{"id":20727,"date":"2024-10-21T14:24:54","date_gmt":"2024-10-21T07:24:54","guid":{"rendered":"https:\/\/thegioifirewall.com\/?p=20727"},"modified":"2025-03-24T07:27:21","modified_gmt":"2025-03-24T07:27:21","slug":"tu-qr-den-thoa-hiep-moi-de-doa-quishing-ngay-cang-gia-tang","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/tu-qr-den-thoa-hiep-moi-de-doa-quishing-ngay-cang-gia-tang\/","title":{"rendered":"T\u1eea QR \u0110\u1ebeN TH\u1eceA HI\u1ec6P: M\u1ed0I \u0110E D\u1eccA \u201cQUISHING\u201d NG\u00c0Y C\u00c0NG GIA T\u0102NG"},"content":{"rendered":"\n

K\u1ebb t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng m\u00e3 QR trong t\u1ec7p \u0111\u00ednh k\u00e8m email PDF \u0111\u1ec3 l\u1eeba \u0111\u1ea3o th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u1ee7a c\u00f4ng ty t\u1eeb thi\u1ebft b\u1ecb di \u0111\u1ed9ng<\/p>\n\n\n\n

Ng\u00e0y 16 th\u00e1ng 10 n\u0103m 2024<\/strong><\/a><\/p>\n\n\n\n

Nghi\u00ean c\u1ee9u m\u1ed1i \u0111e d\u1ecda<\/strong><\/a> \u0111\u1eb7c s\u1eafc<\/strong><\/a> L\u1eeba \u0111\u1ea3o<\/strong><\/a> M\u00e3 QR<\/strong><\/a> Quishing<\/strong><\/a> Sophos X-Ops<\/strong><\/a> Th\u01b0 r\u00e1c<\/strong><\/a> l\u1eeba \u0111\u1ea3o b\u1eb1ng gi\u00e1o m\u00e1c<\/strong><\/a> x-ops<\/strong><\/a><\/p>\n\n\n\n

C\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt lu\u00f4n c\u1ea3nh gi\u00e1c v\u1edbi c\u00e1c k\u1ef9 thu\u1eadt \u0111e d\u1ecda \u0111ang ph\u00e1t tri\u1ec3n. Nh\u00f3m Sophos X-Ops g\u1ea7n \u0111\u00e2y \u0111\u00e3 \u0111i\u1ec1u tra c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o nh\u1eafm v\u00e0o m\u1ed9t s\u1ed1 nh\u00e2n vi\u00ean c\u1ee7a ch\u00fang t\u00f4i, m\u1ed9t trong s\u1ed1 h\u1ecd \u0111\u00e3 b\u1ecb l\u1eeba cung c\u1ea5p th\u00f4ng tin c\u1ee7a m\u00ecnh.<\/p>\n\n\n\n

Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1i g\u1ecdi l\u00e0 quishing (m\u1ed9t t\u1eeb gh\u00e9p c\u1ee7a \u201cm\u00e3 QR\u201d v\u00e0 \u201cl\u1eeba \u0111\u1ea3o\u201d). M\u00e3 QR l\u00e0 m\u1ed9t c\u01a1 ch\u1ebf m\u00e3 h\u00f3a c\u00f3 th\u1ec3 \u0111\u1ecdc \u0111\u01b0\u1ee3c b\u1eb1ng m\u00e1y, c\u00f3 th\u1ec3 \u0111\u00f3ng g\u00f3i nhi\u1ec1u lo\u1ea1i th\u00f4ng tin, t\u1eeb c\u00e1c d\u00f2ng v\u0103n b\u1ea3n \u0111\u1ebfn d\u1eef li\u1ec7u nh\u1ecb ph\u00e2n, nh\u01b0ng h\u1ea7u h\u1ebft m\u1ecdi ng\u01b0\u1eddi \u0111\u1ec1u bi\u1ebft v\u00e0 nh\u1eadn ra c\u00e1ch s\u1eed d\u1ee5ng ph\u1ed5 bi\u1ebfn nh\u1ea5t hi\u1ec7n nay c\u1ee7a ch\u00fang l\u00e0 m\u1ed9t c\u00e1ch nhanh ch\u00f3ng \u0111\u1ec3 chia s\u1ebb URL.<\/p>\n\n\n\n

Ch\u00fang t\u00f4i trong ng\u00e0nh an ninh th\u01b0\u1eddng d\u1ea1y m\u1ecdi ng\u01b0\u1eddi kh\u1ea3 n\u0103ng ch\u1ed1ng l\u1ea1i l\u1eeba \u0111\u1ea3o b\u1eb1ng c\u00e1ch h\u01b0\u1edbng d\u1eabn h\u1ecd xem k\u1ef9 URL tr\u01b0\u1edbc khi nh\u1ea5p v\u00e0o tr\u00ean m\u00e1y t\u00ednh. Tuy nhi\u00ean, kh\u00f4ng gi\u1ed1ng nh\u01b0 URL \u1edf d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay, m\u00e3 QR kh\u00f4ng d\u1ec5 b\u1ecb ki\u1ec3m tra theo c\u00f9ng m\u1ed9t c\u00e1ch.<\/p>\n\n\n\n

Ngo\u00e0i ra, h\u1ea7u h\u1ebft m\u1ecdi ng\u01b0\u1eddi s\u1eed d\u1ee5ng camera \u0111i\u1ec7n tho\u1ea1i \u0111\u1ec3 gi\u1ea3i m\u00e3 QR thay v\u00ec m\u00e1y t\u00ednh v\u00e0 vi\u1ec7c xem x\u00e9t k\u1ef9 l\u01b0\u1ee1ng URL hi\u1ec3n th\u1ecb trong gi\u00e2y l\u00e1t tr\u00ean \u1ee9ng d\u1ee5ng camera c\u1ee7a \u0111i\u1ec7n tho\u1ea1i c\u00f3 th\u1ec3 r\u1ea5t kh\u00f3 kh\u0103n – m\u1ed9t ph\u1ea7n v\u00ec URL c\u00f3 th\u1ec3 ch\u1ec9 xu\u1ea5t hi\u1ec7n trong v\u00e0i gi\u00e2y tr\u01b0\u1edbc khi \u1ee9ng d\u1ee5ng \u1ea9n URL kh\u1ecfi t\u1ea7m nh\u00ecn v\u00e0 m\u1ed9t ph\u1ea7n v\u00ec k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng nhi\u1ec1u k\u1ef9 thu\u1eadt ho\u1eb7c d\u1ecbch v\u1ee5 chuy\u1ec3n h\u01b0\u1edbng URL kh\u00e1c nhau \u0111\u1ec3 che gi\u1ea5u ho\u1eb7c l\u00e0m t\u1ed1i ngh\u0129a \u0111\u00edch \u0111\u1ebfn cu\u1ed1i c\u00f9ng c\u1ee7a li\u00ean k\u1ebft \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb tr\u00ean giao di\u1ec7n c\u1ee7a \u1ee9ng d\u1ee5ng camera.<\/p>\n\n\n\n

Cu\u1ed9c t\u1ea5n c\u00f4ng quishing di\u1ec5n ra nh\u01b0 th\u1ebf n\u00e0o<\/strong><\/p>\n\n\n\n

V\u00e0o th\u00e1ng 6 n\u0103m 2024, c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111\u00e3 g\u1eedi cho nhi\u1ec1u m\u1ee5c ti\u00eau trong Sophos m\u1ed9t t\u00e0i li\u1ec7u PDF c\u00f3 ch\u1ee9a m\u00e3 QR d\u01b0\u1edbi d\u1ea1ng t\u1ec7p \u0111\u00ednh k\u00e8m email. C\u00e1c email l\u1eeba \u0111\u1ea3o \u0111\u01b0\u1ee3c t\u1ea1o ra \u0111\u1ec3 tr\u00f4ng gi\u1ed1ng nh\u01b0 email h\u1ee3p ph\u00e1p v\u00e0 \u0111\u01b0\u1ee3c g\u1eedi b\u1eb1ng c\u00e1c t\u00e0i kho\u1ea3n email h\u1ee3p ph\u00e1p, b\u1ecb x\u00e2m ph\u1ea1m v\u00e0 kh\u00f4ng ph\u1ea3i c\u1ee7a Sophos.<\/p>\n\n\n\n

(\u0110\u1ec3 l\u00e0m r\u00f5, \u0111\u00e2y kh\u00f4ng ph\u1ea3i l\u00e0 l\u1ea7n \u0111\u1ea7u ti\u00ean ch\u00fang t\u00f4i th\u1ea5y email l\u1eeba \u0111\u1ea3o; Nh\u00e2n vi\u00ean \u0111\u00e3 b\u1ecb nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o m\u1ed9t lo\u1ea1t v\u00e0o th\u00e1ng 2 v\u00e0 m\u1ed9t l\u1ea7n n\u1eefa v\u00e0o th\u00e1ng 5. Kh\u00e1ch h\u00e0ng \u0111\u00e3 b\u1ecb nh\u1eafm m\u1ee5c ti\u00eau b\u1edfi c\u00e1c chi\u1ebfn d\u1ecbch t\u01b0\u01a1ng t\u1ef1 trong \u00edt nh\u1ea5t m\u1ed9t n\u0103m tr\u1edf l\u1ea1i \u0111\u00e2y. X-Ops quy\u1ebft \u0111\u1ecbnh t\u1eadp trung v\u00e0o c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nh\u1eafm v\u00e0o Sophos v\u00ec ch\u00fang t\u00f4i \u0111\u01b0\u1ee3c ph\u00e9p \u0111i\u1ec1u tra v\u00e0 chia s\u1ebb ch\u00fang.)<\/p>\n\n\n\n

D\u00f2ng ti\u00eau \u0111\u1ec1 c\u1ee7a tin nh\u1eafn khi\u1ebfn ch\u00fang c\u00f3 v\u1ebb nh\u01b0 xu\u1ea5t ph\u00e1t t\u1eeb n\u1ed9i b\u1ed9 c\u00f4ng ty, d\u01b0\u1edbi d\u1ea1ng m\u1ed9t t\u00e0i li\u1ec7u \u0111\u01b0\u1ee3c g\u1eedi qua email tr\u1ef1c ti\u1ebfp t\u1eeb m\u00e1y qu\u00e9t k\u1ebft n\u1ed1i m\u1ea1ng trong v\u0103n ph\u00f2ng.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Email l\u1eeba \u0111\u1ea3o ban \u0111\u1ea7u nh\u1eafm v\u00e0o m\u1ed9t nh\u00e2n vi\u00ean Sophos c\u00f3 m\u1ed9t s\u1ed1 \u0111i\u1ec3m kh\u00f4ng nh\u1ea5t qu\u00e1n v\u00e0 l\u1ed7i, bao g\u1ed3m t\u00ean t\u1ec7p \u0111\u00ednh k\u00e8m kh\u00f4ng kh\u1edbp trong n\u1ed9i dung, thi\u1ebfu v\u0103n b\u1ea3n trong ch\u1ee7 \u0111\u1ec1 v\u00e0 n\u1ed9i dung v\u00e0 t\u00ean ng\u01b0\u1eddi g\u1eedi kh\u00f4ng kh\u1edbp v\u1edbi \u0111\u1ecbnh d\u1ea1ng th\u00f4ng th\u01b0\u1eddng c\u1ee7a c\u00f4ng ty<\/p>\n\n\n\n

M\u1ed9t d\u1ea5u hi\u1ec7u \u0111\u00e1ng ch\u00fa \u00fd l\u00e0 tin nh\u1eafn email \u0111\u01b0\u1ee3c cho l\u00e0 xu\u1ea5t ph\u00e1t t\u1eeb m\u00e1y qu\u00e9t c\u00f3 t\u00ean t\u1ec7p cho t\u00e0i li\u1ec7u trong n\u1ed9i dung tin nh\u1eafn, nh\u01b0ng trong t\u1ea5t c\u1ea3 c\u00e1c tin nh\u1eafn ch\u00fang t\u00f4i nh\u1eadn \u0111\u01b0\u1ee3c ng\u00e0y h\u00f4m \u0111\u00f3, t\u00ean t\u1ec7p n\u00e0y kh\u00f4ng kh\u1edbp v\u1edbi t\u00ean t\u1ec7p c\u1ee7a t\u00e0i li\u1ec7u \u0111\u01b0\u1ee3c \u0111\u00ednh k\u00e8m trong email.<\/p>\n\n\n\n

Ngo\u00e0i ra, m\u1ed9t trong nh\u1eefng tin nh\u1eafn c\u00f3 d\u00f2ng ti\u00eau \u0111\u1ec1 l\u00e0 \u201c\u0110\u00e3 chuy\u1ec3n ti\u1ec1n \u0111\u1ebfn\u201d, m\u00e0 m\u00e1y qu\u00e9t v\u0103n ph\u00f2ng t\u1ef1 \u0111\u1ed9ng s\u1ebd kh\u00f4ng s\u1eed d\u1ee5ng, v\u00ec \u0111\u00f3 l\u00e0 c\u00e1ch di\u1ec5n gi\u1ea3i t\u1ed5ng qu\u00e1t h\u01a1n v\u1ec1 n\u1ed9i dung c\u1ee7a t\u00e0i li\u1ec7u \u0111\u01b0\u1ee3c qu\u00e9t. Tin nh\u1eafn c\u00f2n l\u1ea1i c\u00f3 d\u00f2ng ti\u00eau \u0111\u1ec1 l\u00e0 \u201c Th\u00f4ng tin \u0111\u1ed9c quy\u1ec1n v\u1ec1 ph\u00fac l\u1ee3i vi\u1ec7c l\u00e0m v\u00e0\/ho\u1eb7c k\u1ebf ho\u1ea1ch ngh\u1ec9 h\u01b0u \u0111\u00ednh k\u00e8m=<\/em> \u201d c\u00f3 v\u1ebb nh\u01b0 b\u1ecb c\u1eaft \u1edf cu\u1ed1i.<\/p>\n\n\n\n

\"Trong<\/figure>\n\n\n\n

Trong email th\u1ee9 hai nh\u1eafm v\u00e0o m\u1ed9t nh\u00e2n vi\u00ean kh\u00e1c, t\u00ean t\u1ec7p \u0111\u00ednh k\u00e8m l\u1ea1i kh\u00f4ng kh\u1edbp v\u1edbi t\u00ean trong n\u1ed9i dung. M\u00e1y qu\u00e9t s\u1ebd t\u1ea1o d\u00f2ng ch\u1ee7 \u0111\u1ec1 \u0111\u00f3 nh\u01b0 th\u1ebf n\u00e0o?<\/p>\n\n\n\n

T\u00e0i li\u1ec7u PDF c\u00f3 logo Sophos, nh\u01b0ng ngo\u00e0i ra th\u00ec r\u1ea5t \u0111\u01a1n gi\u1ea3n. V\u0103n b\u1ea3n xu\u1ea5t hi\u1ec7n b\u00ean d\u01b0\u1edbi m\u00e3 QR c\u00f3 n\u1ed9i dung “T\u00e0i li\u1ec7u n\u00e0y s\u1ebd h\u1ebft h\u1ea1n sau 24 gi\u1edd”. N\u00f3 c\u0169ng ch\u1ec9 ra m\u00e3 QR tr\u1ecf \u0111\u1ebfn Docusign, n\u1ec1n t\u1ea3ng ch\u1eef k\u00fd h\u1ee3p \u0111\u1ed3ng \u0111i\u1ec7n t\u1eed. Nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m n\u00e0y khi\u1ebfn th\u00f4ng \u0111i\u1ec7p c\u00f3 c\u1ea3m gi\u00e1c c\u1ea5p b\u00e1ch gi\u1ea3 t\u1ea1o.<\/p>\n\n\n\n

\"T\u00e0i<\/figure>\n\n\n\n

T\u00e0i li\u1ec7u quishing g\u1ed1c \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn m\u1ed9t nh\u00e2n vi\u00ean c\u1ee7a Sophos<\/p>\n\n\n\n

Khi m\u1ee5c ti\u00eau qu\u00e9t m\u00e3 QR b\u1eb1ng \u0111i\u1ec7n tho\u1ea1i c\u1ee7a h\u1ecd, m\u1ee5c ti\u00eau \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn m\u1ed9t trang l\u1eeba \u0111\u1ea3o tr\u00f4ng gi\u1ed1ng nh\u01b0 h\u1ed9p tho\u1ea1i \u0111\u0103ng nh\u1eadp Microsoft365, nh\u01b0ng \u0111\u01b0\u1ee3c k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t. URL c\u00f3 m\u1ed9t chu\u1ed7i truy v\u1ea5n \u1edf cu\u1ed1i ch\u1ee9a \u0111\u1ecba ch\u1ec9 email \u0111\u1ea7y \u0111\u1ee7 c\u1ee7a m\u1ee5c ti\u00eau, nh\u01b0ng k\u1ef3 l\u1ea1 thay, \u0111\u1ecba ch\u1ec9 email c\u00f3 m\u1ed9t ch\u1eef c\u00e1i vi\u1ebft hoa ng\u1eabu nhi\u00ean, kh\u00e1c bi\u1ec7t \u0111\u01b0\u1ee3c th\u00eam v\u00e0o tr\u01b0\u1edbc \u0111\u1ecba ch\u1ec9.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/figure>

M\u00e3 QR \u0111\u01b0\u1ee3c li\u00ean k\u1ebft \u0111\u1ebfn m\u1ed9t t\u00ean mi\u1ec1n \u0111\u01b0\u1ee3c Cloudflare b\u1ea3o v\u1ec7 v\u00e0 ch\u1ee9a \u0111\u1ecba ch\u1ec9 email c\u1ee7a m\u1ee5c ti\u00eau, \u0111\u01b0\u1ee3c th\u00eam m\u1ed9t ch\u1eef c\u00e1i in hoa kh\u00f4ng mong mu\u1ed1n<\/p><\/p>\n\n\n\n

Trang n\u00e0y \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 \u0111\u00e1nh c\u1eafp c\u1ea3 th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 ph\u1ea3n h\u1ed3i MFA b\u1eb1ng m\u1ed9t k\u1ef9 thu\u1eadt \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 K\u1ebb th\u00f9 \u1edf gi\u1eefa<\/a> (AiTM).<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n


Trang l\u1eeba \u0111\u1ea3o \u0111\u00e3 l\u1ea5y \u0111\u01b0\u1ee3c c\u1ea3 m\u1eadt kh\u1ea9u \u0111\u0103ng nh\u1eadp v\u00e0 m\u00e3 th\u00f4ng b\u00e1o MFA do m\u1ee5c ti\u00eau nh\u1eadp v\u00e0o v\u00e0 tr\u00f4ng gi\u1ed1ng h\u1ec7t h\u1ed9p tho\u1ea1i \u0111\u0103ng nh\u1eadp Microsoft365 chu\u1ea9n<\/p><\/p>\n\n\n\n

URL \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong cu\u1ed9c t\u1ea5n c\u00f4ng kh\u00f4ng \u0111\u01b0\u1ee3c Sophos bi\u1ebft \u0111\u1ebfn v\u00e0o th\u1eddi \u0111i\u1ec3m email \u0111\u1ebfn. Trong m\u1ecdi tr\u01b0\u1eddng h\u1ee3p, \u0111i\u1ec7n tho\u1ea1i di \u0111\u1ed9ng c\u1ee7a m\u1ee5c ti\u00eau kh\u00f4ng \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t t\u00ednh n\u0103ng n\u00e0o c\u00f3 th\u1ec3 l\u1ecdc l\u01b0\u1ee3t truy c\u1eadp v\u00e0o m\u1ed9t trang web \u0111\u1ed9c h\u1ea1i \u0111\u00e3 bi\u1ebft, ch\u1ee9 \u0111\u1eebng n\u00f3i \u0111\u1ebfn trang web n\u00e0y, v\u1ed1n kh\u00f4ng c\u00f3 l\u1ecbch s\u1eed uy t\u00edn n\u00e0o li\u00ean quan \u0111\u1ebfn trang web n\u00e0y v\u00e0o th\u1eddi \u0111i\u1ec3m \u0111\u00f3.<\/p>\n\n\n\n

Cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u00e3 x\u00e2m ph\u1ea1m th\u00e0nh c\u00f4ng th\u00f4ng tin x\u00e1c th\u1ef1c c\u1ee7a nh\u00e2n vi\u00ean v\u00e0 m\u00e3 th\u00f4ng b\u00e1o MFA th\u00f4ng qua ph\u01b0\u01a1ng ph\u00e1p n\u00e0y. Sau \u0111\u00f3, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 c\u1ed1 g\u1eafng s\u1eed d\u1ee5ng th\u00f4ng tin n\u00e0y \u0111\u1ec3 truy c\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng n\u1ed9i b\u1ed9 b\u1eb1ng c\u00e1ch chuy\u1ec3n ti\u1ebfp th\u00e0nh c\u00f4ng m\u00e3 th\u00f4ng b\u00e1o MFA b\u1ecb \u0111\u00e1nh c\u1eafp g\u1ea7n nh\u01b0 theo th\u1eddi gian th\u1ef1c, \u0111\u00e2y l\u00e0 m\u1ed9t c\u00e1ch m\u1edbi \u0111\u1ec3 l\u00e1ch y\u00eau c\u1ea7u MFA m\u00e0 ch\u00fang t\u00f4i th\u1ef1c thi.<\/p>\n\n\n\n

C\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t n\u1ed9i b\u1ed9 \u0111\u1ed1i v\u1edbi c\u00e1c kh\u00eda c\u1ea1nh kh\u00e1c v\u1ec1 c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a quy tr\u00ecnh \u0111\u0103ng nh\u1eadp m\u1ea1ng \u0111\u00e3 ng\u0103n ch\u1eb7n k\u1ebb t\u1ea5n c\u00f4ng truy c\u1eadp v\u00e0o b\u1ea5t k\u1ef3 th\u00f4ng tin ho\u1eb7c t\u00e0i s\u1ea3n n\u1ed9i b\u1ed9 n\u00e0o.<\/p>\n\n\n\n

Nh\u01b0 ch\u00fang t\u00f4i \u0111\u00e3 \u0111\u1ec1 c\u1eadp tr\u01b0\u1edbc \u0111\u00f3, lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0y \u0111ang tr\u1edf n\u00ean ph\u1ed5 bi\u1ebfn h\u01a1n trong s\u1ed1 kh\u00e1ch h\u00e0ng c\u1ee7a ch\u00fang t\u00f4i. M\u1ed7i ng\u00e0y, ch\u00fang t\u00f4i nh\u1eadn \u0111\u01b0\u1ee3c nhi\u1ec1u m\u1eabu PDF quishing m\u1edbi nh\u1eafm v\u00e0o c\u00e1c nh\u00e2n vi\u00ean c\u1ee5 th\u1ec3 t\u1ea1i c\u00e1c t\u1ed5 ch\u1ee9c.<\/p>\n\n\n\n

\"M\u1ed9t<\/figure>\n\n\n\n

M\u1ed9t t\u1ec7p PDF b\u1ecb \u0111\u00e1nh c\u1eafp nh\u1eadn \u0111\u01b0\u1ee3c v\u00e0o tu\u1ea7n tr\u01b0\u1edbc khi xu\u1ea5t b\u1ea3n b\u00e0i vi\u1ebft n\u00e0y, nh\u1eafm v\u00e0o m\u1ed9t kh\u00e1ch h\u00e0ng c\u1ee7a Sophos, c\u00f3 v\u1ebb nh\u01b0 l\u00e0 m\u1ed9t li\u00ean k\u1ebft \u0111\u1ebfn s\u1ed5 tay nh\u00e2n vi\u00ean v\u00e0 bao g\u1ed3m t\u00ean doanh nghi\u1ec7p, th\u01b0\u01a1ng hi\u1ec7u c\u1ee7a kh\u00e1ch h\u00e0ng, t\u00ean v\u00e0 \u0111\u1ecba ch\u1ec9 email c\u1ee7a m\u1ee5c ti\u00eau.<\/p>\n\n\n\n

Quishing nh\u01b0 m\u1ed9t d\u1ecbch v\u1ee5<\/strong><\/p>\n\n\n\n

C\u00e1c m\u1ee5c ti\u00eau nh\u1eadn \u0111\u01b0\u1ee3c email do m\u1ed9t t\u00e1c nh\u00e2n \u0111e d\u1ecda g\u1eedi \u0111i r\u1ea5t gi\u1ed1ng v\u1edbi c\u00e1c tin nh\u1eafn t\u01b0\u01a1ng t\u1ef1 \u0111\u01b0\u1ee3c g\u1eedi b\u1eb1ng n\u1ec1n t\u1ea3ng d\u1ecbch v\u1ee5 l\u1eeba \u0111\u1ea3o (PhaaS) c\u00f3 t\u00ean l\u00e0 ONNX Store<\/a> , m\u00e0 m\u1ed9t s\u1ed1 nh\u00e0 nghi\u00ean c\u1ee9u kh\u1eb3ng \u0111\u1ecbnh l\u00e0 phi\u00ean b\u1ea3n \u0111\u1ed5i t\u00ean c\u1ee7a b\u1ed9 c\u00f4ng c\u1ee5 l\u1eeba \u0111\u1ea3o Caffeine<\/a> . ONNX Store cung c\u1ea5p c\u00e1c c\u00f4ng c\u1ee5 v\u00e0 c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng \u0111\u1ec3 ch\u1ea1y c\u00e1c chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o v\u00e0 c\u00f3 th\u1ec3 truy c\u1eadp th\u00f4ng qua bot Telegram.<\/p>\n\n\n\n

C\u1eeda h\u00e0ng ONNX t\u1eadn d\u1ee5ng c\u00e1c t\u00ednh n\u0103ng CAPTCHA ch\u1ed1ng bot v\u00e0 proxy \u0111\u1ecba ch\u1ec9 IP c\u1ee7a Cloudflare \u0111\u1ec3 g\u00e2y kh\u00f3 kh\u0103n h\u01a1n cho c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u trong vi\u1ec7c x\u00e1c \u0111\u1ecbnh c\u00e1c trang web \u0111\u1ed9c h\u1ea1i, l\u00e0m gi\u1ea3m hi\u1ec7u qu\u1ea3 c\u1ee7a c\u00e1c c\u00f4ng c\u1ee5 qu\u00e9t t\u1ef1 \u0111\u1ed9ng v\u00e0 l\u00e0m lu m\u1edd nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 l\u01b0u tr\u1eef c\u01a1 b\u1ea3n.<\/p>\n\n\n\n

C\u1eeda h\u00e0ng ONNX c\u0169ng s\u1eed d\u1ee5ng m\u00e3 JavaScript \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a c\u00f3 kh\u1ea3 n\u0103ng t\u1ef1 gi\u1ea3i m\u00e3 trong qu\u00e1 tr\u00ecnh t\u1ea3i trang web, cung c\u1ea5p th\u00eam m\u1ed9t l\u1edbp b\u1ea3o m\u1eadt \u0111\u1ec3 ch\u1ed1ng l\u1ea1i c\u00e1c tr\u00ecnh qu\u00e9t ch\u1ed1ng l\u1eeba \u0111\u1ea3o.<\/p>\n\n\n\n

\u0110\u00e1nh b\u1ea1i m\u1ed1i \u0111e d\u1ecda \u0111ang gia t\u0103ng<\/strong><\/p>\n\n\n\n

Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o s\u1eed d\u1ee5ng m\u00e3 QR c\u00f3 th\u1ec3 mu\u1ed1n b\u1ecf qua c\u00e1c lo\u1ea1i t\u00ednh n\u0103ng b\u1ea3o v\u1ec7 m\u1ea1ng trong ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt \u0111i\u1ec3m cu\u1ed1i c\u00f3 th\u1ec3 ch\u1ea1y tr\u00ean m\u00e1y t\u00ednh. M\u1ed9t n\u1ea1n nh\u00e2n ti\u1ec1m n\u0103ng c\u00f3 th\u1ec3 nh\u1eadn \u0111\u01b0\u1ee3c tin nh\u1eafn l\u1eeba \u0111\u1ea3o tr\u00ean m\u00e1y t\u00ednh, nh\u01b0ng c\u00f3 nhi\u1ec1u kh\u1ea3 n\u0103ng s\u1ebd truy c\u1eadp trang l\u1eeba \u0111\u1ea3o tr\u00ean \u0111i\u1ec7n tho\u1ea1i \u00edt \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 c\u1ee7a h\u1ecd.<\/p>\n\n\n\n

V\u00ec m\u00e3 QR th\u01b0\u1eddng \u0111\u01b0\u1ee3c qu\u00e9t b\u1eb1ng thi\u1ebft b\u1ecb di \u0111\u1ed9ng th\u1ee9 c\u1ea5p n\u00ean c\u00e1c URL m\u00e0 m\u1ecdi ng\u01b0\u1eddi truy c\u1eadp c\u00f3 th\u1ec3 v\u01b0\u1ee3t qua c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng v\u1ec7 truy\u1ec1n th\u1ed1ng, ch\u1eb3ng h\u1ea1n nh\u01b0 ch\u1eb7n URL tr\u00ean m\u00e1y t\u00ednh \u0111\u1ec3 b\u00e0n ho\u1eb7c m\u00e1y t\u00ednh x\u00e1ch tay c\u00f3 c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m b\u1ea3o v\u1ec7 \u0111i\u1ec3m cu\u1ed1i ho\u1eb7c k\u1ebft n\u1ed1i th\u00f4ng qua t\u01b0\u1eddng l\u1eeda ch\u1eb7n c\u00e1c \u0111\u1ecba ch\u1ec9 web \u0111\u1ed9c h\u1ea1i \u0111\u00e3 bi\u1ebft.<\/p>\n\n\n\n

Ch\u00fang t\u00f4i \u0111\u00e3 d\u00e0nh kh\u00e1 nhi\u1ec1u th\u1eddi gian \u0111\u1ec3 nghi\u00ean c\u1ee9u b\u1ed9 s\u01b0u t\u1eadp m\u1eabu th\u01b0 r\u00e1c c\u1ee7a m\u00ecnh \u0111\u1ec3 t\u00ecm ra c\u00e1c v\u00ed d\u1ee5 kh\u00e1c v\u1ec1 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng quishing. Ch\u00fang t\u00f4i th\u1ea5y r\u1eb1ng kh\u1ed1i l\u01b0\u1ee3ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nh\u1eafm v\u00e0o vect\u01a1 \u0111e d\u1ecda c\u1ee5 th\u1ec3 n\u00e0y d\u01b0\u1eddng nh\u01b0 \u0111ang t\u0103ng l\u00ean c\u1ea3 v\u1ec1 kh\u1ed1i l\u01b0\u1ee3ng v\u00e0 m\u1ee9c \u0111\u1ed9 tinh vi c\u1ee7a giao di\u1ec7n t\u00e0i li\u1ec7u PDF.<\/p>\n\n\n\n

B\u1ed9 t\u1ec7p \u0111\u00ednh k\u00e8m ban \u0111\u1ea7u v\u00e0o th\u00e1ng 6 l\u00e0 c\u00e1c t\u00e0i li\u1ec7u kh\u00e1 \u0111\u01a1n gi\u1ea3n, ch\u1ec9 c\u00f3 m\u1ed9t logo \u1edf tr\u00ean c\u00f9ng, m\u1ed9t m\u00e3 QR v\u00e0 m\u1ed9t \u00edt v\u0103n b\u1ea3n nh\u1eb1m t\u1ea1o c\u1ea3m gi\u00e1c c\u1ea5p b\u00e1ch \u0111\u1ec3 truy c\u1eadp v\u00e0o URL \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a trong kh\u1ed1i m\u00e3 QR.<\/p>\n\n\n\n

Tuy nhi\u00ean, trong su\u1ed1t m\u00f9a h\u00e8, c\u00e1c m\u1eabu \u0111\u00e3 tr\u1edf n\u00ean tinh t\u1ebf h\u01a1n, v\u1edbi s\u1ef1 nh\u1ea5n m\u1ea1nh h\u01a1n v\u00e0o thi\u1ebft k\u1ebf \u0111\u1ed3 h\u1ecda v\u00e0 giao di\u1ec7n c\u1ee7a n\u1ed9i dung hi\u1ec3n th\u1ecb trong PDF. C\u00e1c t\u00e0i li\u1ec7u Quishing hi\u1ec7n tr\u00f4ng tinh t\u1ebf h\u01a1n so v\u1edbi nh\u1eefng g\u00ec ch\u00fang ta th\u1ea5y ban \u0111\u1ea7u, v\u1edbi v\u0103n b\u1ea3n ti\u00eau \u0111\u1ec1 v\u00e0 ch\u00e2n trang \u0111\u01b0\u1ee3c t\u00f9y ch\u1ec9nh \u0111\u1ec3 nh\u00fang t\u00ean c\u1ee7a c\u00e1 nh\u00e2n m\u1ee5c ti\u00eau (ho\u1eb7c \u00edt nh\u1ea5t l\u00e0 theo t\u00ean ng\u01b0\u1eddi d\u00f9ng cho t\u00e0i kho\u1ea3n email c\u1ee7a h\u1ecd) v\u00e0\/ho\u1eb7c t\u1ed5 ch\u1ee9c m\u1ee5c ti\u00eau n\u01a1i h\u1ecd l\u00e0m vi\u1ec7c b\u00ean trong PDF.<\/p>\n\n\n\n

\"M\u1ed9t<\/figure>\n\n\n\n

M\u1ed9t trong nh\u1eefng t\u00e0i li\u1ec7u quishing tr\u00f4ng chuy\u00ean nghi\u1ec7p h\u01a1n<\/p>\n\n\n\n

M\u00e3 QR c\u1ef1c k\u1ef3 linh ho\u1ea1t v\u00e0 m\u1ed9t ph\u1ea7n th\u00f4ng s\u1ed1 k\u1ef9 thu\u1eadt c\u1ee7a m\u00e3 QR c\u00f3 ngh\u0129a l\u00e0 c\u00f3 th\u1ec3 nh\u00fang \u0111\u1ed3 h\u1ecda<\/a> v\u00e0o gi\u1eefa kh\u1ed1i m\u00e3 QR.<\/p>\n\n\n\n

M\u1ed9t s\u1ed1 m\u00e3 QR trong c\u00e1c t\u00e0i li\u1ec7u gi\u1ea3 m\u1ea1o g\u1ea7n \u0111\u00e2y \u0111\u00e3 l\u1ea1m d\u1ee5ng th\u01b0\u01a1ng hi\u1ec7u Docusign nh\u01b0 m\u1ed9t th\u00e0nh ph\u1ea7n \u0111\u1ed3 h\u1ecda trong kh\u1ed1i m\u00e3 QR, gian l\u1eadn b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng uy t\u00edn c\u1ee7a c\u00f4ng ty \u0111\u00f3 \u0111\u1ec3 l\u1eeba \u0111\u1ea3o ng\u01b0\u1eddi d\u00f9ng.<\/p>\n\n\n\n

\u0110\u1ec3 r\u00f5 r\u00e0ng, Docusign kh\u00f4ng g\u1eedi email li\u00ean k\u1ebft m\u00e3 QR cho kh\u00e1ch h\u00e0ng ho\u1eb7c kh\u00e1ch h\u00e0ng \u0111ang k\u00fd t\u00e0i li\u1ec7u. Theo s\u00e1ch tr\u1eafng Ch\u1ed1ng l\u1eeba \u0111\u1ea3o c\u1ee7a DocuSign<\/a> (PDF), th\u01b0\u01a1ng hi\u1ec7u c\u1ee7a c\u00f4ng ty b\u1ecb l\u1ea1m d\u1ee5ng th\u01b0\u1eddng xuy\u00ean \u0111\u1ebfn m\u1ee9c c\u00f4ng ty \u0111\u00e3 thi\u1ebft l\u1eadp c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt trong email th\u00f4ng b\u00e1o c\u1ee7a m\u00ecnh<\/a> .<\/p>\n\n\n\n

\"M\u1ed9t<\/figure>\n\n\n\n

M\u1ed9t t\u1ec7p PDF gi\u1ea3 m\u1ea1o c\u00f3 t\u00ean ng\u01b0\u1eddi d\u00f9ng email c\u1ee7a m\u1ee5c ti\u00eau \u0111\u01b0\u1ee3c nh\u00fang v\u00e0o t\u00e0i li\u1ec7u, c\u0169ng nh\u01b0 t\u00ean c\u00f4ng ty n\u01a1i h\u1ecd l\u00e0m vi\u1ec7c v\u00e0 \u0111\u1ecba ch\u1ec9 email \u0111\u1ea7y \u0111\u1ee7 c\u1ee7a h\u1ecd trong ph\u1ea7n v\u0103n b\u1ea3n ch\u00e2n trang v\u00e0 logo DocuSign \u1edf gi\u1eefa m\u00e3 QR<\/p>\n\n\n\n

\u0110\u1ec3 r\u00f5 r\u00e0ng, s\u1ef1 hi\u1ec7n di\u1ec7n c\u1ee7a logo n\u00e0y b\u00ean trong m\u00e3 QR kh\u00f4ng th\u1ec3 truy\u1ec1n t\u1ea3i b\u1ea5t k\u1ef3 t\u00ednh h\u1ee3p ph\u00e1p n\u00e0o cho li\u00ean k\u1ebft m\u00e0 n\u00f3 tr\u1ecf \u0111\u1ebfn v\u00e0 kh\u00f4ng n\u00ean mang l\u1ea1i cho n\u00f3 b\u1ea5t k\u1ef3 \u0111\u1ed9 tin c\u1eady n\u00e0o. N\u00f3 ch\u1ec9 l\u00e0 m\u1ed9t t\u00ednh n\u0103ng thi\u1ebft k\u1ebf c\u1ee7a th\u00f4ng s\u1ed1 k\u1ef9 thu\u1eadt m\u00e3 QR, r\u1eb1ng \u0111\u1ed3 h\u1ecda c\u00f3 th\u1ec3 xu\u1ea5t hi\u1ec7n \u1edf gi\u1eefa ch\u00fang.<\/p>\n\n\n\n

\u0110\u1ecbnh d\u1ea1ng c\u1ee7a li\u00ean k\u1ebft m\u00e0 m\u00e3 QR tr\u1ecf \u0111\u1ebfn c\u0169ng \u0111\u00e3 ph\u00e1t tri\u1ec3n. Trong khi nhi\u1ec1u URL d\u01b0\u1eddng nh\u01b0 tr\u1ecf \u0111\u1ebfn c\u00e1c t\u00ean mi\u1ec1n th\u00f4ng th\u01b0\u1eddng \u0111ang \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho m\u1ee5c \u0111\u00edch x\u1ea5u, k\u1ebb t\u1ea5n c\u00f4ng c\u0169ng \u0111ang t\u1eadn d\u1ee5ng nhi\u1ec1u k\u1ef9 thu\u1eadt chuy\u1ec3n h\u01b0\u1edbng kh\u00e1c nhau \u0111\u1ec3 che gi\u1ea5u URL \u0111\u00edch.<\/p>\n\n\n\n

\"M\u1ed9t<\/figure>\n\n\n\n

M\u1ed9t nh\u00e2n vi\u00ean c\u1ee7a Sophos \u0111\u00e3 nh\u1eadn \u0111\u01b0\u1ee3c t\u1ec7p PDF n\u00e0y v\u00e0o th\u00e1ng 9 n\u0103m 2024. T\u1ec7p PDF n\u00e0y tham chi\u1ebfu \u0111\u1ebfn \u0111\u1ecba ch\u1ec9 email c\u1ee7a h\u1ecd v\u00e0 ghi “\u0110\u00e2y l\u00e0 th\u00f4ng b\u00e1o d\u1ecbch v\u1ee5 b\u1eaft bu\u1ed9c” \u1edf \u0111\u1ea7u v\u00e0 s\u1eed d\u1ee5ng ng\u1eef ph\u00e1p k\u1ef3 l\u1ea1 \u1edf nh\u1eefng n\u01a1i kh\u00e1c<\/p>\n\n\n\n

V\u00ed d\u1ee5, m\u1ed9t email l\u1eeba \u0111\u1ea3o \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn m\u1ed9t nh\u00e2n vi\u00ean Sophos kh\u00e1c trong th\u00e1ng qua \u0111\u00e3 li\u00ean k\u1ebft \u0111\u1ebfn m\u1ed9t li\u00ean k\u1ebft Google \u0111\u01b0\u1ee3c \u0111\u1ecbnh d\u1ea1ng kh\u00e9o l\u00e9o, khi nh\u1ea5p v\u00e0o, s\u1ebd chuy\u1ec3n h\u01b0\u1edbng kh\u00e1ch truy c\u1eadp \u0111\u1ebfn trang web l\u1eeba \u0111\u1ea3o. Th\u1ef1c hi\u1ec7n tra c\u1ee9u URL trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y s\u1ebd d\u1eabn \u0111\u1ebfn trang web \u0111\u01b0\u1ee3c li\u00ean k\u1ebft tr\u1ef1c ti\u1ebfp t\u1eeb m\u00e3 QR (google.com) \u0111\u01b0\u1ee3c ph\u00e2n lo\u1ea1i l\u00e0 an to\u00e0n. Ch\u00fang t\u00f4i c\u0169ng \u0111\u00e3 th\u1ea5y c\u00e1c li\u00ean k\u1ebft tr\u1ecf \u0111\u1ebfn c\u00e1c d\u1ecbch v\u1ee5 li\u00ean k\u1ebft ng\u1eafn \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng b\u1edfi nhi\u1ec1u trang web h\u1ee3p ph\u00e1p kh\u00e1c.<\/p>\n\n\n\n

\"M\u00e3<\/figure>\n\n\n\n

M\u00e3 QR tr\u1ecf \u0111\u1ebfn m\u1ed9t URL c\u1ee7a Google qu\u00e1 d\u00e0i \u0111\u1ec3 c\u00f3 th\u1ec3 xem to\u00e0n b\u1ed9 t\u1eeb trong \u1ee9ng d\u1ee5ng camera tr\u00ean \u0111i\u1ec7n tho\u1ea1i v\u00e0 s\u1ebd chuy\u1ec3n h\u01b0\u1edbng ng\u01b0\u1eddi d\u00f9ng \u0111\u1ebfn trang web l\u1eeba \u0111\u1ea3o n\u1ebfu m\u1edf<\/p>\n\n\n\n

B\u1ea5t k\u1ef3 gi\u1ea3i ph\u00e1p n\u00e0o c\u00f3 m\u1ee5c \u0111\u00edch ch\u1eb7n v\u00e0 d\u1eebng vi\u1ec7c t\u1ea3i c\u00e1c trang web l\u1eeba \u0111\u1ea3o \u0111\u1ec1u ph\u1ea3i gi\u1ea3i quy\u1ebft \u0111\u01b0\u1ee3c b\u00e0i to\u00e1n theo d\u00f5i chu\u1ed7i chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn \u0111\u00edch cu\u1ed1i c\u00f9ng, sau \u0111\u00f3 th\u1ef1c hi\u1ec7n ki\u1ec3m tra uy t\u00edn c\u1ee7a trang web \u0111\u00f3, c\u00f9ng v\u1edbi vi\u1ec7c gi\u1ea3i quy\u1ebft th\u00eam s\u1ef1 ph\u1ee9c t\u1ea1p c\u1ee7a nh\u1eefng k\u1ebb l\u1eeba \u0111\u1ea3o v\u00e0 k\u1ebb l\u1eeba \u0111\u1ea3o \u1ea9n trang web c\u1ee7a ch\u00fang \u0111\u1eb1ng sau c\u00e1c d\u1ecbch v\u1ee5 nh\u01b0 CloudFlare.<\/p>\n\n\n\n

Email l\u1eeba \u0111\u1ea3o g\u1ea7n \u0111\u00e2y nh\u1ea5t \u0111\u01b0\u1ee3c g\u1eedi t\u1edbi m\u1ed9t nh\u00e2n vi\u00ean c\u1ee7a Sophos c\u00f3 t\u1ec7p \u0111\u00ednh k\u00e8m PDF v\u1edbi n\u1ed9i dung kh\u00e1 m\u1ec9a mai \u2013 n\u00f3 c\u00f3 v\u1ebb nh\u01b0 \u0111\u01b0\u1ee3c g\u1eedi b\u1edfi m\u1ed9t c\u00f4ng ty c\u00f3 ho\u1ea1t \u0111\u1ed9ng kinh doanh ch\u00ednh l\u00e0 \u0111\u00e0o t\u1ea1o v\u00e0 d\u1ecbch v\u1ee5 ch\u1ed1ng l\u1eeba \u0111\u1ea3o.<\/p>\n\n\n\n

T\u1ec7p PDF \u0111\u00ednh k\u00e8m trong email l\u1eeba \u0111\u1ea3o g\u1ea7n \u0111\u00e2y nh\u1eafm v\u00e0o Sophos c\u00f3 th\u00f4ng tin ch\u00e2n trang d\u01b0\u1eddng nh\u01b0 b\u1eaft ch\u01b0\u1edbc c\u00e1c th\u00f4ng b\u00e1o ph\u00e1p l\u00fd t\u1eeb m\u1ed9t c\u00f4ng ty c\u00f3 t\u00ean l\u00e0 Egress, m\u1ed9t c\u00f4ng ty con c\u1ee7a c\u00f4ng ty \u0111\u00e0o t\u1ea1o ch\u1ed1ng l\u1eeba \u0111\u1ea3o KnowBe4. Tuy nhi\u00ean, t\u00ean mi\u1ec1n m\u00e0 m\u00e3 QR tr\u1ecf \u0111\u1ebfn thu\u1ed9c v\u1ec1 m\u1ed9t c\u00f4ng ty t\u01b0 v\u1ea5n c\u1ee7a Brazil kh\u00f4ng li\u00ean quan g\u00ec \u0111\u1ebfn KnowBe4. C\u00f3 v\u1ebb nh\u01b0 trang web c\u1ee7a c\u00e1c nh\u00e0 t\u01b0 v\u1ea5n \u0111\u00e3 b\u1ecb x\u00e2m ph\u1ea1m v\u00e0 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 l\u01b0u tr\u1eef m\u1ed9t trang l\u1eeba \u0111\u1ea3o.<\/p>\n\n\n\n

\"M\u1ed9t<\/figure>\n\n\n\n

M\u1ed9t t\u00e0i li\u1ec7u l\u1eeba \u0111\u1ea3o s\u1eed d\u1ee5ng ng\u00f4n ng\u1eef ph\u00e1p l\u00fd ng\u1ee5 \u00fd r\u1eb1ng n\u00f3 xu\u1ea5t ph\u00e1t t\u1eeb m\u1ed9t c\u00f4ng ty \u0111\u00e0o t\u1ea1o ch\u1ed1ng l\u1eeba \u0111\u1ea3o v\u00e0 \u0111\u01b0\u1ee3c “H\u1ed7 tr\u1ee3 b\u1edfi Sophos(c)”<\/p>\n\n\n\n

Tin nh\u1eafn \u0111\u00f3 c\u0169ng ch\u1ee9a n\u1ed9i dung ch\u00ednh khi\u1ebfn n\u00f3 c\u00f3 v\u1ebb nh\u01b0 l\u00e0 m\u1ed9t tin nh\u1eafn t\u1ef1 \u0111\u1ed9ng, m\u1eb7c d\u00f9 c\u00f3 m\u1ed9t s\u1ed1 l\u1ed7i ch\u00ednh t\u1ea3 v\u00e0 l\u1ed7i r\u1ea5t k\u1ef3 l\u1ea1. Gi\u1ed1ng nh\u01b0 c\u00e1c tin nh\u1eafn tr\u01b0\u1edbc, n\u1ed9i dung ch\u00ednh ch\u1ec9 ra t\u00ean t\u1ec7p cho t\u1ec7p \u0111\u00ednh k\u00e8m kh\u00f4ng kh\u1edbp v\u1edbi t\u00ean t\u1ec7p \u0111\u00ednh k\u00e8m trong email.<\/p>\n\n\n\n

\"Email<\/figure>\n\n\n\n

Email sau \u0111\u00f3 c\u00f3 n\u1ed9i dung “m\u1ecdi th\u1eafc m\u1eafc xin g\u1eedi \u0111\u1ebfn ng\u01b0\u1eddi li\u00ean h\u1ec7 Wayne Center c\u1ee7a b\u1ea1n”, c\u00f3 l\u1ebd l\u00e0 Batman<\/p>\n\n\n\n

Chi\u1ebfn thu\u1eadt MITRE ATT&CK \u0111\u01b0\u1ee3c quan s\u00e1t<\/strong><\/p>\n\n\n\n

Chi\u1ebfn thu\u1eadt ATT&CK<\/strong><\/td>K\u1ef9 thu\u1eadt ATT&CK<\/strong><\/td><\/tr>
TRUY C\u1eacP BAN \u0110\u1ea6U<\/td>Phishing:: T\u1ec7p \u0111\u00ednh k\u00e8m Spear Phishing [T1566.001]<\/a><\/td><\/tr>
TH\u1ef0C HI\u1ec6N<\/td>Th\u1ef1c hi\u1ec7n c\u1ee7a ng\u01b0\u1eddi d\u00f9ng:: Li\u00ean k\u1ebft \u0111\u1ed9c h\u1ea1i [T1204.001]<\/a><\/td><\/tr>
TRUY C\u1eacP TH\u00d4NG TIN<\/td>\u0110\u00e1nh c\u1eafp Cookie phi\u00ean web [T1539]<\/a><\/td><\/tr>
<\/td>K\u1ebb th\u00f9 \u1edf gi\u1eefa [T1557]<\/a><\/td><\/tr>
<\/td>Ch\u1ee5p \u0111\u1ea7u v\u00e0o:: Ch\u1ee5p c\u1ed5ng th\u00f4ng tin web [T1056.003]<\/a><\/td><\/tr>
PH\u00d2NG TH\u1ee6 TR\u00c1NH TR\u00c1NH<\/td>M\u1ea1o danh [T1656]<\/a><\/td><\/tr>
<\/td>T\u1ec7p ho\u1eb7c th\u00f4ng tin b\u1ecb che gi\u1ea5u [T1027]<\/a><\/td><\/tr>
CH\u1ec8 HUY V\u00c0 KI\u1ec2M SO\u00c1T<\/td>M\u00e3 h\u00f3a d\u1eef li\u1ec7u: M\u00e3 h\u00f3a ti\u00eau chu\u1ea9n [T1132.001]<\/a><\/td><\/tr>
<\/td>Proxy: M\u1eb7t ti\u1ec1n t\u00ean mi\u1ec1n [T1090.004]<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Khuy\u1ebfn ngh\u1ecb v\u00e0 h\u01b0\u1edbng d\u1eabn cho qu\u1ea3n tr\u1ecb vi\u00ean CNTT<\/strong><\/p>\n\n\n\n

N\u1ebfu b\u1ea1n \u0111ang ph\u1ea3i \u0111\u1ed1i ph\u00f3 v\u1edbi m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o s\u1eed d\u1ee5ng m\u00e3 QR t\u01b0\u01a1ng t\u1ef1 trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p, ch\u00fang t\u00f4i c\u00f3 m\u1ed9t s\u1ed1 g\u1ee3i \u00fd v\u1ec1 c\u00e1ch \u0111\u1ed1i ph\u00f3 v\u1edbi c\u00e1c lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0y.<\/p>\n\n\n\n