Lokacin da masu satar bayanai ke son shiga hanyar sadarwar da aka yi niyya, suna da yuwuwa su ƙaddamar da harin phishing, yin amfani da sanannun lahani na software ko kuma kawai su yi amfani da hanyar su ta hanyar ka'idojin tebur mai nisa (RDP).
Wannan shi ne a cewar wani sabon rahoto daga Palo Alto Networks, bangaren tsaro na yanar gizo, Unit 42. A cikin sabuwar takardarsa, kamfanin ya ce wadannan ukun sun fi kashi uku cikin hudu (77%) na dukkan wadanda ake zargi da haddasa kutse.
Zurfafa zurfafa, Unit 42 ya gano cewa fiye da rabin (55%) na duk nasarar rashin lafiyar software suna amfani da ProxyShell (55%), sannan Log4j (14%), SonicWall (7%), ProxyLogon (5%) da Zoho ManageEngine ADSelfService Ƙari (4%).
Koyaya, 'yan kasuwa na iya yin abubuwa da yawa don kasancewa cikin aminci. Daga cikin shari'o'in mayar da martani 600 na sashe na 42 da aka bincika don rahoton, kasuwancin ba su da ingantattun abubuwa masu yawa akan tsarin fuskantar intanet a cikin rabin lokuta. A halin yanzu, fiye da kwata (28%) suna da ingantattun hanyoyin sarrafa facin kuma 44% ba su da sabis na kariya na ƙarshe a wurin.
BEC da ransomware
Da zarar sun sami dama, masu yin barazanar za su shiga ko dai cikin sulhun imel na kasuwanci (BEC) ko hare-haren ransomware. Matsakaicin adadin da aka sace ta hanyar BEC ya kai dala 286,000, in ji rahoton, yayin da na ransomware, matsakaicin matsakaicin abin da ake buƙata shine kusan dala miliyan 8.
Wani sabon wanda aka azabtar yana samun bayanan su akan shafukan yanar gizo kowane sa'o'i hudu yanzu, rahoton ya samo. Shi ya sa, masu binciken sun yi iƙirarin, gano ayyukan ransomware da wuri yana da mahimmanci.
Yawancin lokaci, maharan suna ciyarwa har zuwa kwanaki 28 akan hanyar sadarwar da aka yi niyya, suna gano wuraren ƙarshe (yana buɗewa a sabon shafin) da mahimman bayanai, kafin a zahiri tura kowane kayan fansho.
“A yanzu haka, laifuffukan yanar gizo kasuwanci ne mai sauƙi da za a iya shiga saboda ƙarancin tsadarsa kuma galibi ana samun riba mai yawa. Don haka, marasa ƙwarewa, novice masu yin barazanar za su iya farawa tare da samun damar yin amfani da kayan aiki kamar hacking-as-a-service zama mafi shahara kuma ana samun su akan gidan yanar gizo mai duhu, ”in ji Wendi Whitmore, SVP kuma shugaban Unit 42 a Palo Alto Networks.
"Masu kai hare-haren Ransomware kuma suna samun tsari tare da sabis na abokin ciniki da binciken gamsuwa yayin da suke hulɗa da masu aikata laifuka ta yanar gizo da kuma ƙungiyoyin da aka azabtar."