✔️ 2022-08-25 22:57:48 - Paris/France.
Ukusetyenziswa kwezixhobo eziphathwayo ngaphakathi kumashishini kuqhelekile, ngoko ke imibutho kufuneka ilungiselele zonke iintlobo zeevektha zesoyikiso eziphathwayo, kubandakanya nohlaselo kusetyenziswa ii-apps eziphathwayo, ukunqanda ukophulwa kwe-cybersecurity.
Njengoko ubhubhani we-COVID-19 kunye nendlela yokusebenza-usuka naphina uye watyhala abantu abaninzi ukuba basebenze bekude, izixhobo eziphathwayo ziye zaba lijelo eliphambili labasebenzi ukuze bahlale benxibelelana nabaqeshi babo kunye nothungelwano. Nangona olu tshintsho lunikeze lula kunye nokuguquguquka kwabasebenzi, ukuthembela kwizixhobo eziphathwayo kuzisa imingcipheko emitsha yokhuseleko. I-Ransomware, i-malware, kunye nezinye iintlobo zohlaselo zinokujolisa izixhobo eziphathwayo kwisiphumo esihle, kwaye amashishini kufuneka athathele ingqalelo oku ukuqinisekisa ukhuseleko lwedatha kulo lonke ishishini.
Ukophulwa kwe-app yeselula kusongela amashishini
Kuthatha kuphela isixhobo esiphathwayo esisengozini ukuze umhlaseli afikelele kwinethiwekhi yombutho. Izixhobo eziphathwayo zenkampani kunye ne-BYOD yiyona nto ekujoliswe kuyo ekuhlaselweni komhlaba kunye nommandla obanzi, apho ukuhlaselwa kwesixhobo esiphathwayo sibeka isiteji solunye uhlaselo kwi-back-end system okanye isicelo sefu. Isixhobo esiphathwayo somsebenzisi weshishini sinokuba ne-imeyile yomsebenzi, i-app yonxibelelwano emanyeneyo njengeSlack okanye Amaqela, kunye neSalesforce okanye omnye umxhasi wolawulo lobudlelwane (CRM). Xa abahlaseli bethoba isixhobo esinjalo, bafumana ukufikelela ngokupheleleyo kwimithombo yenethiwekhi yenkampani, njengokungathi bangabasebenzisi abagunyazisiweyo besixhobo.
Njengoko abasebenzi abaninzi bethembele kwizixhobo eziphathwayo zobuqu kunye nezenkampani ukuba benze imisebenzi yabo phakathi kobhubhane, indawo yokuhlasela ephathwayo inyukile kwiminyaka yakutshanje. Ingxelo ka-2022 evela kumthengisi wokhuseleko oluphathwayo iZimperium yafumanisa ukuba umyinge wehlabathi jikelele we-23% yezixhobo eziphathwayo ziye zadibana nee-apps ezinobungozi ngo-2021.
Ukongeza, ngesicelo esitsha ngasinye esifakwe ngumsebenzisi kwisixhobo esiphathwayo, indawo yokuhlaselwa iyanda. Izisongelo zesicelo, ezifana nee-APIs eziveziweyo kunye nekhowudi engafanelekanga, shiya idatha yabathengi ivulekile ukuhlasela. Ii-apps zeselula eziphelelwe lixesha zongeza kuphela kobu bubuthathaka bokhuseleko. Imibutho inokujika kulawulo lokuhamba kweshishini (EMM) kunye nezinye izixhobo zolawulo lwesiphelo solawulo olukhulu lwesicelo. Ezi zixhobo zivumela i-IT ukuba yenze kwaye ilawule imigaqo-nkqubo, efana nokuzenzekelayo inkqubo yokusebenza yeselula kunye nohlaziyo lwesicelo, ukwenzela ukhuseleko olungcono lweselula.
Abahlaseli banokujolisa izixhobo eziphathwayo ukuze ziqwalaselwe kwakhona. Abadlali ababi banokusebenzisa imakrofoni yesixhobo esiphathwayo kunye nekhamera ukuze bahlole imibutho kwaye bafumane iimfihlo zenkampani, njengophando kunye nezicwangciso zophuhliso kunye nemali. Izixhobo eziphathwayo ezisengozini zinokuhlola iifowuni zentengiso okanye iintlanganiso malunga nemveliso enkulu elandelayo yenkampani.
I-Mobile Device Threat Vectors IT idinga ukwazi malunga nayo
Zininzi iindlela abahlaseli abanokubeka esichengeni izixhobo eziphathwayo ngokusebenzisa ii-apps eziphathwayo. Thintela kwaye unciphise iziphumo ezibi zohlaselo lwe-app yeselula ngokugcina ezi zigrogriso zilandelayo engqondweni.
Mobile Malware
I-Malware yisoftware enobungozi enokuba iinkcukacha zokungena ngelixa igqitha ungqinisiso lwezinto ezimbini (2FA). Iintsholongwane, iintshulube kunye nespyware yimizekelo ye-malware ejolise kwizixhobo eziphathwayo.
Umlo ochasene ne-malware yeselula uqala ngesoftware ye-antivirus yeselula. Isebe le-IT kufuneka lilawule ngokungqongqo ukufikelela kude kuthungelwano loshishino ngezixhobo eziphathwayo.
Uhlaselo lwe-Malware luyakhula ngenkxaso yemibutho exhaswa ngurhulumente kunye nemibutho yobugebengu. Amanye ala maqela okugqekeza anetekhnoloji kunye nezibonelelo zabantu kwivenkile enkulu yophuhliso lwesoftware. Umzekelo, indlela entsha eyoyikisayo yohlaselo lwe-malware oluchasene ne-apps zebhanki ephathwayo ibandakanya i-dropper apps, ezongezelelwe ngabaphuli-mthetho kwiiapps ezisemthethweni kwivenkile kaGoogle Play. Njengoko i-hybrid yokusebenza kunye nemigaqo-nkqubo ye-BYOD iphazamisa imigca phakathi kwezixhobo zomntu kunye nezomsebenzi, kuyingozi enkulu kwimibutho emininzi.
Njengoko izenzo zeDevOps kunye neDevSecOps zizuza ukuthandwa, abaphuhlisi beapp ephathwayo baya kudinga ukuya kwiselfowuni yeDevSecOps ukwenza usetyenziso olukhuselekileyo lweselfowuni. Iindlela ezininzi zokuzikhusela ziya kubaluleka ngakumbi, njengokuchazwa kwekhowudi ukwenza ikhowudi yesicelo okanye uqikelelo lube nzima ukuqondwa kunye nokukhusela isicelo ukugada kuhlaselo olutshintshayo, ukulungisa kakubi, kunye nokuphazamisa .
I-ransomware yeselula
Ngelixa amaqela e-IT anokusebenzisa i-obfuscation ukukhusela idatha, abahlaseli banokusebenzisa eli qhinga ukwenza uhlaselo lwe-ransomware. Uhlaselo lwe-ransomware lufihla isixhobo esiphathwayo esisengozini, sitshixa umsebenzisi ngaphandle kwesixhobo. Abahlaseli beRansomware ngokubanzi balandela incwadi yokudlala efanayo kunye nezixhobo eziphathwayo njengoko besenza kwiiPC: hlawula ukuba ufuna ukuphinda ufikelele kwisixhobo sakho kunye nedatha yayo.
I-Ransomware yayiyinxalenye ephantse ibe yi-25% yalo lonke ukophulwa kwedatha ngo-2021 - ukonyuka okuphantse kube yi-13% ukusuka kunyaka ophelileyo - ngokweziphumo ezivela kwingxelo yeVerizon's 2022 Data Breach Investigations Report, kunye nezixhobo eziSelfowuni zikude ukuba zikhuseleke kuhlaselo olunjalo. .
Uthintelo lweRansomware luqala ngokuthintela izixhobo zenkampani ekukhupheleni ii -apps kuwo nawuphi na umthombo ngaphandle kwevenkile yazo yeshishini, iApple App Store, okanye iGoogle Play. Nanga amanye amanyathelo abalulekileyo okuthintela iransomware ephathwayo:
- Yenza kwaye unyanzelise umgaqo-nkqubo we-BYOD kunye nenkqubo yoqeqesho ehambelanayo elawula ukhuseleko lwezixhobo ezibhaliswe kwinkqubo ye-BYOD yenkampani.
- Yenza imigaqo-nkqubo kwiqonga le-EMM lombutho elikhuthaza bonke ababhalisiweyo be-BYOD kunye nezixhobo zoshishino ukukhuphela ngokuzenzekelayo iipetshi zokhuseleko kunye nohlaziyo.
- Dibanisa uthintelo lweransomware ephathwayo kuqeqesho lweshishini lokhuseleko lokhuseleko.
Ikhowudi eyaphukileyo kunye neapps ezivuzayo eziphathwayo
Ii-apps ezivuzayo eziphathwayo zibeka inqanaba lokwaphulwa kwesixhobo esiphathwayo. Njengoko igama libonisa, isicelo esivuzayo sesinye esinedatha yeshishini ephuma kuyo, njengamanzi avuzayo kumbhobho oqhekekileyo. Izenzo zeprogram ezingalunganga zenza ikhowudi ephosakeleyo, enokuvumela uluntu kunye nabahlaseli ukuba babone idatha yesicelo efana nolwazi lwenkampani kunye neephasiwedi.
Kuthatha kuphela isixhobo esiphathwayo esisengozini ukuze umhlaseli afikelele kwinethiwekhi yombutho.
Ubuthathaka bokhuseleko ibingumba obalulekileyo ngokukhutshwa kwe-app ye-Olimpiki yaseBeijing 2022. Le app ibisisinyanzelo kubo bonke abathathi-nxaxheba kwaye ineziphene ezinokuvumela abahlaseli babe iinkcukacha zobuqu kwaye bahlole unxibelelwano oluthile. Iingcebiso eziqhelekileyo kubadlali nakwabanye abathathi-nxaxheba yayikukusebenzisa iselfowuni kwiiOlimpiki ngenxa yezoyikiso zokhuseleko lweselula ezazikho.
Kwavela isoyikiso esifanayo ngoJanuwari ka-2021, xa uSlack echonga ibug kwi-app yakhe ye-Android egcine iziqinisekiso zomsebenzisi kwisicatshulwa esicacileyo kwizixhobo. Nangona i-Slack ilumkise abasebenzisi bayo ukuba batshintshe amagama abo ayimfihlo kwaye bacoce idatha yedatha yesicelo, ukufikelela okunokwenzeka kwakuvuleleke kubahlaseli abafuna ulwazi lwenkampani. Ngelixa i-bug ingakhange ibangele nakuphi na ukwaphulwa kwentloko-ndaba, ibonisa ukuba ii-apps ezithandwayo zeshishini leselula zisisixhobo sokuhlasela esinokubakho.
Ukukhusela kwikhowudi eyaphukileyo kunye nee-apps ezivuzayo eziphathwayo, imibutho kufuneka iqeqeshe abaphuhlisi bayo bemfonomfono ngeendlela ezikhuselekileyo zekhowudi kwaye iphumeze uvavanyo lokhuseleko lwe-app yeselula njengenxalenye yendlela ye-DevOps.
Ukwaphulwa kwenkqubo yoNikezelo lweSoftware
Ikhonkco lokubonelela ngesoftware lisebenza ngokufanayo kumgca wokuhlanganisa kwifektri. Ngumjikelo wemveliso odibanisa amaqabane, iikontraka, kunye nabathengisi beqela lesithathu ukuvelisa isoftware. Amacandelo esoftware yomthombo ovulekileyo nawo ahamba ngekhonkco lonikezelo olufanayo.
Kuyo yonke ikhonkco lonikezelo lwesoftware, nangona kunjalo, ukuba sesichengeni kokhuseleko kwi-cybersecurity kumbutho omnye kunokukhokelela kumonakalo owongezelelweyo kweminye imibutho eyahlukeneyo. Ukophulwa kwenkqubo yobonelelo lwesoftware yeSolarWinds ibonakalise ngendlela engafanelekanga le ngozi, nabaphangi befumana ukufikelela kuthungelwano, iinkqubo kunye nedatha yamawakawaka karhulumente wenkampani kunye nabathengi beshishini.
Umhlaseli obeka esichengeni ikhonkco lonikezelo lwesoftware yomthengisi weselula angafaka ikhowudi kwi-app ekhuthaza umsebenzisi wokugqibela ukuba akhuphele uhlaziyo olusuka kwindawo enobungozi. Uchaphaza lwekhonkco lonikezelo lwesoftware lwenzeka phambi kokuba isicelo sifike kuluntu okanye kwivenkile yeapp yeshishini.
Ukusetyenziswa kweshishini kunye nababoneleli ngeenkonzo ngokungathandabuzekiyo baya komeleza ukhuseleko lwabo lwekhonkco lokubonelela ukuthintela olu hlaselo.
Jailbreaking kunye neengcambu izixhobo eziphathwayo
Izixhobo ze-iOS zeJailbroken kunye neengcambu ze-Android zibeka esichengeni ukhuseleko lwaso sonke isixhobo kuba zivumela abahlaseli ukuba benze uhlaselo lokunyuka kwamalungelo. Xa abahlaseli befumana ukufikelela kwinkqubo yokusebenza yeselula, banokuhlasela izicelo zeselula ngokungakhethiyo.
Izixhobo ze-EMM ezifana ne-Jamf Private Access zivumela i-IT ukuseta imigaqo-nkqubo yokhuseleko ekhusela i-jailbroken okanye izixhobo eziphathwayo ezigxilwe ekufikeleleni kwizibonelelo zenkampani.
Ukuhlaselwa komntu phakathi
Njengoko izicelo zamashishini zifudukela efini, ithemba lokuhlaselwa kwe-man-in-middle (MitM) - apho umhlaseli angakwazi ukunqanda, ukucima okanye ukuguqula idatha ethunyelwe phakathi kwezixhobo ezimbini - iba yinyani. Nangona kukho ezinye izizathu zokuhlaselwa kwe-MitM, izicelo zeselula ezisebenzisa i-HTTP engafihlwanga zinokuthwala ulwazi olubuthathaka, olunokuthi abahlaseli basebenzise iinjongo zabo ezinobungozi.
Ukuthintela ukuhlaselwa kwe-MitM, imibutho kufuneka iqale ngokuqeqesha amaqela abo ophuhliso kwimigangatho ekhuselekileyo yekhowudi kunye noyilo lwezakhiwo. Kwale migangatho ifanayo kufuneka isebenze nakubathengisi kwikhonkco labo lokubonelela ngesoftware.
Uzikhusela njani ii-apps eziphathwayo kwizoyikiso zokhuseleko
Ukuqinisekisa ukhuseleko lwabasebenzisi beselula kunye nezixhobo zeshishini ezinovakalelo, i-IT kufuneka iqonde ukuba uhlaselo lwesicelo esiphathwayo lunokwenzeka njani kwaye lukhusele ngokusebenzayo ngokuchasene nabo. Njengoko umbutho usebenzisa i-BYOD kunye nezixhobo zeshishini ziyaguquka, izicwangciso zayo zokhuseleko lweselula kufuneka zivele nazo. Isitshixo sokwenza imigaqo-nkqubo yokhuseleko esebenzayo kukusebenzisa ubudlelwane bokusebenza ukwabelana ngezona ndlela zilungileyo phakathi kwe-desktop kunye namaqela eselula, kunye nabasebenzisi bokugqibela abaxhaswa ngumbutho.
SOURCE: Uphonononga Iindaba
Ungalibazisi ukwabelana ngenqaku lethu kwiinethiwekhi zentlalo ukusinika ukomelela okuqinileyo. 👓