthanethi ngasekupheleni konyaka odlule.
I-CVE-2021-44228 ingenye ingozi ye-Apache Log4j. Ikhona emikhiqizweni engu-176 evela kubathengisi abangu-21, ikakhulukazi i-Oracle, i-Red Hat, i-Apache, i-Novell, i-Amazon, i-Cisco ne-SonicWall. Lokhu kuba sengozini kwe-RCE kuxhashazwa amaqembu ayisithupha e-ransomware: i-AvosLocker, i-Conti, i-Khonsari, i-Night Sky, i-Cheerscrypt ne-TellYouThePass.
Lokhu kuba sengcupheni, nakho, kuyiphuzu lokuthakaselayo kubageli, futhi kutholwe kuthrenda kusukela ngomhla ka-10 Disemba 2022, yingakho i-CISA ikufake njengengxenye yekhathalogi ye-CISA KEV.
I-Ransomware iwuzibuthe wabahlaseli abanolwazi
Ukuhlasela kwe-Cyberate kusetshenziswa i-ransomware kuya kuba yingozi kakhulu futhi kwenza inzuzo enkulu, iheha ubugebengu obuhleliwe obuyinkimbinkimbi kakhulu nobuxhaswa ngezimali kahle kanye namaqembu e-APT emhlabeni jikelele. “Abadlali abasabisayo baya ngokuya bekhomba amaphutha ekuhlanzekeni kwe-inthanethi, okuhlanganisa nezinqubo zokulawula ubungozi befa,” u-Ivanti’s Mukkamala etshela i-VentureBeat. “Namuhla, amaqembu amaningi ezokuphepha nawe-IT alwela ukuhlonza ubungozi bomhlaba wangempela obubangelwa ubungozi, ngakho-ke, ukubeka phambili ngokungafanele ubungozi ukuze bulungiswe.
“Ngokwesibonelo,” eqhubeka, “okuningi kuchibiyela kuphela ubungozi obusha noma lezo ezidalulwe ku-NVD. Abanye basebenzisa kuphela i-Common Vulnerability Scoring System (CVSS) ukuze bathole amaphuzu futhi babeke phambili ubungozi.”
Abahlaseli be-Ransomware bayaqhubeka nokubheka izindlela ezintsha zokuhlomisa ubungozi obudala. Imininingwane eminingi eyabiwe Kumbiko Osobala Wango-2023 izosiza ama-CISO namathimba awo okuvikela ukuthi azilungiselele njengoba abahlaseli befuna ukuletha imithwalo eyingozi kakhulu ye-ransomware ebalekela ukutholwa – futhi bafuna izinkokhelo ezinkulu ze-ransomware.
Umsebenzi we-VentureBeat kufanele kube isikwele sedolobha esidijithali sabenzi bezinqumo zobuchwepheshe ukuze bathole ulwazi mayelana nobuchwepheshe bebhizinisi obushintshayo kanye nokuhwebelana. Thola Okufingqiwe kwethu.
