Cabanga ukuvula i-imeyili ebonakala ijwayelekile, bese kuthi ngomzuzu olandelayo, i-akhawunti yakho yasebhange ingabi nalutho. Noma uphequlula iwebhu lapho isikrini sakho sikhiya bese kuvela umlayezo wesihlengo. Lezi zigcawu aziwona ama-movie esayensi, kodwa izibonelo zangempela zokuhlaselwa kwe-inthanethi. Kulesi sikhathi se-inthanethi yazo zonke izinto, i-inthanethi ayilona nje ibhuloho elilula, kodwa futhi iyindawo yokuzingela yabaduni. Kusukela kubumfihlo bomuntu siqu kuya ezimfihlweni zezinkampani kuya ekuphepheni kwezwe, ukuhlaselwa kwe-inthanethi kukhona yonke indawo, futhi amandla abo obuqili nokubhubhisa ayathusa. Yiziphi izihlaselo ezisongelayo? Zisebenza kanjani, futhi yini okufanele yenziwe ngakho? Ake sibheke izihlaselo ze-inthanethi eziyisishiyagalombili ezivame kakhulu, ezikuyisa ezweni elijwayelekile nelingajwayelekile.
I-Malware
1. Kuyini i-Malware? I-Malware uhlelo oluyingozi olwenzelwe ukulimaza, ukweba, noma ukulawula uhlelo lomsebenzisi. Ingena ngokunyenya kumadivayisi abasebenzisi ngezindlela ezibonakala zingenangozi njengezinamathiselo ze-imeyili, izibuyekezo zesofthiwe ezifihliwe, noma ukulandwa kwewebhusayithi okungekho emthethweni. Uma isisebenza, i-malware ingantshontsha ulwazi olubucayi, ibethele idatha, isuse amafayela, noma iguqule idivayisi ibe "yi-puppet" yomhlaseli.
2. Izinhlobo ezivamile ze-malware
Igciwane:Kunamathiselwe ezinhlelweni ezisemthethweni, ngemva kokusebenzisa, ukuziphindaphinda, ukutheleleka kwamanye amafayela, okuholela ekuwohlokeni kokusebenza kwesistimu noma ekulahlekelweni kwedatha.
Isibungu:Ingasakazeka ngokuzimela ngaphandle kohlelo lomsingathi. Kuvamile ukuzisakazela ngokwako ngokusebenzisa ubuthakathaka benethiwekhi futhi kudle izinsiza zenethiwekhi. IThrojani: Ukuzenza isofthiwe esemthethweni yokunxenxa abasebenzisi ukuthi bafake umnyango wangemuva ongalawula amadivayisi kude noma webe idatha.
I-Spyware:Ukuqapha ngasese ukuziphatha komsebenzisi, ukuqopha ukuchofoza noma umlando wokuphequlula, okuvame ukusetshenziswa ukweba amaphasiwedi nolwazi lwe-akhawunti yasebhange.
I-Ransomware:Ukukhiya idivayisi noma idatha ebethelwe ukuze kutholakale isihlengo sokuyivula kuye kwanda kakhulu eminyakeni yamuva.
3. Ukusabalala Nokulimala I-Malware ivame ukusabalala ngemidiya ebonakalayo njenge-imeyili ye-phishing, i-Malvertising, noma okhiye be-USB. Ukulimala kungafaka phakathi ukuvuza kwedatha, ukwehluleka kwesistimu, ukulahlekelwa yizimali, ngisho nokulahlekelwa idumela lenkampani. Isibonelo, i-malware ye-Emotet ka-2020 yaba yiphupho elibi lokuphepha kwebhizinisi ngokuthelela izigidi zamadivayisi emhlabeni jikelele ngamadokhumenti e-Office afihliwe.
4. Amasu okuvimbela
• Faka futhi ubuyekeze njalo isofthiwe yokulwa namagciwane ukuze uskene amafayela asolisayo.
• Gwema ukuchofoza izixhumanisi ezingaziwa noma ukulanda isofthiwe emithonjeni engaziwa.
• Yenza isipele sedatha ebalulekile njalo ukuze uvimbele ukulahlekelwa okungenakuguqulwa okubangelwa yi-ransomware.
• Nika amandla ama-firewall ukuze unciphise ukufinyelela kwenethiwekhi okungagunyaziwe.
I-Ransomware
1. Indlela iRansomware esebenza ngayo IRansomware uhlobo olukhethekile lwe-malware oluvala ngqo idivayisi yomsebenzisi noma lubethele idatha ebalulekile (isb., amadokhumenti, izizindalwazi, ikhodi yomthombo) ukuze isisulu singakwazi ukuyifinyelela. Abahlaseli bavame ukufuna inkokhelo ngama-cryptocurrencies anzima ukuwalandela njenge-bitcoin, futhi basongela ngokubhubhisa idatha unomphela uma inkokhelo ingenziwa.
2. Amacala Ajwayelekile
Ukuhlasela kweColonial Pipeline ngo-2021 kwashaqisa umhlaba. I-DarkSide ransomware yavala uhlelo lokulawula lwepayipi elikhulu likaphethiloli oGwini Olusempumalanga ye-United States, okwabangela ukuba ukuphakelwa kukaphethiloli kuphazanyiswe futhi abahlaseli bafuna isihlengo samaRandi ayizigidi ezingu-4.4. Lesi sigameko saveza ubuthakathaka bengqalasizinda ebalulekile kwi-ransomware.
3. Kungani i-ransomware iyingozi kangaka?
Ukufihla okuphezulu: I-Ransomware ivame ukusabalala ngobunjiniyela bezenhlalo (isb., ukuzenza ama-imeyili asemthethweni), okwenza kube nzima ngabasebenzisi ukuyibona.
Ukusabalala okusheshayo: Ngokusebenzisa ubuthakathaka benethiwekhi, i-ransomware ingathelela ngokushesha amadivayisi amaningi ngaphakathi kwebhizinisi.
Ukululama okunzima: Ngaphandle kwesipele esisebenzayo, ukukhokha isihlengo kungaba yindlela kuphela, kodwa kungase kungenzeki ukuthola idatha ngemva kokukhokha isihlengo.
4. Izindlela Zokuzivikela
• Yenza isipele sedatha njalo ungaxhunyiwe ku-inthanethi ukuqinisekisa ukuthi idatha ebalulekile ingabuyiselwa ngokushesha.
• Uhlelo Lokuthola Nokuphendula I-Endpoint (EDR) lwasetshenziswa ukuqapha ukuziphatha okungajwayelekile ngesikhathi sangempela.
• Qeqesha abasebenzi ukuthi bathole ama-imeyili obugebengu bokweba imininingwane ukuze bangabi yizigebengu zokuhlasela.
• Ukulungisa ubuthakathaka besistimu kanye nesofthiwe ngesikhathi ukuze kuncishiswe ingozi yokungena.
Ubugebengu bokweba imininingwane ebucayi
1. Uhlobo Lokuqola I-Phishing
I-Phishing uhlobo lokuhlasela kobunjiniyela bezenhlalo lapho umhlaseli, ezenza inhlangano ethembekile (njengebhange, ipulatifomu ye-e-commerce, noma osebenza naye), ebangela isisulu ukuthi sidalule ulwazi olubucayi (njengamaphasiwedi, izinombolo zekhadi lesikweletu) noma sichofoze isixhumanisi esinonya nge-imeyili, umlayezo wombhalo, noma umlayezo osheshayo.
2. Amafomu Avamile
• Ubugebengu bokweba imininingwane nge-imeyili: Ama-imeyili asemthethweni angamanga ukuze ahehe abasebenzisi ukuthi bangene kumawebhusayithi angamanga futhi bafake iziqinisekiso zabo.
Ukuhlasela nge-Spear Phishing: Ukuhlasela okwenziwe ngendlela efanele okuqondiswe kumuntu othile noma eqenjini elinesilinganiso sempumelelo esiphezulu.
• Ukumamatheka: Ukuthumela izaziso mbumbulu ngemiyalezo yombhalo ukuze uhehe abasebenzisi ukuthi bachofoze izixhumanisi ezinonya.
• Ukufisa: ukuzenza umuntu onegunya ocingweni ukuze athole ulwazi oluyimfihlo.
3. Izingozi Nemiphumela
Ukuhlaselwa kwe-phishing kushibhile futhi kulula ukukusebenzisa, kodwa kungabangela ukulahlekelwa okukhulu. Ngo-2022, ukulahlekelwa kwezimali emhlabeni wonke ngenxa yokuhlaselwa kwe-phishing kwafinyelela ezigidigidini zamaRandi, okubandakanya ama-akhawunti omuntu siqu abiwe, ukwephulwa kwedatha yezinkampani, nokuningi.
4. Amasu Okubhekana Nezinkinga
• Hlola kabili ikheli lomthumeli ukuze ubone ukuthi alinawo yini amaphutha noma amagama esizinda angajwayelekile.
• Nika amandla ukuqinisekiswa kwezinto eziningi (i-MFA) ukuze unciphise ubungozi noma ngabe amaphasiwedi asengozini.
• Sebenzisa amathuluzi okulwa nobugebengu bokweba imininingwane ebucayi ukuze uhlunge ama-imeyili nezixhumanisi eziyingozi.
• Qeqesha njalo ukuqwashisa ngokuphepha ukuze uthuthukise ukuqapha kwabasebenzi.
Usongo Oluqhubekayo Oluthuthukisiwe (i-APT)
1. Incazelo ye-APT
Usongo oluqhubekayo oluqhubekayo (i-APT) luwukuhlasela kwe-inthanethi okuyinkimbinkimbi, kwesikhathi eside, okuvame ukwenziwa amaqembu abaphangi be-inthanethi ezingeni likahulumeni noma amaqembu ezigebengu. Ukuhlasela kwe-APT kunendawo ecacile kanye nezinga eliphezulu lokwenza ngokwezifiso. Abahlaseli bangena ngezigaba eziningi futhi bacashe isikhathi eside ukuze bebe idatha eyimfihlo noma bonakalise uhlelo.
2. Ukugeleza Kokuhlasela
Ukungena kokuqala:Ukuthola ukungena ngama-imeyili e-phishing, ukuxhashazwa, noma ukuhlaselwa kwe-supply chain.
Misa indawo:Faka iminyango yangemuva ukuze ugcine ukufinyelela kwesikhathi eside.
Ukunyakaza Kwaseceleni:ukusabalala ngaphakathi kwenethiwekhi eqondiwe ukuze kutholakale igunya eliphakeme.
Ukwebiwa Kwedatha:Ukukhipha ulwazi olubucayi njengempahla yobuhlakani noma imibhalo yamasu.
Mboza Umkhondo:Susa ilogi ukuze ufihle ukuhlaselwa.
3. Amacala Ajwayelekile
Ukuhlasela kweSolarWinds ngo-2020 kwakuyisigameko se-APT esivamile lapho abaphangi bafaka khona ikhodi enonya ngokuhlasela kochungechunge lokuhlinzeka, okuthinta izinkulungwane zamabhizinisi nezinhlangano zikahulumeni emhlabeni wonke futhi beba idatha eningi ebucayi.
4. Amaphuzu Okuzivikela
• Sebenzisa uhlelo lokuthola ukungena (i-IDS) ukuze uqaphe ithrafikhi yenethiwekhi engajwayelekile.
• Sebenzisa isimiso selungelo elincane kakhulu ukuze unciphise ukunyakaza kwezinhlangothi zabahlaseli.
• Yenza ukuhlolwa kwezokuphepha njalo ukuze kutholakale amathuba okuba khona kweminyango engemuva.
• Sebenzisana namapulatifomu obuhlakani bokusongela ukuze uthwebule izitayela zakamuva zokuhlasela.
Indoda Ekuhlaselweni Okuphakathi (i-MITM)
1. Ukuhlasela komuntu ophakathi nendawo kusebenza kanjani?
Ukuhlasela komuntu ophakathi nendawo (i-MITM) kwenzeka lapho umhlaseli efaka, ebamba, futhi elawula ukudluliswa kwedatha phakathi kwamaqembu amabili axhumanayo ngaphandle kokuba azi ngakho. Umhlaseli angase eba ulwazi olubucayi, aphazamise idatha, noma azenze umuntu ongeyena umuntu ngenxa yokukhwabanisa.
2. Amafomu Avamile
• Ukukhwabanisa nge-Wi-Fi: Abahlaseli bakha izindawo zokugembula ze-Wi-Fi mbumbulu ukuze bakhuthaze abasebenzisi ukuthi baxhume ukuze bantshontshe idatha.
Ukukhwabanisa nge-DNS: ukuphazamisa imibuzo ye-DNS ukuze uqondise abasebenzisi kumawebhusayithi anonya.
• Ukuntshontshwa kwe-SSL: Ukuqamba izitifiketi ze-SSL ukuze kuvinjelwe ithrafikhi ebethelwe.
• Ukuntshontshwa kwe-imeyili: Ukuvimba nokuphazamisa okuqukethwe kwe-imeyili.
3. Izingozi
Ukuhlaselwa kwe-MITM kuyisongo esikhulu ezinhlelweni zebhange eziku-inthanethi, ezentengiselwano ze-inthanethi, kanye nezezokuxhumana, okungaholela ekuntshontshweni kwama-akhawunti, ukuthengiselana okuphazamisekile, noma ukuvezwa kokuxhumana okubucayi.
4. Izindlela Zokuvimbela
• Sebenzisa amawebhusayithi e-HTTPS ukuqinisekisa ukuthi ukuxhumana kubethelwe.
• Gwema ukuxhuma ku-Wi-Fi yomphakathi noma ukusebenzisa i-VPNS ukuze ubhale ngemfihlo ithrafikhi.
• Nika amandla isevisi yokuxazulula i-DNS evikelekile njenge-DNSSEC.
• Hlola ukufaneleka kwezitifiketi ze-SSL bese uqaphela izixwayiso ezihlukile.
Ukufakwa kwe-SQL
1. Indlela Yokufaka I-SQL
Ukujova kwe-SQL kuwukuhlasela kokujova ikhodi lapho umhlaseli efaka khona izitatimende ze-SQL ezinonya emasimini okufaka kohlelo lokusebenza lwewebhu (isb., ibhokisi lokungena ngemvume, ibha yokusesha) ukuze akhohlise isizindalwazi ukuthi senze imiyalo engekho emthethweni, ngaleyo ndlela eba, ephazamisa noma esusa idatha.
2. Isimiso Sokuhlasela
Cabanga ngombuzo olandelayo we-SQL wefomu lokungena ngemvume:
Umhlaseli ungena:
Umbuzo uba:
Lokhu kugwema ukuqinisekiswa futhi kuvumela umhlaseli ukuthi angene ngemvume.
3. Izingozi
Ukufakwa kwe-SQL kungaholela ekuphuzeni okuqukethwe kwedatha, ukwebiwa kweziqinisekiso zomsebenzisi, noma ngisho nokuthathwa kwezinhlelo zonke. Ukwephulwa kwedatha ye-Equifax ngo-2017 kwaxhunyaniswa nokuba sengozini yokufakwa kwe-SQL okwathinta ulwazi lomuntu siqu lwabasebenzisi abayizigidi ezingu-147.
4. Ukuzivikela
• Sebenzisa imibuzo ebekwe ngamapharamitha noma izitatimende ezihlanganiswe kusengaphambili ukuze ugweme ukuhlanganisa ngokuqondile okokufaka komsebenzisi.
• Sebenzisa ukuqinisekiswa kokufakwayo kanye nokuhlunga ukuze wenqabe izinhlamvu ezingavamile.
• Vimbela izimvume zesizindalwazi ukuvimbela abahlaseli ekwenzeni izenzo eziyingozi.
• Skena njalo izinhlelo zokusebenza zewebhu ukuze uthole ubuthakathaka kanye nezingozi zokuphepha ze-patch.
Ukuhlaselwa kwe-DDoS
1. Uhlobo Lokuhlaselwa Kwe-DDoS
Ukuhlasela kwe-Distributed Denial of Service (DDoS) kuthumela izicelo ezinkulu kuseva eqondiwe ngokulawula inani elikhulu lama-bots, okuqeda i-bandwidth yayo, izinsiza zeseshini noma amandla ekhompyutha, futhi kwenze abasebenzisi abavamile bangakwazi ukufinyelela isevisi.
2. Izinhlobo Ezivamile
• Ukuhlaselwa kwethrafikhi: ukuthumela inani elikhulu lamaphakethe nokuvimba i-bandwidth yenethiwekhi.
• Ukuhlaselwa kwephrothokholi: Sebenzisa ubuthakathaka bephrothokholi ye-TCP/IP ekuqedeni izinsiza zeseshini yeseva.
• Ukuhlaselwa kwezendlalelo zohlelo lokusebenza: Khubaza amaseva ewebhu ngokuzenza izicelo zomsebenzisi ezisemthethweni.
3. Amacala Ajwayelekile
Ukuhlasela kwe-Dyn DDoS ngo-2016 kwasebenzisa i-Mirai botnet ukwehlisa amawebhusayithi amaningi ajwayelekile kufaka phakathi i-Twitter ne-Netflix, okugqamisa izingozi zokuphepha zamadivayisi e-iot.
4. Amasu Okubhekana Nezinkinga
• Sebenzisa izinsizakalo zokuvikela ze-DDoS ukuze uhlunge ithrafikhi enonya.
• Sebenzisa inethiwekhi Yokulethwa Kokuqukethwe (i-CDN) ukuze usabalalise ithrafikhi.
• Lungiselela ama-load balancers ukuze wandise umthamo wokucubungula iseva.
• Qapha ithrafikhi yenethiwekhi ukuze uthole futhi uphendule ezimeni ezingavamile ngesikhathi.
Izinsongo Zangaphakathi
1. Incazelo Yosongo Lwangaphakathi
Izinsongo zangaphakathi zivela kubasebenzisi abagunyaziwe (isib. abasebenzi, osonkontileka) ngaphakathi kwenhlangano abangase basebenzise kabi amalungelo abo ngenxa yonya, ukunganaki, noma ukuphathwa kabi ngabahlaseli bangaphandle, okuholela ekuphuzeni kwedatha noma ekulimaleni kohlelo.
2. Uhlobo Lwesongo
• Abantu abangaphakathi abanonya: Ukweba idatha ngamabomu noma ukufaka izinhlelo engozini ukuze uthole inzuzo.
• Abasebenzi abanganaki: Ngenxa yokungazi ngokuphepha, ukusebenza kabi kuholela ekuvezweni kobuthakathaka.
• Ama-akhawunti athunjiwe: Abahlaseli balawula ama-akhawunti angaphakathi ngobugebengu bokweba imininingwane noma ukwebiwa kweziqinisekiso.
3. Izingozi
Izinsongo zangaphakathi kunzima ukuzibona futhi zingase zidlule ama-firewall avamile kanye nezinhlelo zokuthola ukungena. Ngo-2021, inkampani yezobuchwepheshe eyaziwayo yalahlekelwa amakhulu ezigidi zamaRandi ngenxa yokuvuza kwekhodi yomthombo yesisebenzi sangaphakathi.
4. Izindlela Zokuzivikela Eziqinile
• Sebenzisa ukwakheka kwe-zero-trust futhi uqinisekise zonke izicelo zokufinyelela.
• Qapha ukuziphatha komsebenzisi ukuze uthole imisebenzi engajwayelekile.
• Qeqesha njalo ukuphepha ukuze uthuthukise ukuqwashisa kwabasebenzi.
• Nciphisa ukufinyelela kudatha ebucayi ukuze unciphise ingozi yokuvuza.
Isikhathi sokuthunyelwe: Meyi-26-2025
