{"id":1577,"date":"2022-07-15T15:27:36","date_gmt":"2022-07-15T08:27:36","guid":{"rendered":"https:\/\/dt-corp.com.vn\/?p=1577"},"modified":"2022-07-15T15:27:36","modified_gmt":"2022-07-15T08:27:36","slug":"microsoft-canh-bao-ve-cac-cuoc-tan-cong-phishing-aitm-nham-vao-hon-10-000-to-chuc","status":"publish","type":"post","link":"https:\/\/dt-corp.com.vn\/?p=1577","title":{"rendered":"Microsoft c\u1ea3nh b\u00e1o v\u1ec1 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng phishing AiTM nh\u1eafm v\u00e0o h\u01a1n 10.000 t\u1ed5 ch\u1ee9c"},"content":{"rendered":"

C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng phishing di\u1ec5n ra t\u1eeb th\u00e1ng 9\/2021 \u0111\u00e3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u01a1n 10.000 t\u1ed5 ch\u1ee9c, \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp Office 365. B\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng nh\u1eefng website l\u1eeba \u0111\u1ea3o AiTM (adversary in the middle), c\u00e1c th\u1ebf l\u1ef1c \u0111\u1ed9c h\u1ea1i c\u00f3 th\u1ec3 v\u01b0\u1ee3t qua t\u00ednh n\u0103ng x\u00e1c th\u1ef1c nhi\u1ec1u l\u1edbp (MFA) c\u1ee7a ng\u01b0\u1eddi d\u00f9ng Office 365 b\u1eb1ng c\u00e1ch t\u1ea1o ra trang x\u00e1c th\u1ef1c Office 365 gi\u1ea3 m\u1ea1o.<\/i><\/b><\/p>\n

\n
\"canh-bao-chien-dich-phishing-nham-vao-hon-10-000-to-chuc-qua-office-365.jpg\"<\/div>\n

\u200b<\/p><\/div>\n

Trong quy tr\u00ecnh n\u00e0y, k\u1ebb t\u1ea5n c\u00f4ng l\u1ea5y \u0111i session cookie c\u1ee7a n\u1ea1n nh\u00e2n th\u00f4ng qua tri\u1ec3n khai m\u00e1y ch\u1ee7 proxy \u1edf gi\u1eefa m\u1ee5c ti\u00eau v\u00e0 trang web b\u1ecb gi\u1ea3 m\u1ea1o. V\u1ec1 c\u01a1 b\u1ea3n, ch\u00fang can thi\u1ec7p v\u00e0o c\u00e1c phi\u00ean \u0111\u0103ng nh\u1eadp Office 365 \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp. K\u1ef9 thu\u1eadt c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 session hijacking. Tuy nhi\u00ean, m\u1ecdi chuy\u1ec7n kh\u00f4ng d\u1eebng \u1edf \u0111\u00e2y.<\/p>\n

M\u1ed9t khi k\u1ebb t\u1ea5n c\u00f4ng ti\u1ebfp c\u1eadn \u0111\u01b0\u1ee3c h\u1ed9p th\u01b0 c\u1ee7a n\u1ea1n nh\u00e2n th\u00f4ng qua trang web AiTM, ch\u00fang c\u00f3 th\u1ec3 ti\u1ebfn h\u00e0nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng x\u00e2m ph\u1ea1m email doanh nghi\u1ec7p (BEC) ti\u1ebfp theo. Ch\u00fang s\u1ebd m\u1ea1o danh qu\u1ea3n l\u00fd c\u1ea5p cao \u0111\u1ec3 ra l\u1ec7nh cho nh\u00e2n vi\u00ean th\u1ef1c hi\u1ec7n m\u1ed9t s\u1ed1 h\u00e0nh \u0111\u1ed9ng g\u00e2y h\u1ea1i cho t\u1ed5 ch\u1ee9c. \u0110i\u1ec1u n\u00e0y d\u1eabn \u0111\u1ebfn nhi\u1ec1u v\u1ee5 gian l\u1eadn thanh to\u00e1n.<\/p>\n

D\u00f9 k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 t\u1eadn d\u1ee5ng MFA nh\u01b0ng kh\u00f4ng c\u00f3 ngh\u0129a bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt MFA kh\u00f4ng hi\u1ec7u qu\u1ea3. Microsoft nh\u1ea5n m\u1ea1nh trong blog r\u1eb1ng v\u00ec \u201cl\u1eeba \u0111\u1ea3o AiTM \u0111\u00e1nh c\u1eafp session cookie, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd thay m\u1eb7t ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c m\u1ed9t phi\u00ean \u0111\u0103ng nh\u1eadp, b\u1ea5t k\u1ec3 ng\u01b0\u1eddi d\u00f9ng s\u1eed d\u1ee5ng h\u00ecnh th\u1ee9c \u0111\u0103ng nh\u1eadp n\u00e0o\u201d.<\/p>\n

Phishing l\u00e0 m\u1ed9t h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng ng\u00e0y c\u00e0ng ph\u1ed5 bi\u1ebfn. C\u1ea3nh b\u00e1o c\u1ee7a Microsoft cho th\u1ea5y t\u1ed9i ph\u1ea1m m\u1ea1ng \u0111ang ph\u00e1t tri\u1ec3n nhi\u1ec1u c\u00e1ch kh\u00e1c nhau \u0111\u1ec3 v\u01b0\u1ee3t qua c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt.<\/p>\n

Ngu\u1ed3n:\u00a0<\/b>ictnews<\/i><\/b><\/a><\/div>\n","protected":false},"excerpt":{"rendered":"

C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng phishing di\u1ec5n ra t\u1eeb th\u00e1ng 9\/2021 \u0111\u00e3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u01a1n 10.000 t\u1ed5 ch\u1ee9c, \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp Office 365. B\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng nh\u1eefng website l\u1eeba","protected":false},"author":3,"featured_media":1578,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-1577","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/07\/canh-bao-chien-dich-phishing-nham-vao-hon-10-000-to-chuc-qua-office-365.jpeg","_links":{"self":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1577"}],"version-history":[{"count":1,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1577\/revisions"}],"predecessor-version":[{"id":1579,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1577\/revisions\/1579"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/media\/1578"}],"wp:attachment":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}