Mboa

Mboa a wɔdze ma obiara

Dahyebɔɔdo no mbuenyi

Shadowserver ne Dahyebɔɔdo dze nkontaabu a ɔso na ɔkyerɛ datasɛt ahorow a etsitsir a Shadowserver boaboaa ano na ɔkyɛɛ wɔ ne daadaa dwumadzi wɔ bɔbor 100 wɔ da biara da amandzɛɛbɔ mu. Datasɛt no ma kwan ma tsia a nkorɔfo roko tsia hɔn, mbrɛwyɛ ahorow, nhyehyɛɛ a ho nntsew, nsɛm a ɔboa twe hɛn adwen si nsɛm a ɔrokɔ do do. data a wɔkyɛ wɔ amandɛɛbɔ kwan do no kitsa IP lɛvol ho nsɛm a ɔkɔ ekyir a ɔfa nɛtwɛk anaa matɔw pɔtsee bi ho. Shadowserver Dahyebɔɔdo yi mma kwan mma dɛm granolariti lɛvol yi. Mbom nkontaabu a ɔkrɔn a ɔkyerɛ dɛm dwumadzi ahorow yi ma. Iyi ma kwan ma wohu ɔhaw ahyɛ ase reba, mbrɛwyɛ ahorow, nsɛm e esisi a ɔma mpɔtamufo ber a wɔkora hɔn a wɔdze hɔnho hyɛ mu biara dzin do

Fibea na taage

Wɔahyehyɛ data awɔdze kyerɛ no afa fibea ahorow na taage ahorow. Fibea yɛ data kuw tsitsir bi a wɔ kwan bi do.ndzɛmba etsitsir a wonya fi mu nye honeypot, population, scan, sinkhole. Populehyɛn na sekaan nyina gyina sekaan ne datasɛte do a populehyɛn dzi ewiei a ɔnnyɛ mbrɛw/bambɔ dwumadzi. 6 I odzi ekyir no gyina hɔ ma IPv6 data (nsɛm a wɔakyerɛw a onnyi okyigyinafo no nyina gyina hɔ ma IPv4 data).

Fibea no botum enya taage ahorow a ɔbɛbata hɔnho a ɔbɛma nsɛm fofor a ɔfa data a wɔdze roto gua no ho. Dɛ mfatoho,taag ma scan bɛka sekan afofor ahorow no ankasa ho(ɔno nye. Sɛveses/protokɔls a wɔreskaane tse dɛtelnet, ftp na rdp). Taage ma sinkhole bɛda edzi wɔ malware ebusua ankasa a a wɔdze hɔnho robɔ sinkhole (ɔno nye. host a malware ebusua no dze nsan asan no tse dɛadload, andromeda na necurs).

Taage no boa ma yenya nyimdzz pii ma data a wɔdze roto gua no.

Bio, yɛdze fibea ekuw afofor so ba dɛ mbrɛ ɔbɛda mfatoho a ɔwɔ afofor a ɔyɛ mbrɛw anaa ɔasei no edzi yie – dɛ mfato ho, http_vulnerable anaa compromised_website. Iyinom bɛtaa ekitsa taage ɔkyerɛCVE mbrɛwyɛ pɔtsee, adzetɔnfo anaa ndzɛma a ɔka hɔn anaa nsɛm a ɔfa ekyir apon, webshells anaa implants aa woehu ho. Mfatoho http_vulnerable bɛyɛ citrix anaa cve-2023-3519.

Ewiei koraa no ber a yɛdze detɛkhyɛns pii ka hɛn dataset ho no, yewiw a yɛwɔ taage ahorow pii. Iyi kyerɛ dɛ annyɛ nna ɔbɛyɛ tse dɛ ma wɔapaw fibea kuw fofor bi. Dɛ mfato ho, ɔwɔ mu dɛ snmp yɛ taage a ogyina fibea do scan so dze, naaso wɔda no edzi dɛ fibea. Iyi ma yetum dze granular snmp sekaan aba a ɔma kwan ma yɛhwɛ snmp sekaan pɔtsee bi a aba a ɔfa mbrɛwyɛ tse dɛ cve-2017-6736 ho kyerɛ.

Nkitahodzi a ɔkɔ data ekuw ahorow do ntsɛntsɛm: Navigehyɛn baa a ɔwɔ benkum

Wɔnam akwan akɛse ahorow a wɔfa do boaboa ano a sinkhollin, sekaanen na honeypots ka ho na ɔboaboa datasets a wɔdze ama no ano. Wɔkyekyɛ dataset ahorow no mu ekuw etsitsir yi wɔ navigehyɛn baa a ɔwɔ benkum do, na wɔdze ahyɛnsewdze soronko yɛ ɔfa biara ho nsɛnkyerɛndze.

Botae nye dɛ ɔbɛma woetum akɔ fibea ekuewekuw. Dɛ mfatoho:

  • Sinkholes - ma datasets a wɔahyehyɛ no ekuwekuw dɛ fibea sinkhole tse. Afei wobotum ahwɛ sinkhole aba pɔtsee bi dɛ taage anaa taage kuw bi a wɔapaw do.
  • Scans - ma datasets a wɔahyehyɛ no ekuwekuw dɛ fibea scan (ɔfa yi kitsa sekaan aba ma ndwuma a ɔwɔ ahobambɔ ho asɛm bi a ɔbata ho, wobotum so ahwɛ populehyɛn sekaan aba a ɔnam paw a wɔbɛpaw fibea population mbom). afei wobotum ahwɛ sekaan aba pɔtsee bi a ɔnam taage anaa taage kuw bi a wɔbɛpaw do.
  • Honeypots - ma datasets a wɔahyehyɛ no ekuwekuw dɛ fibea honeypot tse. Afei wobotum ahwɛ honeypot aba pɔtsee abi a wɔbɛpaw a ɔnam taage anaa taage kuw bi wɔapa do.
  • DDoS - ma datasets a wɔhyehyɛno ekuwekuw dɛ fibea honeypot_ddos_amp tse. Iyinom yɛ amplefikehyɛn DDoS ntohyɛfo a botae soronko no hu hɔn wɔ ɔman/mantamu pɔtsee bi mu. Afei, wobotum ahwɛ amplefikehyɛn kwan pɔtsee bi a wɔdze dzi dwuma ɔnam taage anaa taage kuw bi a wɔapaw do.
  • ICS - dze datasets a wɔahyehyɛ no ekuwekuw dɛ fibea ics (a ɔyɛ sekaan aba a ofi native Industrial Control Systems protokɔls) mu ba no ho nkyerɛkyerɛmu ma. Afei wobotum ahwɛ native protokɔls a wɔdze dzi dwuma no a ɔnam taage anaa taage kuw bi a wɔbɛpaw do.
  • Web CVEs - ma datasets a wɔahyehyɛ no ekuwekuw dɛ http_vulnerable na exchange do. Iyinom yɛ wɛb aplikehyɛn a ɔyɛ mbrɛw a woehu wɔ hɛn sekaan ahorow mu a mpɛn pii no CVE na ɔyɛ. Wobotum ahwɛ CVE ahorow anaa ndzɛmba a ɔka ho no ɔnam taage anaa taage kuw bi a wɔbɛpaw do.

Wobotum akyekyɛ dataset ahorow no mu dɛ ma ɔman anaa aman ekuw, mpɔtamu na nsasepɔn tse.

Wɔakyerɛkyerɛ dataset biara mu so wɔ “Ma ɔfa dɛm data yi ho” mu.

Yɛsrɛ dɛ hyɛ no nsew dɛ dataset pii wɔ hɔ a ɔnnyɛ dza woesi do dua no. Dɛ mfatoho no, fibea beacon bɛma wo kwan ma ahwehwɛ post-exploitehyɛn fremiwɛke C2s a yehu wɔ hɛn sekaan mu, na fibea compromised_website bɛma wo kwan ma ahwehwɛ wɛb n'ewieu a yehu wɔ hɛn sekaan ahorow mu.

Navigehyɛn baa a ɔwɔ sor

Navigehyɛn baa a ɔwɔ sor no ma kwan ma wɔyɛ mfonyiyi ahorow a wobotum apaw ama data a wɔdze kyerɛ, na dɛmara so na wɔdze mfonyiyi a ɔkyerɛ mfir a wɔdze kyerɛ na ntowhyɛdo a wɔdze hwɛ dataset ahorow.

Akontaabu biara

Akontaabu a ɔfa ndzɛmba nyina ho no bi no tum a wɔdze yɛ fibea ne taage biara ho mfonyiyi wɔ w’adwen ɔnam paw a wobɛpaw do:

  • Wiase maapo - wiase maapo a ɔkyerɛ fibea na taage a wɔapaw. Ndzɛmba fofor a ɔwɔ hɔ nye: tum a edze bɛsesa ɔyɛkyerɛ dze akyerɛ taage a ɔtaa ba wɔ ɔman biara mu wɔ fibea biara mu, nɔmalizahyɛn dɛ mbrɛ populehyɛn tse, GDP, ka hɔn a wɔdze dzi dwuma no bɔ mu, na dza ɔkeka ho. Botum so apaw makɛs wɔ maapo no do dze akyerɛ values ​​wɔ ɔman biara mu.
  • Mpɔtamu maapo - ɔman gyinabew maapo a wɔdze kyerɛ a aman a wɔakyekyɛ mu ayɛ no mantɔw na amantɔm.
  • Ntotoho maapo - ntotoho maapo a ɔfa aman ebien ho.
  • Ber ntoatoaso - nhyehyɛɛ a ɔkyerɛ fibea na taage nkabɔm wɔ ber mu. Hyɛ no nsew dɛ ɔma kwan ma wɔyɛ data ekuw ahorow (ɔnnyɛ ɔman biara nkotsee).
  • Mfonyitwa - dze akwan ahorow a wɔfa do tutu famu kɔ ​​datasets no mu, a nkyɛmu a ɔfa botae a ɔwɔ ber mu ka ho. Ma kwan ma wɔda data adzi wɔ kwan a ɔyɛ apon, baa kyaates, bɔbol diagrams na dza ɔkeka ho.

IoT nkontaabu mfir (mfir a wɔdze hu akontaabu)

Dɛm dataset yi na mfonyiyi ahorow a ɔbata ho no ma da biara da mfonyiyi a ɔkyerɛ ewiei a wɔada no dzi a wɔaboaboa ano ɔnam adzetɔnfo a wɔada hɔnho edzi na hɔn ndzɛmba a woehu ɔnam hɛn skaan ahorow do. Wɔakyekyɛ data no mu dɛ mbrɛ adzetɔnyi, modɛɛle na efir no su tse. Wɔnam akwan ahorow do kyerɛ iyinom, a wɛb krataafa mu nsɛm, SSL/TLS adansedzi nkrataa, frankaa a wɔada no edzi na dza ɔkeka ho Datasets no kitsa nyimpa dodow data nko a ɔno nye, wɔnnyɛ nhwehwɛmu biara wɔ mbrɛwyɛ biara a ɔbata awiei a wɔada no edzi no ho (sɛ epɛ dɛ ihu dɛm a, paw fibea tse dɛ mfatoho no http_vulnerable wɔ “Daadaa nkontaa” ase mbom).

Mfonyiyɛ nhyehyɛɛ a ɔtse dɛmara tse dɛ dza ɔwɔ “Akontaabu a ɔkɔ ekyir” mu no wɔ hɔ, a sorbisirbi no nye dɛ sɛ nkyɛ edze fibea na taage bedzi dwuma no botum ahwɛ (na ɔfa kuw dze ni do) adzetɔnfo , modɛɛle na mfir ahorow mbom.

Mfir a ɔko tsia: Ne mbrɛwyɛ

Dataset na mfonini ahorow a ɔbata ho no ma yehu etua a hɛn honeypot sɛnsɔ netwɛk no hu da biara da, a ɔtwe adwen si mbrɛwyɛ ahorow a wɔdze dzi dwumason. Iyinom bi nye tum a wotum hwɛ ndzɛmba a wɔtaa tow hyɛ do na wɔhwehwɛ mbrɛ wɔtow hyɛ do (ɔno ne dɛ wɔnam mbrɛwyɛ a wɔdze dzi dwumason, a bi a ɔka CVE pɔtsee bi a wɔdze dzi dwuma ho). Botum so ahwɛ kyaate ahorow mbrɛ tua no fibea no na bae a worokɔ no tse.

Mfonyiyɛ nhyehyɛɛ a ɔtse dɛmara tse dɛ dza ɔwɔ “Akontaabu a ɔfa ndzɛmba nyina” mu no wɔ hɔ, a sorbisorbi nye dɛ dɛ sɛ nkyɛ edze fibea na taage bedzi dwuma no botum ahwɛ (na wɔafa kuw no do ayɛ) adzetɔnfo, a ɔyɛ mbrɛw na fibea na bea a wɔto tsia hɔ no.

Wɔdze mfonyiyɛ fa fofor - Monitoring, so abɛka ho:

Iyi yɛ daadaa pon a wɔayɛ no fofor a ɔkyerɛ mbrɛwyɛ ahorow a wɔtaa dze dzi dwuma dodow no ara a wɔahyehyɛ no ekuwekuw ɔnam fibea IP soronko a woehu dɛ ɔrotow ahyɛ do (anaa etua mbɔdzembɔ a woehu, sɛ epaw nkitahodzi mbɔdzembɔ ho akontaabu kwan). Wɔdze data fi hɛn honeypot sɛnsɔ nɛtwɛk no mu. Wɔdze data amekuwekuw dea ɔnam mbrɛwyɛ ahorow a wɔdze dzi dwuma do. Ɔsan so ka CISA Known Exploited Vulnerability mappings (a dza ɔka ho nye dɛ ebia wonyim dɛ ransomware kuw bi dze dzi dwuma) na dɛ ebia etua no tsia IoT mfir bi kyɛn dɛ ɔbɛyɛ sɛva aplikehyɛn.

Dɛ mbrɛ wɔahyɛ no, ɔyɛkyerɛ no kyerɛ mbrɛwyɛ ahorow a wɔtaa dze dzi dwuma ma wiase nyina, naaso botum so dze ɔman pɔtsee bi anaa kuw pɔtsee bi yiyi mu anaa ebɛda pon a onndzi mu mbom.

Mfir a ɔko tsia: Mfir

Dɛm dataset yi nye mfonyiyi ahorow a ɔbata ho no ma yehu mfir ahorow a ɔtow hyɛ hɛn do a hɛn honeypot sɛnsɔ nɛtwɛk no hu no da biara a. Wɔnam hɛn daadaa sekaan do na ɔyɛ dɛm mfir yi nsatea nkyerɛwee. Datasets no ma kwan ma wodzi etua ahorow pɔtsee bi, mfir a wɔtɔn anaa mfonyiyi ahorow ekyir na wotum yiyi mu mbrɛ ɔman biara tse.

Kyaats a ɔtse dɛ dza ɔwɔ “Daadaa nkotaabu” mu no wɔ hɔ, a sorbisorbi no nye dɛ sɛ nkyɛ edze fibea ahoriw na taage ahorow bedzi dwuma no ibotum ahwɛ (na wɔayɛ hɔn ekuw akɔ) etua su, mfir adzetɔnfo anaa mfatoho mbom.

Wɔdze mfonyiyɛ fa fofor - monitoring, so abɛka ho:

Iyi yɛ daadaa pon a wɔayɛ no foforo a ɔkyerɛ mfir dodow a wɔtaa tow hyɛ do a wohu ɔnam IP fibea soronko a woehu dɛ orutu (anaa n etua mbɔdzembɔ a wohu, dɛ epaw nkitahodzi mbɔdzembɔ akontaabu kwan a). Dɛ mbrɛ ɔte wɔ datasets a wɔada no edzi wɔ dɛm ɔfa yi mu nyina no, wonya fi hɛn honeypot sɛnsɔr nɛtwɛk no mu. Wɔakyekyɛ no ekuwekuw dɛ mbrɛ etua no su no da edzi, adzetɔnyi ne modɛɛle (dɛ ɔwɔ hɔ a). Yɛdze IP ahorow a yehu no na dza ofi yɛn daadaa mfir sekaan nsatea nkyerɛwee mu ba no bata efir a ɔtow hyɛ so no do (hwɛ “IoT mfiri akontaabu” ɔfa no).

Dɛ mbrɛ wɔahyɛ no, mfonyi no kyerɛ mfir a ɔtaa too hyɛ do (ɔnam beebi a ofi no do) a wohu sɛ Ereto ahyɛ do (iyi ka nsɛm a yenntum nnhu mmfi bi anaa dɛ mfatoho no, yehu adzetɔnfo nkotsee). Wobotum apaw dɛ wɔbɛsesa nam ɔman pɔtsee bi anaa kuw pɔtsee bi so anaa wɔbɛda dza annkɔ yie ho pon dzi mbom.

Hɔn a wɔyɛɛ dodzii Shadowserver Dahyebɔɔdo no ho dwuma nye UK FCDO. IoT mfir nsatsea ano nkyerɛwee nkontaabu na honeypot a ɔko tsia nkontaabu a Europa Aman Nkabɔmu kuw no Kɔnekten Europe Dwumadzibea (EU CEF VARIoT project).

Yɛbɛpɛ dɛ yɛda hɔn a wosuoo hɛn ase boaa hɛn data a yɛdze dzii dwuma wɔ Shadowserver Dahyebɔɔdo, (afabɛtekalli) APNIC Community Feeds, Bitsight, CISPA, if-is.net, Kryptos Logic, SecurityScorecard, Yokohama National University na hɔn a wɔammpɛ dɛ yɛbɔ hɔn dzin nyina.

Shadowserver dze kukis keka analɛti ahorow bɔ mu. Iyi ma kwan ma yesusu mbrɛ wɔdze saete no yɛ edwuma na mboa a ɔdze ma hɔn a wɔdze dzi dwuma no. sɛ epɛ nsɛm pii afa kukis nak wan Shadowserver dze yɛ edwuma a, hwɛ hɛn privacy policy. Yehia ɔadwen dɛ ebɛfa kwan yi do dze kukis edzi dwuma wɔ w’efir do.