Logo na Zephyrnet

Generative Data Intelligence

cyber Tsaro

Sabbin Hankali Yana Nuna cewa Alina Point-of-Sale Malware Har yanzu yana Lantarki a cikin DNS

Plato ne ya sake bugawa
Plato ne ya sake bugawa

kwanan wata:

views: 650

CenturyLink's Black Lotus Labs yayi kashedin kungiyoyi game da satar katin kiredit

DENVER, Yuli 1, 2020 – Point-of-Sale (POS) malware ba sabon abu bane, kuma Alina malware - wanda masu aikata laifukan yanar gizo ke amfani da su don goge lambobin katin kiredit daga tsarin POS - ya kasance shekaru da yawa. Sabbin bayanan sirri daga CenturyLink's Black Lotus Labs, duk da haka, ya bayyana cewa masu aikata laifuka ba su riga sun yi tare da Alina ba, kuma suna ci gaba da samun sabbin hanyoyin yin amfani da shi don satar lamuni da ba a tsammani ba.

An gano satar ne bayan daya daga cikin nau'ikan koyon injin Black Lotus Labs ya nuna alamun tambayoyin da ba a saba gani ba zuwa wani yanki na musamman a watan Mayu 2020. Bincike mai zurfi ya tabbatar da cewa Alina POS malware yana amfani da Tsarin Sunan Domain (DNS) - aikin da ke canza sunan gidan yanar gizo. cikin adireshin IP - a matsayin tashar sadarwa mai fita ta hanyar da aka fitar da bayanan da aka sace.

Mike Benjamin, shugaban CenturyLink Black Lotus Labs ya ce "Black Lotus Labs ya kai ga abokan cinikin da Alina malware ya shafa da kuma masu rijista na wuraren da ba su da kyau." “Manufarmu ita ce mu yi amfani da hangen nesa ta hanyar sadarwarmu don kare abokan cinikinmu da tsaftace intanet, don haka za mu ci gaba da sanya ido kan wannan lamarin yayin da muke kokarin kawar da barazanar. Muna ba da shawara mai ƙarfi cewa duk ƙungiyoyi su sanya ido kan zirga-zirgar DNS don tambayoyin da ake tuhuma don hana wannan da sauran barazanar. "

Kasa na Kasa:

POS malware yana ci gaba da haifar da babbar barazanar tsaro, kuma DNS sanannen zaɓi ne ga marubutan malware don ketare ikon sarrafa tsaro da fitar da bayanai daga cibiyoyin sadarwa masu kariya. Masu aikata mugunta a kai a kai suna sabunta Dabarunsu, Dabaru, da Tsarukan su (TTPs) don gujewa ganowa, don haka mafi kyawun tsaro shine ci gaba da sa ido kan halayen da ba su dace ba.

Ana iya samun cikakkun bayanai na Binciken Labs na Black Lotus a cikin Alina POS Malware Blog: https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns

Ta yaya kuma Me yasa DNS yake da mahimmanci:

Tsarin sarrafa katin kiredit galibi yana gudana a cikin mahallin Windows, yana ba su damar yin niyya da ƙwarewar da ake da su na kasuwannin aikata laifuka. Ko da yake sarrafa katin kiredit yana faruwa a cikin wuraren da aka iyakance sosai, DNS sau da yawa ba a kula da shi ba, wanda ya sa ya zama zaɓi mai kyau don sadarwar waje a cikin POS malware, gami da haɓaka bayanan katin kiredit da aka sace.

Don yin wannan, mawallafin malware suna ɓoye bayanan da aka sace kuma suna ba da tambayar DNS zuwa sunan yankin da ke sarrafa ɗan wasan. Ana sanya bayanan da aka ɓoye a cikin yanki na yanki, wanda masu aikata mugunta sannan su cire lokacin da suka karɓi tambayar DNS. Ana sayar da bayanan da aka sace daga baya a kasuwannin aikata laifuka na karkashin kasa.

Mahimmin Sakamakon Bincike:

  • Yankuna huɗu sun nuna irin tambayoyin DNS. Ba a yi amfani da yanki na biyar da ake tuhuma ba, amma an shirya shi akan IP iri ɗaya. An ƙirƙira wannan sakewar don ƙyale ƴan wasan ƙeta su ci gaba da kasancewarsu ko da an toshe ɗaya ko fiye daga cikin wuraren da aka daidaita.
  • Black Lotus Labs ya sami damar gano hanyoyin shigar da Alina da kuma tabbatar da fitar da bayanan da aka sace.
  • Wasu daga cikin hanyoyin da aka samo a cikin bayanan da aka yanke an gansu a hare-haren Alina da suka gabata, wasu kuma an yi amfani da su tare da wasu POS malware.

Source: https://www.informationsecuritybuzz.com/study-research/new-intelligence-reveals-that-alina-point-of-sale-malware-is-still-lurking-in-dns/

tabs_img

Sabbin Hankali

tabs_img

Haƙƙin mallaka @ 2024 Plato Technologies Inc.