English

Zeziphi iiNgxaki zoNxibelelwano eziqhelekileyo? Uya kudinga i-Mylinking ukuze ubambe iiPakethi zeNethiwekhi ezichanekileyo kwaye uzithumele kwiZixhobo zoKhuseleko zeNethiwekhi yakho.

Khawube nomfanekiso wakho uvula i-imeyile ebonakala iqhelekile, kwaye ngomzuzu olandelayo, iakhawunti yakho yebhanki ayinanto. Okanye ukhangela iwebhu xa isikrini sakho sitshixwa kwaye kuvela umyalezo wentlawulelo. Le miboniso ayizizo iimuvi zenzululwazi, kodwa yimizekelo yokwenyani yohlaselo lwe-cyber. Ngeli xesha le-Intanethi yayo yonke into, i-Intanethi ayiyona nje ibhuloho efanelekileyo, kodwa iyindawo yokuzingela kubaduni. Ukusuka kubumfihlo bomntu ukuya kwiimfihlo zenkampani ukuya kukhuseleko lwelizwe, uhlaselo lwe-cyber lukho kuyo yonke indawo, kwaye amandla abo obuqili kunye nokonakalisa ayabanda. Ziziphi iintlaselo ezisisongelayo? Zisebenza njani, yaye yintoni efanele yenziwe ngaloo nto? Makhe sijonge kwezisibhozo zohlaselo lwekhompyutha oluxhaphakileyo, olukusa kwihlabathi eliqhelekileyo nelingaqhelekanga.

Uhlaselo

I-Malware

1. Yintoni iMalware? I-Malware yinkqubo enobungozi eyilelwe ukonakalisa, ukuba, okanye ukulawula inkqubo yomsebenzisi. Ichwechwela kwizixhobo zabasebenzisi ngokusebenzisa iindlela ezibonakala zimsulwa ezinje nge-imeyile encamatheleyo, uhlaziyo lwesoftware efihliweyo, okanye ukhuphelo olungekho mthethweni lwewebhusayithi. Nje ukuba isebenze, i-malware inokuba ulwazi olubuthathaka, ifihle idatha, icime iifayile, okanye ijike isixhobo sibe "yipopi" yomhlaseli.

I-Malware

2. Iintlobo eziqhelekileyo ze-malware
Intsholongwane:Iqhotyoshelwe kwiiprogram ezisemthethweni, emva kokusebenza, ukuziphindaphinda, ukusuleleka kwezinye iifayile, okubangelwa ukuthotywa kwenkqubo okanye ukulahleka kwedatha.
Umbungu:Inokusasaza ngokuzimeleyo ngaphandle kwenkqubo yokusingatha. Kuqhelekile ukuba usasazeke ngobuthathaka benethiwekhi kunye nokutya izixhobo zenethiwekhi. ITrojani: Izenza njengesoftware esemthethweni yokukhuthaza abasebenzisi ukuba bafakele ucango olungemva olunokulawula ukude izixhobo okanye lube idatha.
I-Spyware:Ukubeka iliso ngokufihlakeleyo ukuziphatha komsebenzisi, ukurekhoda izitshixo okanye imbali yokukhangela, ehlala isetyenziselwa ukubiwa amagama ayimfihlo kunye nolwazi lweakhawunti yebhanki.
I-Ransomware:Ukutshixa isixhobo okanye idatha efihliweyo ukuze intlawulelo ivuleke kuxhaphake kakhulu kwiminyaka yakutshanje.

3. Ukusasaza kunye ne-Harm Malware idla ngokusasazwa ngemidiya ebonakalayo efana ne-imeyile ezikhohlisayo, iMalvertising, okanye izitshixo ze-USB. Umonakalo unokubandakanya ukuvuza kwedatha, ukusilela kwenkqubo, ilahleko yemali, kunye nokulahleka kwesidima seshishini. Umzekelo, i-malware ye-Emotet ka-2020 yaba bubusuku bokhuseleko lweshishini ngokosulela izigidi zezixhobo kwihlabathi liphela ngamaxwebhu eOfisi afihliweyo.

4. Amacebo okuthintela
• Faka kwaye uhlaziye rhoqo isoftwe ye-anti-virus ukuze uskene iifayile ezikrokrisayo.
• Kuphephe ukucofa amakhonkco angaziwayo okanye ukukhuphela isoftware kwimithombo engaziwayo.
• Gcina idatha ebalulekileyo rhoqo ukunqanda ilahleko engenakubuyiseka ebangelwa yi-ransomware.
• Vumela iifirewall ukunqanda ukufikelela kwinethiwekhi okungagunyaziswanga.

I-Ransomware

1. Isebenza njani i-Ransomware I-Ransomware luhlobo olukhethekileyo lwe-malware evala ngokuthe ngqo isixhobo somsebenzisi okanye ifihla idatha ebalulekileyo (umzekelo, amaxwebhu, i-database, ikhowudi yomthombo) ukuze ixhoba lingakwazi ukufikelela kuyo. Abahlaseli badla ngokufuna intlawulo kwii-cryptocurrencies ezinzima ezifana ne-bitcoin, kwaye basongela ukutshabalalisa ngokusisigxina idatha ukuba intlawulo ayenziwanga.

I-Ransomware

2. Iimeko eziqhelekileyo
Uhlaselo loMbhobho weKoloniyali ngo-2021 lothusa ihlabathi. I-DarkSide ransomware ibethelele inkqubo yolawulo lombhobho omkhulu wepetroli kuNxweme oluseMpuma ye-United States, ibangela ukuba unikezelo lwamafutha luphazamiseke kwaye abahlaseli bafuna intlawulelo ye-4.4 yezigidi zeedola. Esi siganeko sibhentsise ubuthathaka beziseko ezingundoqo kwi-ransomware.

3. Kutheni iransomware ibulala kangaka?
Ukufihlwa okuphezulu: IRansomware ihlala isasazwa ngobunjineli bezentlalo (umzekelo, ukuzenza njengee-imeyile ezisemthethweni), isenza kube nzima kubasebenzisi ukubhaqa.
Ukusasazwa okukhawulezayo: Ngokuxhaphaza ubuthathaka benethiwekhi, iransomware inokosulela ngokukhawuleza izixhobo ezininzi ngaphakathi kweshishini.
Kunzima ukuphinda ufumane kwakhona: Ngaphandle kwe-backup esebenzayo, ukuhlawula intlawulelo kunokuba kuphela kwendlela, kodwa akunakwenzeka ukufumana kwakhona idatha emva kokuhlawula intlawulelo.

4. Amanyathelo oKhuselo
• Gcina idatha rhoqo ngaphandle kwe-intanethi ukuqinisekisa ukuba idatha ebalulekileyo inokubuyiselwa ngokukhawuleza.
• Inkqubo ye-Endpoint Detection and Response (EDR) yasetyenziswa ukujonga indlela yokuziphatha engaqhelekanga ngexesha lokwenyani.
• Qeqesha abasebenzi ukuba bachonge ii-imeyile zokurhwaphiliza ukuze bangabi ngamaxhoba okuhlasela.
• Isixokelelwano sePatch kunye nobuthathaka besoftware kwangethuba ukunciphisa umngcipheko wongenelelo.

Phishing

1. Ubume boPhishing
I-Phishing luhlobo lohlaselo lobunjineli bezentlalo apho umhlaseli, ozenza iqumrhu elithembekileyo (elifana nebhanki, iqonga le-e-commerce, okanye umlingane), ukhuthaza ixhoba ukuba lichaze ulwazi olubucayi (njengamagama ayimfihlo, amanani ekhadi lekhredithi) okanye ucofe ikhonkco elibi nge-imeyile, umyalezo obhaliweyo, okanye umyalezo okhawulezayo.

Phishing

2. Iifom eziqhelekileyo
• I-imeyile yokukhohlisa: Ii-imeyile ezisemthethweni zobuxoki ukuhenda abasebenzisi ukuba bangene kwiiwebhusayithi zomgunyathi kwaye bafake iinkcukacha zabo.
Spear Phishing: Uhlaselo olulungiselelwe umntu othile okanye iqela elinezinga eliphezulu lempumelelo.
• Smishing: Ukuthumela izaziso zomgunyathi ngemiyalezo ebhaliweyo ukuhenda abasebenzisi ukuba bacofe iilinki eziyingozi.
• UVishing: ukuzenza umntu onegunya phezu kwefowuni ukufumana ulwazi olubuthathaka.

3. Iingozi kunye neziphumo
Uhlaselo lwePhishing lutshiphu kwaye kulula ukuluphumeza, kodwa lunokubangela ilahleko enkulu. Ngo-2022, ilahleko yemali yehlabathi ngenxa yohlaselo lobuqhetseba iye yafikelela kwiibhiliyoni zeedola, kubandakanya iiakhawunti ezibiweyo, ukophulwa kwedatha yenkampani, kunye nokunye.

4. IziCwangciso zokuhlangabezana nazo
• Jonga kwakhona idilesi yomthumeli kwii-typos okanye amagama esizinda angaqhelekanga.
• Yenza ukuqinisekiswa kwezinto ezininzi (i-MFA) ukunciphisa umngcipheko nokuba amagama ayimfihlo afakwe emngciphekweni.
• Sebenzisa izixhobo ezichasene nobuqhetseba ukuhluza ii-imeyile ezinobungozi kunye namakhonkco.
• Ukuqhuba uqeqesho oluthe gqolo lokwazisa ngokhuseleko ukomeleza uqwalaselo lwabasebenzi.

Usongelo oluPhezulu oluZingisayo (APT)

1. Inkcazo ye-APT

Usongelo oluqhubekayo oluqhubekayo (APT) luhlaselo lwe-cyber olunzima, oluhlala ixesha elide, ludla ngokuqhutyelwa ngamaqela e-hacker level okanye amaqela olwaphulo-mthetho. Uhlaselo lwe-APT lunenjongo ecacileyo kunye neqondo eliphezulu lokwenza ngokwezifiso. Abahlaseli bangena ngezigaba ezininzi kwaye bahlala ixesha elide ukuze babambe idatha eyimfihlo okanye bonakalise inkqubo.

APT

2. UkuPhuma koHlaselo
Ungenelelo lokuqala:Ukungena ngee-imeyile zokukhohlisa, ukuxhaphaza, okanye uhlaselo lwekhonkco lokubonelela.
Misela indawo yokuma kuyo:Faka i-backdoors ukugcina ukufikelela kwexesha elide.
Intshukumo yeLateral:isasazeke kuthungelwano ekujoliswe kulo ukufumana igunya eliphezulu.
Ubusela beDatha:Ukukhupha ulwazi olunovakalelo olunje ngepropathi enomgangatho ophezulu wokuqonda okanye amaxwebhu eqhinga.
Gubungela umkhondo:Cima ilog ukufihla uhlaselo.

3. Iimeko eziqhelekileyo
Uhlaselo lweSolarWinds ngo-2020 yayisisiganeko sakudala se-APT apho abahlaseli batyala ikhowudi ekhohlakeleyo ngohlaselo lokubonelela, echaphazela amawaka amashishini kunye neearhente zikarhulumente kwihlabathi liphela kwaye beba inani elikhulu ledatha ebuthathaka.

4. Amanqaku oKhuselo
• Faka inkqubo yokufumanisa i-Intrusion (IDS) ukujonga itrafikhi yenethiwekhi engaqhelekanga.
• Ukunyanzelisa umthetho-siseko welona lungelo lincinci ukunciphisa intshukumo esecaleni yabahlaseli.
• Ukuqhuba uphicotho lokhuseleko rhoqo ukuze kubonwe izinto ezingasemva.
• Sebenza ngeqonga lobuntlola ukuze ubambe iindlela zokuhlasela zamva nje.

Indoda kuhlaselo oluphakathi (MITM)

1. Uhlaselo lomntu ophakathi lusebenza njani?
I-man-in-middle attack (MITM) kuxa umhlaseli efaka, ethintela, kwaye eqhuba ukuhanjiswa kwedatha phakathi kwamaqela amabini anxibelelanayo ngaphandle kokuba azi malunga nalo. Umhlaseli unokuba ulwazi olubuthathaka, abhucabhuce idatha, okanye azenze umntu othanda ubuqhophololo.

I-MITM

2. Iifom eziqhelekileyo
• I-Wi-Fi spoofing: Abahlaseli benza ii-Wi-Fi hotspots zobuxoki ukuze bakhuthaze abasebenzisi ukuba baqhagamshelane ukuze babe idatha.
I-DNS spoofing: ukuphazamisa imibuzo ye-DNS ukuqondisa abasebenzisi kwiiwebhusayithi ezinobungozi.
• Ukuqweqwedisa nge-SSL: Ukwenza izatifikethi ze-SSL ukuthintela itrafikhi efihliweyo.
• Ukuqweqwedisa i-imeyile: Ukuphazamisa kunye nokuphazamisa umxholo we-imeyile.

3. Iingozi
Uhlaselo lwe-MITM lubeka isoyikiso esibalulekileyo kwiinkqubo zebhanki ze-intanethi, i-e-commerce, kunye ne-telecommuting, ezinokukhokelela kwiiakhawunti ezibiweyo, ukuthengiselana okuphazamisayo, okanye ukuvezwa konxibelelwano olubucayi.

4. Amanyathelo okuthintela
• Sebenzisa iiwebhusayithi zeHTTPS ukuqinisekisa ukuba unxibelelwano lufihliwe.
• Kuphephe ukuqhagamshela kwi-Wi-Fi kawonke-wonke okanye ukusebenzisa i-VPNS ukufihla i-traffic.
• Vula inkonzo yesisombululo se-DNS ekhuselekileyo njenge-DNSSEC.
• Jonga ukuba semthethweni kwezatifikethi ze-SSL kwaye ulumkele izilumkiso zangaphandle.

Isitofu seSQL

1. Inkqubo ye-SQL Injection
Isitofu se-SQL luhlaselo lwenaliti yekhowudi apho umhlaseli afaka khona iingxelo ezikhohlakeleyo zeSQL kwimihlaba yegalelo lesicelo seWebhu (umzekelo, ibhokisi yokungena, ibha yokukhangela) ukuqhatha uvimba wedatha ukwenza imiyalelo engekho semthethweni, ngaloo ndlela ebe, ebhuqa okanye ecima idatha.

 

2. UMgaqo-siseko wokuhlaselwa
Qwalasela lo mbuzo ulandelayo weSQL kwifomu yokungena:

 
Umhlaseli uyangena:
 

Umbuzo uba:
 
 
Oku kugqitha uqinisekiso kwaye kuvumela umhlaseli ukuba angene.
 
3. Iingozi
 
Inaliti ye-SQL inokukhokelela ekuvuzeni kwemixholo yedathabheyisi, ukubiwa kweziqinisekiso zomsebenzisi, okanye iinkqubo ezipheleleyo zithathwe. Ukuphulwa kwedatha ye-Equifax kwi-2017 idibaniswe ne-SQL injection vulnerability echaphazela ulwazi lomntu siqu lwe-147 yezigidi zabasebenzisi.
 
4. Ukhuselo
• Sebenzisa imibuzo eneparameter okanye iingxelo eziqulunqwe kwangaphambili ukunqanda ukudibanisa ngqo igalelo labasebenzisi.
• Sebenzisa ukuqinisekiswa kwegalelo kunye nokuhluza ukwala abalinganiswa abangaqhelekanga.
• Thintela iimvume zedatabase ukuthintela abahlaseli ekwenzeni izenzo eziyingozi.
• Skena rhoqo izicelo zeWebhu zobuthathaka kunye nemingcipheko yokhuseleko.
 
	
 
	
 
	
  
 			
 	
 	
 	
 		
 	
Uhlaselo lweDDoS
 
1. Ubume boHlaselo lweDDoS
Ukuhlaselwa kwe-Distributed Denial of Service (DDoS) kuthumela izicelo ezinkulu kwi-server ekujoliswe kuyo ngokulawula inani elikhulu le-bots, elikhupha i-bandwidth yalo, izibonelelo zeseshoni okanye amandla ekhompyutheni, kwaye yenza abasebenzisi abaqhelekileyo bangakwazi ukufikelela kwinkonzo.
 
DDoS
 
2. Iintlobo eziqhelekileyo
• Uhlaselo lweTrafikhi: ukuthumela inani elikhulu leepakethi kunye nokuvala i-bandwidth yenethiwekhi.
• Uhlaselo lweProtocol: Sebenzisa ubuthathaka beprothokholi ye-TCP/IP ukuze ugqithe izibonelelo zeseshoni yeseva.
• Uhlaselo lwe-application-layer: Khubaza iiseva zeWeb ngokuzenza izicelo zabasebenzisi ezisemthethweni.
 
3. Iimeko eziqhelekileyo
Uhlaselo lwe-Dyn DDoS kwi-2016 lusebenzise i-Mirai botnet ukuhlisa iiwebhusayithi ezininzi eziqhelekileyo ezibandakanya i-Twitter kunye ne-Netflix, igxininisa imingcipheko yokhuseleko lwezixhobo ze-iot.
 
4. IziCwangciso zokuhlangabezana nazo
• Sebenzisa iinkonzo zokhuseleko ze-DDoS ukucoca itrafikhi eyingozi.
• Sebenzisa i-Content Delivery network (CDN) ukusasaza itrafikhi.
• Qwalasela izilinganisi zomthwalo ukwandisa umthamo wokusetyenzwa kweseva.
• Lawula itrafikhi yothungelwano ukuze ubone kwaye uphendule kwizinto ezingaqhelekanga ngexesha.
 
	
 
	
 
	
  
 			
 	
 	
 	
 		
 	
Izoyikiso zangaphakathi
 
1. Inkcazo yeInsider Threat
 
Izoyikiso zangaphakathi zivela kubasebenzisi abagunyazisiweyo (umzekelo, abasebenzi, iikontraki) ngaphakathi kwintlangano enokuthi isebenzise kakubi amalungelo abo ngenxa yenkohlakalo, ukungakhathali, okanye ukulawulwa ngabahlaseli bangaphandle, okubangelwa ukuvuza kwedatha okanye umonakalo wenkqubo.
 
Izoyikiso zangaphakathi
 
2. Uhlobo lweSongelo
 
• Abangaphakathi abakhohlakeleyo: Beba iinkcukacha ngabom okanye babeke esichengeni iinkqubo zokufumana inzuzo.
 
• Abasebenzi abangakhathaliyo: Ngenxa yokunqongophala kolwazi ngokhuseleko, ukungasebenzi kakuhle kukhokelela ekubeni sesichengeni.
 
• Iiakhawunti eziqweqwedisiweyo: Abahlaseli balawula ii-akhawunti zangaphakathi ngobuqhetseba okanye ubusela beenkcukacha.
 
3. Iingozi
 
Izoyikiso zangaphakathi kunzima ukuzibhaqa kwaye zinokudlula iifirewall zemveli kunye neenkqubo zokubona ukungena. Ngo-2021, inkampani eyaziwayo yetekhnoloji ilahlekelwe ngamakhulu ezigidi zeedola ngenxa yomsebenzi wangaphakathi ovuzayo ikhowudi yomthombo.
 
4. Amanyathelo oKhuselo oluluqilima
 
• Sebenzisa ulwakhiwo lwezero-trust kwaye uqinisekise zonke izicelo zofikelelo.
 
• Ukubeka iliso kwindlela yokuziphatha yabasebenzisi ukukhangela imisebenzi engaqhelekanga.
 
• Ukuqhuba uqeqesho lokhuseleko rhoqo ukuze kwandiswe ulwazi lwabasebenzi.
 
• Nciphisa ukufikelela kwiinkcukacha ezinovakalelo ukunciphisa umngcipheko wokuvuza.
 
	
 
	
 
	
 		
 	
 
                
         
Ixesha lokuposa: May-26-2025
                  
       
     
   
 
       		                             
   
           
 
 
  
    
     
       
          		                  Cofa u-enter ukukhangela okanye i-ESC ukuvala