{"id":48430,"date":"2022-04-07T08:28:00","date_gmt":"2022-04-07T07:28:00","guid":{"rendered":"https:\/\/www.soitron.com\/teamwork-platforms-phishing-attacks\/"},"modified":"2022-06-07T13:12:24","modified_gmt":"2022-06-07T12:12:24","slug":"phishing-platformy-pre-timovu-spolupracu","status":"publish","type":"post","link":"https:\/\/new.soitron.com\/sk\/phishing-platformy-pre-timovu-spolupracu\/","title":{"rendered":"Phishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu"},"content":{"rendered":"\n

Klasick\u00e9 kybernetick\u00e9 \u00fatoky, ktor\u00e9 zneu\u017e\u00edvaj\u00fa podvodn\u00e9 e-maily a ich cie\u013eom je vyl\u00e1ka\u0165 z u\u017e\u00edvate\u013eov d\u00f4vern\u00e9 inform\u00e1cie, op\u00e4\u0165 z\u00edskavaj\u00fa na popularite. Podvodn\u00edci ku nim \u010d\u00edm \u010falej, t\u00fdm viac okrem e-mailov a instant messengerov vyu\u017e\u00edvaj\u00fa SMS, soci\u00e1lne siete a najnov\u0161ie aplik\u00e1cie pre t\u00edmov\u00fa spolupr\u00e1cu ako je Microsoft Teams, Slack, Discord \u010di soci\u00e1lnu sie\u0165 LinkedIn.<\/strong><\/strong><\/strong><\/p>\n\n\n\n

Princ\u00edp fungovania phishingu <\/a>je st\u00e1le rovnak\u00fd. Z\u00edskan\u00e9 ozn\u00e1menie \u2013 \u010dasto obchodn\u00e9ho charakteru \u2013 m\u00e1 za \u00falohu presved\u010di\u0165 d\u00f4ver\u010div\u00fa verejnos\u0165, aby urobila, \u010do sa od nej chce, a tak z nej \u00fato\u010dn\u00edk vyl\u00e1kal citliv\u00e9 \u00fadaje. Naj\u010dastej\u0161ie ide o hesl\u00e1, \u010d\u00edsla platobn\u00fdch a kreditn\u00fdch kariet, rodn\u00e9 \u010d\u00edsla at\u010f. \u010co sa zmenilo, s\u00fa praktiky, ak\u00fdmi s\u00fa \u00fatoky vykon\u00e1van\u00e9. Okrem e-mailov a vyu\u017e\u00edvania syst\u00e9mov pre zasielanie r\u00fdchlych spr\u00e1v sa vyu\u017e\u00edvaj\u00fa aplik\u00e1cie zo v\u0161adepr\u00edtomnej sady Microsoftu pre tvorbu a zdie\u013eanie dokumentov, teda Office a Office 365. Doba v\u0161ak pokro\u010dila a pand\u00e9mia prispela k vzniku novej met\u00f3dy.<\/p>\n\n\n\n

\u0160pecifick\u00fd \u00fato\u010dn\u00fd vektor<\/h2>\n\n\n\n


Aktu\u00e1lne sa k phishingov\u00fdm \u00fatokom vyu\u017e\u00edva Microsoft Teams, Slack, Discord a pod. Teda syst\u00e9my pre t\u00edmov\u00fa spolupr\u00e1cu. Pand\u00e9mia zapr\u00ed\u010dinila, \u017ee mnoho zamestnancov pracuje z domu. Na spojenie s organiz\u00e1ciou sa preto vo zv\u00fd\u0161enej miere pou\u017e\u00edvaj\u00fa \u0161peci\u00e1lne komunika\u010dn\u00e9 platformy. \u201eAby bolo mo\u017en\u00e9 do nich umiestni\u0165 \u0161kodliv\u00e9 odkazy \u010di dokumenty, musia k aplik\u00e1ci\u00e1m \u00fato\u010dn\u00edci najprv z\u00edska\u0165 pr\u00edstup. To je mo\u017en\u00e9 urobi\u0165 viacer\u00fdmi sp\u00f4sobmi. Obvykle sa za\u010d\u00edna kompromit\u00e1ciou e-mailov, kedy s\u00fa prostredn\u00edctvom phishingu z\u00edskan\u00e9 prihlasovacie \u00fadaje alebo pr\u00edstup do firemnej siete,\u201c<\/em> vysvet\u013euje<\/strong> Martin Lohnert, \u0161pecialista pre oblas\u0165 kyberbezpe\u010dnosti v technologickej spolo\u010dnosti Soitron. <\/strong>Akon\u00e1hle sa tak stane, s\u00fa otvoren\u00e9 dvere pre \u010fal\u0161ie akcie.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u00dato\u010dn\u00edk m\u00f4\u017ee prek\u013aznu\u0165 cez ak\u00e9ko\u013evek bezpe\u010dnostn\u00e9 ochrany. Stane sa \u201eplnohodnotn\u00fdm\u201c \u010dlenom organiz\u00e1cie a za\u010dne \u0161kodi\u0165. \u201eSamozrejme aj pre Microsoft Teams existuje ochrana, ktor\u00e1 skenuje \u0161kodliv\u00e9 odkazy a chr\u00e1ni u\u017e\u00edvate\u013ea pred phishingom. Probl\u00e9mom je, \u017ee na jej nasadenie organiz\u00e1cie zab\u00fadaj\u00fa,\u201c<\/em> vysvet\u013euje Martin Lohnert. Ke\u010f v takejto organiz\u00e1cii \u00fato\u010dn\u00edk do komunik\u00e1cie \u2013 chatovej, ale napr\u00edklad aj video \u2013 odo\u0161le odkaz cez MS Teams, t\u00e1 neprever\u00ed, \u010di to, na \u010do odkazuje, je v poriadku a nie je bezpe\u010dnostn\u00fdm rizikom. Z\u00e1rove\u0148 \u00fato\u010dn\u00edci vs\u00e1dzaj\u00fa na to, \u017ee koncov\u00ed u\u017e\u00edvatelia platforme d\u00f4veruj\u00fa a pri jej pou\u017e\u00edvan\u00ed \u013eah\u0161ie a bez ob\u00e1v zdie\u013eaj\u00fa citliv\u00e9, ba dokonca d\u00f4vern\u00e9 d\u00e1ta. <\/p>\n\n\n\n

\u201eNa podvodn\u00e9 e-maily \u010di SMS si u\u017e\u00edvatelia u\u017e d\u00e1vaj\u00fa pozor, \u00fatoky cez tieto komunika\u010dn\u00e9 kan\u00e1ly s\u00fa v\u0161ak nie\u010do celkom nov\u00e9 a pre be\u017en\u00fdch u\u017e\u00edvate\u013eov, pripojen\u00fdch k firemnej infra\u0161trukt\u00fare, ne\u010dakan\u00e9,\u201c<\/em> dod\u00e1va Martin Lohnert.<\/p><\/blockquote>\n\n\n\n

Syst\u00e9my pracuj\u00fa tak, ako s\u00fa navrhnut\u00e9<\/h2>\n\n\n\n


Napr\u00edklad analytici bezpe\u010dnostnej spolo\u010dnosti Avanan zistili, \u017ee lek\u00e1ri v nemocniciach na platforme MS Teams zdie\u013eaj\u00fa lek\u00e1rske inform\u00e1cie o pacientoch prakticky bez obmedzen\u00ed. Zdravotn\u00edcky person\u00e1l pozn\u00e1 bezpe\u010dnostn\u00e9 pravidl\u00e1 a rizik\u00e1 zdie\u013eania inform\u00e1ci\u00ed prostredn\u00edctvom e-mailov, ale pokia\u013e ide o MS Teams, ignoruj\u00fa ich a domnievaj\u00fa sa, \u017ee jeho prostredn\u00edctvom je mo\u017en\u00e9 posiela\u0165 v\u0161etko a bezpe\u010dne. T\u00e1to platforma pre spolupr\u00e1cu pritom funguje, ako m\u00e1 a na \u010do bola navrhnut\u00e1. Umo\u017e\u0148uje pozva\u0165 kohoko\u013evek \u010fal\u0161ieho – napr. z in\u00fdch oddelen\u00ed alebo in\u00fdch spolo\u010dnost\u00ed ku spolupr\u00e1ci a \u010dasto m\u00e1lokto dohliada na to, kto m\u00e1 a nem\u00e1 ma\u0165 pr\u00edstup. Toto nie je \u0161pecifick\u00e9 iba pre MS Teams. Aj in\u00e9 platformy, ako je Slack \u010di Discord, funguj\u00fa podobne.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Cie\u013eom \u00fato\u010dn\u00edkov v pr\u00edpade phishingu sa st\u00e1va tie\u017e soci\u00e1lna sie\u0165 LinkedIn. T\u00e1 toti\u017e pou\u017e\u00edva automatick\u00e9 skracovanie URL adries. Pokia\u013e sa tak zdie\u013ea odkaz na LinkedIne, ktor\u00fd m\u00e1 viac ne\u017e 26 znakov, LinkedIn ho automaticky skr\u00e1ti pod\u013ea svojich z\u00e1sad a m\u00f4\u017ee vyzera\u0165 napr\u00edklad takto \u201ehttps:\/\/lnkd.in\/d_EcVD-i<\/a>\u201c. Vystaven\u00fd pr\u00edspevok na sieti m\u00f4\u017ee odkazova\u0165 kamko\u013evek a cez nieko\u013eko presmerovan\u00ed sa u\u017e\u00edvate\u013e m\u00f4\u017ee raz dva ocitn\u00fa\u0165 na phishingovej str\u00e1nke. <\/p>\n\n\n\n

<\/p>\n\n\n\n

\u201eV\u00e4\u010d\u0161ina organiz\u00e1ci\u00ed pou\u017e\u00edva nieko\u013eko komunika\u010dn\u00fdch n\u00e1strojov. Zamestnanci s\u00fa tak logicky zahlten\u00ed t\u00fdm, ako komunikuj\u00fa s r\u00f4znymi alebo niekedy rovnak\u00fdmi \u013eu\u010fmi na viacer\u00fdch platform\u00e1ch. To potom vedie k men\u0161ej obozretnosti, a to je zl\u00e9. Rie\u0161en\u00edm je tak neklika\u0165 na v\u0161etko, \u010do vid\u00edme, a tie\u017e neveri\u0165 tomu, \u017ee v\u0161etky syst\u00e9my s\u00fa perfektne zabezpe\u010den\u00e9,\u201c<\/em> dod\u00e1va na z\u00e1ver Martin Lohnert.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Klasick\u00e9 kybernetick\u00e9 \u00fatoky, ktor\u00e9 zneu\u017e\u00edvaj\u00fa podvodn\u00e9 e-maily a ich cie\u013eom je vyl\u00e1ka\u0165 z u\u017e\u00edvate\u013eov d\u00f4vern\u00e9 inform\u00e1cie, op\u00e4\u0165 z\u00edskavaj\u00fa na popularite. Podvodn\u00edci ku nim \u010d\u00edm \u010falej, t\u00fdm viac okrem e-mailov a instant messengerov vyu\u017e\u00edvaj\u00fa SMS, soci\u00e1lne siete a najnov\u0161ie aplik\u00e1cie pre t\u00edmov\u00fa spolupr\u00e1cu ako je Microsoft Teams, Slack, Discord \u010di soci\u00e1lnu sie\u0165 LinkedIn. Princ\u00edp fungovania phishingu […]<\/p>\n","protected":false},"author":34,"featured_media":48378,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"news_categories":[370],"class_list":["post-48430","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nezaradene","news_categories-bezpecnost"],"acf":[],"yoast_head":"\nPhishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu - Soitron<\/title>\n<meta name=\"description\" content=\"Kybernetick\u00e9 \u00fatoky sa po novom zameriavaj\u00fa aj na aplik\u00e1cie pre t\u00edmov\u00fa spolupr\u00e1cu ako Microsoft Teams, Slack, Discord \u010di LinkedIn.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu - Soitron\" \/>\n<meta property=\"og:description\" content=\"Kybernetick\u00e9 \u00fatoky sa po novom zameriavaj\u00fa aj na aplik\u00e1cie pre t\u00edmov\u00fa spolupr\u00e1cu ako Microsoft Teams, Slack, Discord \u010di LinkedIn.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Soitron\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-07T07:28:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-07T12:12:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/04\/mika-baumeister-ik4J32DUyI-unsplash-1536x1920.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"1920\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Natalia Jurakova\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Jurakova\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 min\u00faty\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu - Soitron","description":"Kybernetick\u00e9 \u00fatoky sa po novom zameriavaj\u00fa aj na aplik\u00e1cie pre t\u00edmov\u00fa spolupr\u00e1cu ako Microsoft Teams, Slack, Discord \u010di LinkedIn.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"sk_SK","og_type":"article","og_title":"Phishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu - Soitron","og_description":"Kybernetick\u00e9 \u00fatoky sa po novom zameriavaj\u00fa aj na aplik\u00e1cie pre t\u00edmov\u00fa spolupr\u00e1cu ako Microsoft Teams, Slack, Discord \u010di LinkedIn.","og_url":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/","og_site_name":"Soitron","article_published_time":"2022-04-07T07:28:00+00:00","article_modified_time":"2022-06-07T12:12:24+00:00","og_image":[{"width":1536,"height":1920,"url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/04\/mika-baumeister-ik4J32DUyI-unsplash-1536x1920.jpg","type":"image\/jpeg"}],"author":"Natalia Jurakova","twitter_card":"summary_large_image","twitter_misc":{"Autor":"Natalia Jurakova","Predpokladan\u00fd \u010das \u010d\u00edtania":"3 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/#article","isPartOf":{"@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/"},"author":{"name":"Natalia Jurakova","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986"},"headline":"Phishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu","datePublished":"2022-04-07T07:28:00+00:00","dateModified":"2022-06-07T12:12:24+00:00","mainEntityOfPage":{"@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/"},"wordCount":825,"publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"image":{"@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/04\/mika-baumeister-ik4J32DUyI-unsplash-1536x1920.jpg","inLanguage":"sk-SK"},{"@type":"WebPage","@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/","url":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/","name":"Phishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu - Soitron","isPartOf":{"@id":"https:\/\/new.soitron.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/#primaryimage"},"image":{"@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/04\/mika-baumeister-ik4J32DUyI-unsplash-1536x1920.jpg","datePublished":"2022-04-07T07:28:00+00:00","dateModified":"2022-06-07T12:12:24+00:00","description":"Kybernetick\u00e9 \u00fatoky sa po novom zameriavaj\u00fa aj na aplik\u00e1cie pre t\u00edmov\u00fa spolupr\u00e1cu ako Microsoft Teams, Slack, Discord \u010di LinkedIn.","breadcrumb":{"@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/#primaryimage","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/04\/mika-baumeister-ik4J32DUyI-unsplash-1536x1920.jpg","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/04\/mika-baumeister-ik4J32DUyI-unsplash-1536x1920.jpg","width":1536,"height":1920},{"@type":"BreadcrumbList","@id":"https:\/\/new.soitron.com\/teamwork-platforms-phishing-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/new.soitron.com\/"},{"@type":"ListItem","position":2,"name":"Phishing tr\u00e1pi platformy pre t\u00edmov\u00fa spolupr\u00e1cu"}]},{"@type":"WebSite","@id":"https:\/\/new.soitron.com\/#website","url":"https:\/\/new.soitron.com\/","name":"Soitron","description":"Soitron je IT firma s viac ako 30 ro\u010dnou trad\u00edciou.","publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/new.soitron.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Organization","@id":"https:\/\/new.soitron.com\/#organization","name":"Soitron","url":"https:\/\/new.soitron.com\/","logo":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","width":224,"height":56,"caption":"Soitron"},"image":{"@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986","name":"Natalia Jurakova","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","caption":"Natalia Jurakova"},"url":"https:\/\/new.soitron.com\/sk\/author\/naty\/"}]}},"_links":{"self":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/48430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/comments?post=48430"}],"version-history":[{"count":0,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/48430\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media\/48378"}],"wp:attachment":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media?parent=48430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/categories?post=48430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/tags?post=48430"},{"taxonomy":"news_categories","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/news_categories?post=48430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}