如何防范Office 365遭到鱼叉式钓鱼攻击
社会网络|2019年1月30日
配置Office 365检测邮件发送的恶意软件。
版权所有©2019 IDG Com足球竞彩网下载munications, Inc.
类似的
我是苏珊·布拉德利,这里是CSO在线。我想让你注意我在最近的Windows防卫者高级威胁保护警报中发现的东西。他们谈到了在鱼叉式网络钓鱼攻击中使用的零日闪光。Adobe在2018年12月5日发布了零日补丁。袭击目标是俄罗斯的一家医疗机构。标题为CV 2018 15982的漏洞有一个有趣的攻击序列。它向我强调了一些可以用来阻止此类攻击的缓解措施。攻击始于鱼叉式网络钓鱼攻击。正如Knowb4网站指出的那样,高达91%的网络攻击和数据泄露都是从鱼叉式网络钓鱼邮件开始的。鱼叉式钓鱼电子邮件实际上是针对特定个人或组织部门的、似乎来自可信来源的目标电子邮件。 As a result it's very hard to defend. It's not impossible, but is hard to detect. So here's how this attack played out. Spear phishing email consisted of a rar archive file containing two files. The first was a lure document an enticing email and the second was an archive file just disguised as jpeg file. Once the user opened the document an active ex flashed control was activated. That ran a command script that unzipped the archive file and ran the payload. In this instance a scheduled task was created to start a backdoor whenever the user logged in. It collected vital system information and then uploaded that information to a hard coded command and control IP address server every five minutes.
后门被设置为能够接收可以加载到内存中的指令。有几种方法可以减轻这种攻击,也可以多防御一点,还可以检查你的电子邮件帐户,看看是否已被泄露。一些更常见的方法,你可以确定你的帐户是否已被泄露,如果你看到可疑活动。您环境中的其他用户将收到来自受损计数的电子邮件。你可以在方框中看到你没有设定的规则。可能会更改用户显示名。用户邮箱被阻止发送邮件。发送的文件夹中包含常见的被黑的账户信息,比如我被困在这里汇款。有不寻常的个人资料变化不寻常的证件变化只是增加了邮件转发。任何看起来奇怪的东西。 Make sure you empower your end users to tell you of unusual events they see in their mailbox. Next you obviously want to patch for the exploit but again we can't always have patches available so we also need to know how and what things to do to protect. Just in case. For example on Windows 10 you can enable Windows Defender System guard and exploit protection capabilities in Windows 10. Next you can turn on cloud delivered protection and automatic sample submission in Windows Defender antivirus. This uses artificial intelligence and machine learning to identify new patterns. And of course you want to make sure your office ATP settings are available advanced threat protection.
您希望确保设置了高级威胁保护安全链接和高级保护保护设置安全发送,您希望在Windows 10中打开攻击面减少规则,以限制可执行活动。你可能需要审查,如果你有许可证,你需要Windows Defender ATP和Windows 10 enterprise E5。总之,我希望你们考虑一下自己什么时候会受到攻击。除非你会被攻击。如果你考虑到这一点,从长远来看,你会更安全。所以在你有危险之前。想想所有可以强化系统的方法。直到下次。我是苏珊·布拉德利,这里是CSO在线内部报道。
后门被设置为能够接收可以加载到内存中的指令。有几种方法可以减轻这种攻击,也可以多防御一点,还可以检查你的电子邮件帐户,看看是否已被泄露。一些更常见的方法,你可以确定你的帐户是否已被泄露,如果你看到可疑活动。您环境中的其他用户将收到来自受损计数的电子邮件。你可以在方框中看到你没有设定的规则。可能会更改用户显示名。用户邮箱被阻止发送邮件。发送的文件夹中包含常见的被黑的账户信息,比如我被困在这里汇款。有不寻常的个人资料变化不寻常的证件变化只是增加了邮件转发。任何看起来奇怪的东西。 Make sure you empower your end users to tell you of unusual events they see in their mailbox. Next you obviously want to patch for the exploit but again we can't always have patches available so we also need to know how and what things to do to protect. Just in case. For example on Windows 10 you can enable Windows Defender System guard and exploit protection capabilities in Windows 10. Next you can turn on cloud delivered protection and automatic sample submission in Windows Defender antivirus. This uses artificial intelligence and machine learning to identify new patterns. And of course you want to make sure your office ATP settings are available advanced threat protection.
您希望确保设置了高级威胁保护安全链接和高级保护保护设置安全发送,您希望在Windows 10中打开攻击面减少规则,以限制可执行活动。你可能需要审查,如果你有许可证,你需要Windows Defender ATP和Windows 10 enterprise E5。总之,我希望你们考虑一下自己什么时候会受到攻击。除非你会被攻击。如果你考虑到这一点,从长远来看,你会更安全。所以在你有危险之前。想想所有可以强化系统的方法。直到下次。我是苏珊·布拉德利,这里是CSO在线内部报道。
受欢迎的
来自IDG.tv的精选视频