{"id":6963,"date":"2023-07-21T09:56:07","date_gmt":"2023-07-21T02:56:07","guid":{"rendered":"https:\/\/vacif.com\/?p=6963"},"modified":"2023-07-21T09:56:07","modified_gmt":"2023-07-21T02:56:07","slug":"cc-server-la-gi-cach-phat-hien-va-phong-chong","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/cc-server-la-gi-cach-phat-hien-va-phong-chong\/","title":{"rendered":"C&C SERVER L\u00c0 G\u00cc? C\u00c1CH PH\u00c1T HI\u1ec6N V\u00c0 PH\u00d2NG CH\u1ed0NG."},"content":{"rendered":"\n

1.Kh\u00e1i ni\u1ec7m C&C Server l\u00e0 g\u00ec? <\/strong><\/p>\n\n\n\n

C&C (Command and Control) Server l\u00e0 m\u1ed9t thu\u1eadt ng\u1eef trong l\u0129nh v\u1ef1c b\u1ea3o m\u1eadt m\u1ea1ng v\u00e0 an ninh th\u00f4ng tin. N\u00f3 th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 ch\u1ec9 m\u1ed9t m\u00e1y ch\u1ee7 ho\u1eb7c m\u1ed9t nh\u00f3m m\u00e1y ch\u1ee7 \u0111\u1eb7c bi\u1ec7t trong h\u1ec7 th\u1ed1ng t\u1ea5n c\u00f4ng, n\u01a1i m\u00e0 k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111i\u1ec1u khi\u1ec3n c\u00e1c thi\u1ebft b\u1ecb ho\u1eb7c m\u00e1y t\u00ednh \u0111\u00e3 b\u1ecb nhi\u1ec5m m\u00e3 \u0111\u1ed9c ho\u1eb7c malware.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

M\u1ee5c ti\u00eau ch\u00ednh c\u1ee7a C&C Server l\u00e0 thi\u1ebft l\u1eadp m\u1ed9t k\u1ebft n\u1ed1i li\u00ean t\u1ee5c v\u00e0 \u1ea9n danh gi\u1eefa m\u00e1y t\u00ednh b\u1ecb nhi\u1ec5m malware v\u00e0 k\u1ebb t\u1ea5n c\u00f4ng, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111i\u1ec1u khi\u1ec3n v\u00e0 gi\u00e1m s\u00e1t c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a c\u00e1c thi\u1ebft b\u1ecb b\u1ecb nhi\u1ec5m.<\/p>\n\n\n\n

Khi h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n b\u1ecb t\u1ea5n c\u00f4ng C&C (Command and Control) Server, c\u00f3 m\u1ed9t s\u1ed1 bi\u1ec3u hi\u1ec7n v\u00e0 d\u1ea5u hi\u1ec7u m\u00e0 b\u1ea1n c\u00f3 th\u1ec3 nh\u1eadn th\u1ea5y \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh r\u1eb1ng h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 \u0111\u00e3 b\u1ecb nhi\u1ec5m malware ho\u1eb7c \u0111ang b\u1ecb ki\u1ec3m so\u00e1t t\u1eeb xa b\u1edfi k\u1ebb t\u1ea5n c\u00f4ng. M\u1ed9t s\u1ed1 bi\u1ec3u hi\u1ec7n ch\u00ednh nh\u01b0:<\/p>\n\n\n\n

Hi\u1ec7u n\u0103ng m\u00e1y t\u00ednh gi\u1ea3m:<\/strong> N\u1ebfu h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n \u0111\u1ed9t nhi\u00ean ch\u1ea1y ch\u1eadm ho\u1eb7c c\u00f3 hi\u1ec7u n\u0103ng k\u00e9m \u0111\u1ed9t ng\u1ed9t m\u00e0 kh\u00f4ng c\u00f3 l\u00fd do r\u00f5 r\u00e0ng, \u0111\u00f3 c\u00f3 th\u1ec3 l\u00e0 m\u1ed9t d\u1ea5u hi\u1ec7u c\u1ee7a vi\u1ec7c h\u1ec7 th\u1ed1ng b\u1ecb nhi\u1ec5m malware ho\u1eb7c b\u1ecb ki\u1ec3m so\u00e1t t\u1eeb xa.<\/p>\n\n\n\n

M\u00e1y t\u00ednh kh\u1edfi \u0111\u1ed9ng ch\u1eadm: <\/strong>N\u1ebfu m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n m\u1ea5t nhi\u1ec1u th\u1eddi gian \u0111\u1ec3 kh\u1edfi \u0111\u1ed9ng ho\u1eb7c ch\u1ea1y c\u00e1c \u1ee9ng d\u1ee5ng, c\u00f3 th\u1ec3 c\u00f3 s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn qu\u00e1 tr\u00ecnh kh\u1edfi \u0111\u1ed9ng.<\/p>\n\n\n\n

Xu\u1ea5t hi\u1ec7n c\u00e1c ti\u1ebfn tr\u00ecnh kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c:<\/strong> Ki\u1ec3m tra qu\u1ea3n l\u00fd t\u00e1c v\u1ee5 ho\u1eb7c tr\u00ecnh qu\u1ea3n l\u00fd t\u00e1c v\u1ee5 \u0111\u1ec3 xem x\u00e9t c\u00e1c ti\u1ebfn tr\u00ecnh \u0111ang ch\u1ea1y tr\u00ean h\u1ec7 th\u1ed1ng. N\u1ebfu b\u1ea1n ph\u00e1t hi\u1ec7n c\u00e1c ti\u1ebfn tr\u00ecnh kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c ho\u1eb7c kh\u00f4ng quen thu\u1ed9c, \u0111\u00f3 c\u00f3 th\u1ec3 l\u00e0 d\u1ea5u hi\u1ec7u c\u1ee7a vi\u1ec7c h\u1ec7 th\u1ed1ng b\u1ecb nhi\u1ec5m malware.<\/p>\n\n\n\n

S\u1eed d\u1ee5ng b\u0103ng th\u00f4ng m\u1ea1ng kh\u00f4ng th\u01b0\u1eddng xuy\u00ean: <\/strong>N\u1ebfu h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n s\u1eed d\u1ee5ng b\u0103ng th\u00f4ng m\u1ea1ng m\u1ed9t c\u00e1ch kh\u00f4ng th\u01b0\u1eddng xuy\u00ean khi kh\u00f4ng c\u00f3 ho\u1ea1t \u0111\u1ed9ng truy c\u1eadp th\u00f4ng tin, c\u00f3 th\u1ec3 c\u00f3 s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a c\u00e1c k\u1ebft n\u1ed1i kh\u00f4ng mong mu\u1ed1n \u0111\u1ebfn C&C Server.<\/p>\n\n\n\n

Xu\u1ea5t hi\u1ec7n c\u00e1c th\u00f4ng b\u00e1o l\u1ed7i ho\u1eb7c th\u00f4ng b\u00e1o kh\u00f4ng mong mu\u1ed1n:<\/strong> N\u1ebfu b\u1ea1n nh\u1eadn \u0111\u01b0\u1ee3c c\u00e1c th\u00f4ng b\u00e1o l\u1ed7i ho\u1eb7c c\u00e1c c\u1eeda s\u1ed5 m\u1edbi kh\u00f4ng mong mu\u1ed1n xu\u1ea5t hi\u1ec7n tr\u00ean m\u00e0n h\u00ecnh m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n, \u0111\u00f3 c\u0169ng c\u00f3 th\u1ec3 l\u00e0 d\u1ea5u hi\u1ec7u c\u1ee7a vi\u1ec7c h\u1ec7 th\u1ed1ng b\u1ecb nhi\u1ec5m malware ho\u1eb7c \u0111ang b\u1ecb ki\u1ec3m so\u00e1t t\u1eeb xa.<\/p>\n\n\n\n

Ghi l\u1ea1i c\u00e1c k\u1ebft n\u1ed1i m\u1ea1ng kh\u00f4ng th\u01b0\u1eddng xuy\u00ean:<\/strong> Ki\u1ec3m tra c\u00e1c b\u1ea3n ghi l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng \u0111\u1ec3 xem x\u00e9t c\u00e1c k\u1ebft n\u1ed1i m\u1ea1ng kh\u00f4ng th\u01b0\u1eddng xuy\u00ean \u0111\u1ebfn c\u00e1c \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c mi\u1ec1n t\u00ean kh\u00f4ng quen thu\u1ed9c.<\/p>\n\n\n\n

S\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a c\u00e1c t\u1ec7p \u0111\u00e1ng ng\u1edd:<\/strong> Ki\u1ec3m tra h\u1ec7 th\u1ed1ng \u0111\u1ec3 xem x\u00e9t s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a c\u00e1c t\u1ec7p \u0111\u00e1ng ng\u1edd ho\u1eb7c c\u00e1c thay \u0111\u1ed5i kh\u00f4ng r\u00f5 r\u00e0ng trong h\u1ec7 th\u1ed1ng t\u1ec7p.<\/p>\n\n\n\n

2. C\u00e1c b\u01b0\u1edbc th\u1ef1c hi\u1ec7n m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng C&C Server<\/strong><\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Hacker khi th\u1ef1c hi\u1ec7n m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng C&C ph\u1ea3i th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc nh\u01b0 sau:<\/p>\n\n\n\n

Nhi\u1ec5m malware v\u00e0o h\u1ec7 th\u1ed1ng<\/strong>: B\u01b0\u1edbc \u0111\u1ea7u ti\u00ean c\u1ee7a m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng C&C l\u00e0 nhi\u1ec5m malware ho\u1eb7c m\u00e3 \u0111\u1ed9c v\u00e0o h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng ph\u00e1p nh\u01b0 email l\u1eeba \u0111\u1ea3o, trang web gi\u1ea3 m\u1ea1o ho\u1eb7c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1ec3 l\u00e2y lan malware v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau.<\/p>\n\n\n\n

Thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i v\u1edbi C&C Server:<\/strong> Sau khi malware \u0111\u00e3 nhi\u1ec5m v\u00e0o h\u1ec7 th\u1ed1ng, n\u00f3 s\u1ebd li\u00ean l\u1ea1c v\u1edbi C&C Server \u0111\u1ec3 thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i. C&C Server cung c\u1ea5p c\u00e1c h\u01b0\u1edbng d\u1eabn v\u00e0 l\u1ec7nh \u0111i\u1ec1u khi\u1ec3n cho malware tr\u00ean h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau.<\/p>\n\n\n\n

Ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng t\u1eeb xa: <\/strong>Khi \u0111\u00e3 thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i v\u1edbi C&C Server, malware tr\u00ean h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau s\u1ebd l\u1eafng nghe v\u00e0 th\u1ef1c thi c\u00e1c l\u1ec7nh t\u1eeb m\u00e1y ch\u1ee7 \u0111i\u1ec1u khi\u1ec3n. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng t\u1eeb xa, th\u1ef1c hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng mong mu\u1ed1n v\u00e0 l\u1ea5y c\u1eafp th\u00f4ng tin quan tr\u1ecdng.<\/p>\n\n\n\n

Thu th\u1eadp th\u00f4ng tin:<\/strong> C&C Server c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng malware \u0111\u1ec3 thu th\u1eadp th\u00f4ng tin quan tr\u1ecdng t\u1eeb h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau, bao g\u1ed3m th\u00f4ng tin c\u00e1 nh\u00e2n, th\u00f4ng tin \u0111\u0103ng nh\u1eadp, d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m ho\u1eb7c th\u00f4ng tin li\u00ean quan \u0111\u1ebfn doanh nghi\u1ec7p.<\/p>\n\n\n\n

G\u1eedi v\u00e0 nh\u1eadn l\u1ec7nh \u0111i\u1ec1u khi\u1ec3n:<\/strong> C&C Server li\u00ean t\u1ee5c g\u1eedi l\u1ec7nh \u0111i\u1ec1u khi\u1ec3n m\u1edbi cho malware tr\u00ean h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau. \u0110i\u1ec1u n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1edbi v\u00e0 \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng theo \u00fd mu\u1ed1n.<\/p>\n\n\n\n

C\u1eadp nh\u1eadt v\u00e0 t\u00e1i c\u1ea5u h\u00ecnh:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 c\u1eadp nh\u1eadt v\u00e0 t\u00e1i c\u1ea5u h\u00ecnh malware tr\u00ean h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau t\u1eeb C&C Server \u0111\u1ec3 tr\u00e1nh ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n. G\u1eedi d\u1eef li\u1ec7u v\u1ec1 C&C Server: Sau khi ho\u00e0n th\u00e0nh c\u00e1c ho\u1ea1t \u0111\u1ed9ng t\u1ea5n c\u00f4ng, malware c\u00f3 th\u1ec3 g\u1eedi d\u1eef li\u1ec7u \u0111\u00e3 thu th\u1eadp t\u1eeb h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau v\u1ec1 C&C Server. D\u1eef li\u1ec7u n\u00e0y c\u00f3 th\u1ec3 bao g\u1ed3m th\u00f4ng tin \u0111\u00e1nh c\u1eafp, d\u1ea5u v\u1ebft t\u1ea5n c\u00f4ng v\u00e0 b\u00e1o c\u00e1o v\u1ec1 ti\u1ebfn tr\u00ecnh th\u1ef1c hi\u1ec7n c\u1ee7a malware.<\/p>\n\n\n\n

3. Ph\u00e1t hi\u1ec7n C&C Server nh\u01b0 th\u1ebf n\u00e0o.<\/strong><\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

\u0110\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng C&C Server c\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u00e1c c\u00e1ch sau:<\/p>\n\n\n\n

H\u1ec7 th\u1ed1ng c\u01a1 s\u1edf d\u1eef li\u1ec7u IOC (Indicators of Compromise):<\/strong> S\u1eed d\u1ee5ng h\u1ec7 th\u1ed1ng c\u01a1 s\u1edf d\u1eef li\u1ec7u IOC, nh\u01b0 Open Threat Exchange (OTX) ho\u1eb7c MISP (Malware Information Sharing Platform), \u0111\u1ec3 t\u00ecm ki\u1ebfm c\u00e1c \u0111\u1ecba ch\u1ec9 IP, mi\u1ec1n t\u00ean v\u00e0 m\u00e3 hash c\u1ee7a C&C Server \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh tr\u01b0\u1edbc \u0111\u00f3 b\u1edfi c\u1ed9ng \u0111\u1ed3ng an ninh v\u00e0 ngu\u1ed3n t\u00ecnh b\u00e1o.<\/p>\n\n\n\n

Ph\u00e2n t\u00edch l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng: <\/strong>S\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m ph\u00e2n t\u00edch l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng \u0111\u1ec3 gi\u00e1m s\u00e1t c\u00e1c k\u1ebft n\u1ed1i m\u1ea1ng v\u00e0 theo d\u00f5i c\u00e1c ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng b\u00ecnh th\u01b0\u1eddng. C\u00e1c C&C Server th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u00e1c c\u1ed5ng kh\u00f4ng ph\u1ed5 bi\u1ebfn ho\u1eb7c c\u00e1c giao th\u1ee9c kh\u00f4ng r\u00f5 r\u00e0ng, v\u00ec v\u1eady vi\u1ec7c theo d\u00f5i l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng c\u00f3 th\u1ec3 gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c m\u00e1y ch\u1ee7 n\u00e0y.<\/p>\n\n\n\n

Ph\u00e2n t\u00edch t\u1eadp tin: <\/strong>S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 ph\u00e2n t\u00edch \u0111\u00e1ng tin c\u1eady \u0111\u1ec3 qu\u00e9t v\u00e0 ki\u1ec3m tra c\u00e1c t\u1eadp tin tr\u00ean h\u1ec7 th\u1ed1ng. Ph\u00e1t hi\u1ec7n m\u00e3 \u0111\u1ed9c trong c\u00e1c t\u1eadp tin l\u00e0 m\u1ed9t d\u1ea5u hi\u1ec7u cho th\u1ea5y c\u00f3 th\u1ec3 m\u00e1y t\u00ednh b\u1ecb nhi\u1ec5m v\u00e0 k\u1ebft n\u1ed1i \u0111\u1ebfn C&C Server.<\/p>\n\n\n\n

Gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng h\u1ec7 th\u1ed1ng:<\/strong> Gi\u00e1m s\u00e1t c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a h\u1ec7 th\u1ed1ng, bao g\u1ed3m c\u00e1c ti\u1ebfn tr\u00ecnh, d\u1ecbch v\u1ee5 v\u00e0 giao ti\u1ebfp m\u1ea1ng kh\u00f4ng b\u00ecnh th\u01b0\u1eddng c\u00f3 th\u1ec3 gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a C&C Server.<\/p>\n\n\n\n

S\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt:<\/strong> Tri\u1ec3n khai c\u00e1c ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt m\u1ea1ng v\u00e0 gi\u1ea3i ph\u00e1p an ninh m\u1ea1nh m\u1ebd c\u00f3 kh\u1ea3 n\u0103ng ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n k\u1ebft n\u1ed1i \u0111\u1ebfn C&C Server.<\/p>\n\n\n\n

4. C\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng C&C Server<\/strong><\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Ch\u1ed1ng t\u1ea5n c\u00f4ng C&C (Command and Control) Server l\u00e0 m\u1ed9t y\u1ebfu t\u1ed1 quan tr\u1ecdng trong vi\u1ec7c b\u1ea3o v\u1ec7 m\u1ea1ng v\u00e0 h\u1ec7 th\u1ed1ng kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0 m\u1ed1i \u0111e d\u1ecda t\u1eeb ph\u00eda k\u1ebb t\u1ea5n c\u00f4ng. <\/p>\n\n\n\n

D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 bi\u1ec7n ph\u00e1p ch\u1ed1ng t\u1ea5n c\u00f4ng C&C Server:<\/p>\n\n\n\n

S\u1eed d\u1ee5ng gi\u1ea3i ph\u00e1p di\u1ec7t malware v\u00e0 ph\u1ea7n m\u1ec1m di\u1ec7t virus:<\/strong> C\u00e0i \u0111\u1eb7t v\u00e0 duy tr\u00ec c\u00e1c ph\u1ea7n m\u1ec1m di\u1ec7t virus v\u00e0 gi\u1ea3i ph\u00e1p di\u1ec7t malware m\u1ea1nh m\u1ebd \u0111\u1ec3 ph\u00e1t hi\u1ec7n v\u00e0 lo\u1ea1i b\u1ecf c\u00e1c m\u00e3 \u0111\u1ed9c v\u00e0 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i c\u00f3 th\u1ec3 li\u00ean quan \u0111\u1ebfn C&C Server. C\u00e1c ph\u1ea7n m\u1ec1m n\u00e0y s\u1ebd gi\u00fap ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ebfn C&C Server v\u00e0 ng\u0103n ch\u1eb7n ho\u1ea1t \u0111\u1ed9ng c\u1ee7a malware.<\/p>\n\n\n\n

Ph\u00e2n t\u00edch h\u00e0nh vi h\u1ec7 th\u1ed1ng:<\/strong> Gi\u00e1m s\u00e1t c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a h\u1ec7 th\u1ed1ng v\u00e0 theo d\u00f5i c\u00e1c ti\u1ebfn tr\u00ecnh, d\u1ecbch v\u1ee5 v\u00e0 giao ti\u1ebfp m\u1ea1ng kh\u00f4ng b\u00ecnh th\u01b0\u1eddng. C\u00e1c bi\u1ec7n ph\u00e1p gi\u00e1m s\u00e1t h\u00e0nh vi h\u1ec7 th\u1ed1ng gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a C&C Server tr\u00ean h\u1ec7 th\u1ed1ng.<\/p>\n\n\n\n

S\u1eed d\u1ee5ng t\u01b0\u1eddng l\u1eeda m\u1ea1ng v\u00e0 h\u1ec7 th\u1ed1ng ph\u00e1t hi\u1ec7n x\u00e2m nh\u1eadp (IDS\/IPS): <\/strong>X\u00e2y d\u1ef1ng c\u00e1c t\u01b0\u1eddng l\u1eeda m\u1ea1ng m\u1ea1nh m\u1ebd v\u00e0 tri\u1ec3n khai h\u1ec7 th\u1ed1ng ph\u00e1t hi\u1ec7n x\u00e2m nh\u1eadp (IDS\/IPS) \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c k\u1ebft n\u1ed1i kh\u00f4ng an to\u00e0n v\u00e0 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng t\u1eeb C&C Server. H\u1ec7 th\u1ed1ng IDS\/IPS gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng v\u00e0 ph\u00e1t hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng b\u00ecnh th\u01b0\u1eddng c\u00f3 th\u1ec3 li\u00ean quan \u0111\u1ebfn C&C Server.<\/p>\n\n\n\n

S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng ngh\u1ec7 b\u1ea3o v\u1ec7 theo th\u1eddi gian th\u1ef1c:<\/strong> Tri\u1ec3n khai c\u00e1c gi\u1ea3i ph\u00e1p b\u1ea3o v\u1ec7 theo th\u1eddi gian th\u1ef1c \u0111\u1ec3 ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a C&C Server ngay khi ch\u00fang x\u1ea3y ra. C\u00e1c c\u00f4ng ngh\u1ec7 n\u00e0y s\u1ebd gi\u00fap t\u1ef1 \u0111\u1ed9ng ch\u1eb7n c\u00e1c k\u1ebft n\u1ed1i v\u00e0 ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng mong mu\u1ed1n t\u1eeb C&C Server.<\/p>\n\n\n\n

\u0110\u00e0o t\u1ea1o nh\u00e2n vi\u00ean v\u1ec1 an ninh m\u1ea1ng:<\/strong> \u0110\u00e0o t\u1ea1o nh\u00e2n vi\u00ean v\u1ec1 an ninh m\u1ea1ng l\u00e0 m\u1ed9t ph\u1ea7n quan tr\u1ecdng trong vi\u1ec7c ph\u00f2ng ch\u1ed1ng C&C Server. Nh\u00e2n vi\u00ean c\u1ea7n nh\u1eadn bi\u1ebft c\u00e1c d\u1ea5u hi\u1ec7u \u0111\u00e1ng ng\u1edd v\u00e0 bi\u1ebft c\u00e1ch x\u1eed l\u00fd c\u00e1c t\u00ecnh hu\u1ed1ng b\u1ea3o m\u1eadt m\u1ea1ng m\u1ed9t c\u00e1ch an to\u00e0n.<\/p>\n\n\n\n

Ph\u00e1t hi\u1ec7n v\u00e0 n\u1eafm b\u1eaft c\u00e1c t\u1ea5n c\u00f4ng tr\u01b0\u1edbc<\/strong>: N\u1eafm b\u1eaft v\u00e0 ph\u00e2n t\u00edch c\u00e1c t\u1ea5n c\u00f4ng t\u1eeb C&C Server tr\u01b0\u1edbc \u0111\u00f3 \u0111\u1ec3 c\u00f3 c\u00e1i nh\u00ecn r\u00f5 r\u00e0ng h\u01a1n v\u1ec1 c\u00e1c bi\u1ec3u hi\u1ec7n v\u00e0 m\u1eabu ho\u1ea1t \u0111\u1ed9ng c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng. \u0110i\u1ec1u n\u00e0y gi\u00fap chu\u1ea9n b\u1ecb v\u00e0 \u1ee9ng ph\u00f3 nhanh ch\u00f3ng khi ph\u00e1t hi\u1ec7n ho\u1ea1t \u0111\u1ed9ng m\u1edbi t\u1eeb C&C Server.<\/p>\n\n\n\n

5. Ph\u1ea7n m\u1ec1m antivirus Sophos Endpoint<\/strong><\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Sophos Endpoint Protection cung c\u1ea5p nhi\u1ec1u t\u00ednh n\u0103ng v\u00e0 c\u00f4ng ngh\u1ec7 gi\u00fap ch\u1ed1ng l\u1ea1i C&C (Command and Control) server v\u00e0 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng t\u1eeb ph\u00eda k\u1ebb t\u1ea5n c\u00f4ng. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c t\u00ednh n\u0103ng quan tr\u1ecdng m\u00e0 Sophos Endpoint Protection s\u1eed d\u1ee5ng \u0111\u1ec3 ng\u0103n ch\u1eb7n ho\u1ea1t \u0111\u1ed9ng c\u1ee7a C&C server:<\/p>\n\n\n\n

Malicious Traffic Detection (MTD):<\/strong> T\u00ednh n\u0103ng MTD cho ph\u00e9p Sophos Endpoint Protection nh\u1eadn di\u1ec7n v\u00e0 ch\u1eb7n c\u00e1c k\u1ebft n\u1ed1i t\u1edbi c\u00e1c m\u00e1y ch\u1ee7 C&C \u0111\u1ed9c h\u1ea1i \u0111\u00e3 bi\u1ebft tr\u01b0\u1edbc. N\u00f3 s\u1eed d\u1ee5ng c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1eadp nh\u1eadt li\u00ean t\u1ee5c c\u1ee7a c\u00e1c m\u00e1y ch\u1ee7 C&C \u0111\u1ec3 ng\u0103n ch\u1eb7n vi\u1ec7c m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i v\u1edbi c\u00e1c m\u00e1y ch\u1ee7 \u0111\u1ed9c h\u1ea1i n\u00e0y.<\/p>\n\n\n\n

Web Protection:<\/strong> Sophos Endpoint Protection c\u00f3 t\u00ednh n\u0103ng Web Protection, gi\u00fap ch\u1eb7n truy c\u1eadp v\u00e0o c\u00e1c trang web \u0111\u1ed9c h\u1ea1i ho\u1eb7c \u0111\u1ecba ch\u1ec9 URL li\u00ean quan \u0111\u1ebfn ho\u1ea1t \u0111\u1ed9ng c\u1ee7a C&C server. Vi\u1ec7c ch\u1eb7n c\u00e1c trang web n\u00e0y gi\u00fap ng\u0103n ch\u1eb7n vi\u1ec7c truy\u1ec1n th\u00f4ng c\u1ee7a malware v\u1edbi m\u00e1y ch\u1ee7 C&C.<\/p>\n\n\n\n

Exploit Prevention:<\/strong> T\u00ednh n\u0103ng Exploit Prevention gi\u00fap ph\u00f2ng ng\u1eeba vi\u1ec7c t\u1ea5n c\u00f4ng th\u00f4ng qua c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt trong ph\u1ea7n m\u1ec1m. \u0110i\u1ec1u n\u00e0y gi\u00fap ng\u0103n ch\u1eb7n vi\u1ec7c k\u1ebb t\u1ea5n c\u00f4ng t\u1eadn d\u1ee5ng l\u1ed7 h\u1ed5ng \u0111\u1ec3 thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i v\u1edbi C&C server.<\/p>\n\n\n\n

HIPS (Host Intrusion Prevention System): <\/strong>Sophos Endpoint Protection bao g\u1ed3m HIPS, gi\u00fap gi\u00e1m s\u00e1t v\u00e0 ph\u00e1t hi\u1ec7n c\u00e1c h\u00e0nh vi \u0111\u00e1ng ng\u1edd c\u00f3 th\u1ec3 li\u00ean quan \u0111\u1ebfn C&C server. HIPS c\u00f3 kh\u1ea3 n\u0103ng ng\u0103n ch\u1eb7n c\u00e1c ti\u1ebfn tr\u00ecnh kh\u00f4ng \u1ee7y quy\u1ec1n v\u00e0 b\u1ea3o v\u1ec7 kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean t\u1ec7p v\u00e0 kh\u00f4ng c\u00f3 t\u1ec7p.<\/p>\n\n\n\n

Behavioral Analysis:<\/strong> S\u1eed d\u1ee5ng ph\u00e2n t\u00edch h\u00e0nh vi, Sophos Endpoint Protection nh\u1eadn di\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng b\u00ecnh th\u01b0\u1eddng tr\u00ean h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n, bao g\u1ed3m vi\u1ec7c ki\u1ec3m tra c\u00e1c k\u1ebft n\u1ed1i m\u1ea1ng kh\u00f4ng th\u01b0\u1eddng xuy\u00ean ho\u1eb7c ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c, d\u1ea5u hi\u1ec7u c\u1ee7a ho\u1ea1t \u0111\u1ed9ng C&C server.<\/p>\n\n\n\n

Threat Intelligence Sharing:<\/strong> Sophos c\u00f3 m\u1ea1ng th\u00f4ng tin \u0111e d\u1ecda to\u00e0n c\u1ea7u, t\u1ed5ng h\u1ee3p v\u00e0 ph\u00e2n t\u00edch d\u1eef li\u1ec7u t\u1eeb kh\u00e1ch h\u00e0ng c\u1ee7a m\u00ecnh \u0111\u1ec3 ph\u00e1t hi\u1ec7n v\u00e0 \u0111\u00e1p \u1ee9ng nhanh ch\u00f3ng v\u1edbi c\u00e1c m\u1ed1i \u0111e d\u1ecda t\u1eeb C&C server. Th\u00f4ng tin n\u00e0y \u0111\u01b0\u1ee3c chia s\u1ebb trong c\u1ed9ng \u0111\u1ed3ng \u0111\u1ec3 b\u1ea3o v\u1ec7 to\u00e0n di\u1ec7n c\u00e1c kh\u00e1ch h\u00e0ng c\u1ee7a Sophos.<\/p>\n\n\n\n

C\u1eadp nh\u1eadt v\u00e0 ph\u00f2ng ch\u1ed1ng \u0111e d\u1ecda theo th\u1eddi gian th\u1ef1c: <\/strong>Sophos li\u00ean t\u1ee5c c\u1eadp nh\u1eadt c\u01a1 s\u1edf d\u1eef li\u1ec7u \u0111e d\u1ecda v\u00e0 quy t\u1eafc b\u1ea3o v\u1ec7 \u0111\u1ec3 \u0111\u1ed1i ph\u00f3 v\u1edbi c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1edbi t\u1eeb C&C server. H\u1ec7 th\u1ed1ng b\u1ea3o v\u1ec7 theo th\u1eddi gian th\u1ef1c gi\u00fap b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng kh\u1ecfi c\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng m\u1edbi nh\u1ea5t.<\/p>\n","protected":false},"excerpt":{"rendered":"

1.Kh\u00e1i ni\u1ec7m C&C Server l\u00e0 g\u00ec? C&C (Command and Control) Server l\u00e0 m\u1ed9t thu\u1eadt ng\u1eef trong l\u0129nh v\u1ef1c b\u1ea3o m\u1eadt m\u1ea1ng v\u00e0 an ninh th\u00f4ng tin. N\u00f3 th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 ch\u1ec9 m\u1ed9t m\u00e1y ch\u1ee7 ho\u1eb7c m\u1ed9t nh\u00f3m m\u00e1y ch\u1ee7 \u0111\u1eb7c bi\u1ec7t trong h\u1ec7 th\u1ed1ng t\u1ea5n c\u00f4ng, n\u01a1i m\u00e0 k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 […]<\/p>\n","protected":false},"author":12,"featured_media":6975,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[18,80,17],"tags":[144,145,97],"class_list":["post-6963","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-endpoint","category-huong-dan-tai-lieu","category-bao-mat","tag-cc-server","tag-command-and-control","tag-sophos-endpoint","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/6963","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=6963"}],"version-history":[{"count":0,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/6963\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/6975"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=6963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=6963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=6963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}