{"id":48762,"date":"2022-05-06T10:12:30","date_gmt":"2022-05-06T09:12:30","guid":{"rendered":"https:\/\/www.soitron.com\/nova-technika-phishingu-browser\/"},"modified":"2022-06-02T12:06:31","modified_gmt":"2022-06-02T11:06:31","slug":"nova-technika-phishingu-browser","status":"publish","type":"post","link":"https:\/\/new.soitron.com\/sk\/nova-technika-phishingu-browser\/","title":{"rendered":"Tento typ phishingov\u00e9ho \u00fatoku zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom"},"content":{"rendered":"\n

Phishing<\/a>, teda forma \u00fatoku, kedy sa naru\u0161ite\u013e sna\u017e\u00ed od obete z\u00edska\u0165 citliv\u00e9 d\u00e1ta, je be\u017enou hrozbou, ktor\u00e1 existuje nieko\u013eko rokov. Vyu\u017e\u00edva r\u00f4zne techniky soci\u00e1lneho in\u017einierstva, aby presved\u010dil ni\u010d netu\u0161iaceho u\u017e\u00edvate\u013ea o poskytnut\u00ed prihlasovac\u00edch \u00fadajov, ktor\u00e9 \u00fato\u010dn\u00edk zbiera. Teraz sa objavila \u00faplne nov\u00e1 technika, ktor\u00fa mo\u017eno neodhalia ani IT experti, a tak aj oni m\u00f4\u017eu \u201enaletie\u0165\u201c.<\/strong><\/strong><\/p>\n\n\n\n

Napriek r\u00f4znym ochrann\u00fd syst\u00e9mom by dnes ka\u017ed\u00fd u\u017e\u00edvate\u013e, vyu\u017e\u00edvaj\u00faci internet, mal by\u0165 v strehu. V pr\u00edpade surfovania, a dvojn\u00e1sobne pri klikan\u00ed na odkazy \u010di presmerovan\u00ed na in\u00e9 webov\u00e9 str\u00e1nky, je vhodn\u00e9 si najprv skontrolova\u0165 spr\u00e1vnos\u0165 URL adresy \u2013 teda, \u010di sa<\/em> napr\u00edklad namiesto na google.com neobjavil na googlle.com. \u201eIba jedno jedin\u00e9 in\u00e9 p\u00edsmenko m\u00f4\u017ee narobi\u0165 ve\u013ek\u00e9 probl\u00e9my. Obe str\u00e1nky m\u00f4\u017eu vyzera\u0165 \u00faplne rovnako. Av\u0161ak len jedna je prav\u00e1. T\u00e1 druh\u00e1 bude mo\u017eno podvrhnut\u00e1 a m\u00e1 za cie\u013e formou phishingu z u\u017e\u00edvate\u013ea vyl\u00e1ka\u0165 osobn\u00e9 \u00fadaje,\u201c <\/em>prezr\u00e1dza Martin Lohnert, \u0161pecialista pre oblas\u0165 kyberbezpe\u010dnosti v technologickej spolo\u010dnosti Soitron<\/strong>.<\/p>\n\n\n\n

Len \u010do si je u\u017e\u00edvate\u013e ist\u00fd, \u017ee je na spr\u00e1vnej adrese, potom by mal e\u0161te skontrolova\u0165, \u010di sa pred adresou nach\u00e1dza ikona z\u00e1mku (URL webu zobrazuje https, \u010do znamen\u00e1, \u017ee web je zabezpe\u010den\u00fd TLS\/SSL \u0161ifrovan\u00edm). T\u00fdm prehliada\u010d u\u017e\u00edvate\u013eovi d\u00e1va na vedomie, \u017ee komunik\u00e1cia s webom je zabezpe\u010den\u00e1. K t\u00fdmto kontroln\u00fdm krokom je od teraz potrebn\u00e9 prida\u0165 e\u0161te jeden nov\u00fd.<\/p>\n\n\n\n

Takmer nezistite\u013en\u00fd phishing<\/h2>\n\n\n\n


Nov\u00e1 technika phishingu s n\u00e1zvom browser-in-the-browser (BitB) \u00fatok, ktor\u00fa pop\u00edsal penetra\u010dn\u00fd tester mr.d0x, vyu\u017e\u00edva k simul\u00e1ci\u00ed vyskakovacie okno internetov\u00e9ho prehliada\u010da v prehliada\u010di. Najm\u00e4 ak ide o okn\u00e1 pre jednotn\u00e9 prihl\u00e1senie tret\u00edch str\u00e1n (SSO<\/a>).<\/p>\n\n\n\n

V s\u00fa\u010dasnej dobe nie je v\u00fdnimkou, \u017ee u\u017e\u00edvate\u013e k overeniu svojej identity na nejakej webovej str\u00e1nke, slu\u017ebe \u010di e-shope, vyu\u017eije svoj u\u017e existuj\u00faci \u00fa\u010det v Google, Microsofte, Apple, Facebooku at\u010f. Prostredn\u00edctvom vyskakovacieho okna \u201ePrihl\u00e1si\u0165 sa cez\u2026\u201c nemus\u00ed st\u00e1le opakovane zaklada\u0165 nov\u00e9 \u00fa\u010dty. Av\u0161ak sfal\u0161ovan\u00edm tohto okna, respekt\u00edve legit\u00edmnej dom\u00e9ny, je mo\u017en\u00e9 pripravi\u0165 presved\u010div\u00fd phishingov\u00fd \u00fatok.<\/p>\n\n\n\n

Vytvori\u0165 identick\u00e9 okno je jednoduch\u00e9<\/h2>\n\n\n\n


Zatia\u013e \u010do v\u00fdchodiskov\u00fdm chovan\u00edm webovej str\u00e1nky pri pokuse u\u017e\u00edvate\u013ea o prihl\u00e1senie pomocou SSO met\u00f3dy k dokon\u010deniu procesu overovania je uv\u00edtanie vyskakovac\u00edm oknom, \u00fatok BitB m\u00e1 za cie\u013e replikova\u0165 cel\u00fd tento proces pomocou kombin\u00e1cie HTML k\u00f3du a CSS \u0161t\u00fdlu, a tak vytvori\u0165 podvrhnut\u00e9 identick\u00e9 okno prehliada\u010da. \u201eSkombinovan\u00fd design okna s iframe prvkom, ktor\u00fd ukazuje na \u0161kodliv\u00fd server hos\u0165uj\u00faci phishingov\u00fa str\u00e1nku, je v podstate k nerozoznaniu od toho prav\u00e9ho,\u201c <\/em>uv\u00e1dza mr.d0x<\/strong>.<\/p>\n\n\n\n

\"\"
Len ve\u013emi m\u00e1lo pou\u017e\u00edvate\u013eov si v\u0161imne drobn\u00e9 rozdiely medzi t\u00fdmito dvoma oknami. Zdroj: mr.d0x<\/em><\/figcaption><\/figure>\n\n\n\n

Ochrana pred \u0161kodliv\u00fdm vyskakovac\u00edm oknom<\/h2>\n\n\n\n


Len \u010do pou\u017e\u00edvate\u013e vypln\u00ed prihlasovacie \u00fadaje \u2013 naj\u010dastej\u0161ie meno alebo e-mail, pr\u00edpadne telef\u00f3nne \u010d\u00edslo a zad\u00e1 heslo \u2013 m\u00e1 zaroben\u00e9 na probl\u00e9m, preto\u017ee ich nevedomky \u201evyzrad\u00ed\u201c. K ich zneu\u017eitiu nemus\u00ed d\u00f4js\u0165 okam\u017eite, ale inform\u00e1cie s\u00fa ulo\u017een\u00e9 do datab\u00e1zy \u00fato\u010dn\u00edka a t\u00e1 je, spolu s in\u00fdmi, obratom pon\u00faknut\u00e1 na predaj. Prihlasovacie \u00fadaje tak zneu\u017eije a\u017e n\u00e1sledn\u00fd kupuj\u00faci.<\/p>\n\n\n\n

\u201eOchranou pred t\u00fdmto typom \u00fatoku je okrem kontroly URL, teda toho, \u010di sa skuto\u010dne nach\u00e1dzame na spr\u00e1vnom webe a \u010di je komunik\u00e1cia \u0161ifrovan\u00e1, aj to, \u017ee okno pre jednotn\u00e9 prihl\u00e1senie uchop\u00edme a sk\u00fasime posun\u00fa\u0165 mimo aktu\u00e1lne na\u010d\u00edtan\u00fa webov\u00fa str\u00e1nku. Pokia\u013e sa to podar\u00ed, je v\u0161etko v poriadku. Pokia\u013e nie, ide o JavaScriptov\u00e9 okno, ktor\u00e9 je podvrhnut\u00e9. Do neho prihlasovacie \u00fadaje nikdy nevyp\u013a\u0148ajte,\u201c<\/em> <\/strong>dod\u00e1va na z\u00e1ver Martin Lohnert.<\/p>\n","protected":false},"excerpt":{"rendered":"

Phishing, teda forma \u00fatoku, kedy sa naru\u0161ite\u013e sna\u017e\u00ed od obete z\u00edska\u0165 citliv\u00e9 d\u00e1ta, je be\u017enou hrozbou, ktor\u00e1 existuje nieko\u013eko rokov. Vyu\u017e\u00edva r\u00f4zne techniky soci\u00e1lneho in\u017einierstva, aby presved\u010dil ni\u010d netu\u0161iaceho u\u017e\u00edvate\u013ea o poskytnut\u00ed prihlasovac\u00edch \u00fadajov, ktor\u00e9 \u00fato\u010dn\u00edk zbiera. Teraz sa objavila \u00faplne nov\u00e1 technika, ktor\u00fa mo\u017eno neodhalia ani IT experti, a tak aj oni m\u00f4\u017eu \u201enaletie\u0165\u201c. […]<\/p>\n","protected":false},"author":34,"featured_media":48702,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"news_categories":[370],"class_list":["post-48762","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nezaradene","news_categories-bezpecnost"],"acf":[],"yoast_head":"\nPhishingov\u00fd \u00fatoku ,ktor\u00fd zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom<\/title>\n<meta name=\"description\" content=\"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) vyu\u017e\u00edva k simul\u00e1cii vyskakovacie okno internetov\u00e9ho prehliada\u010da v prehliada\u010di.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishingov\u00fd \u00fatoku ,ktor\u00fd zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom\" \/>\n<meta property=\"og:description\" content=\"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) vyu\u017e\u00edva k simul\u00e1cii vyskakovacie okno internetov\u00e9ho prehliada\u010da v prehliada\u010di.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/\" \/>\n<meta property=\"og:site_name\" content=\"Soitron\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-06T09:12:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-02T11:06:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Natalia Jurakova\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Jurakova\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 min\u00faty\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishingov\u00fd \u00fatoku ,ktor\u00fd zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom","description":"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) vyu\u017e\u00edva k simul\u00e1cii vyskakovacie okno internetov\u00e9ho prehliada\u010da v prehliada\u010di.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"sk_SK","og_type":"article","og_title":"Phishingov\u00fd \u00fatoku ,ktor\u00fd zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom","og_description":"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) vyu\u017e\u00edva k simul\u00e1cii vyskakovacie okno internetov\u00e9ho prehliada\u010da v prehliada\u010di.","og_url":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/","og_site_name":"Soitron","article_published_time":"2022-05-06T09:12:30+00:00","article_modified_time":"2022-06-02T11:06:31+00:00","og_image":[{"url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","width":800,"height":800,"type":"image\/png"}],"author":"Natalia Jurakova","twitter_card":"summary_large_image","twitter_misc":{"Autor":"Natalia Jurakova","Predpokladan\u00fd \u010das \u010d\u00edtania":"3 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#article","isPartOf":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/"},"author":{"name":"Natalia Jurakova","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986"},"headline":"Tento typ phishingov\u00e9ho \u00fatoku zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom","datePublished":"2022-05-06T09:12:30+00:00","dateModified":"2022-06-02T11:06:31+00:00","mainEntityOfPage":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/"},"wordCount":688,"publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"image":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","inLanguage":"sk-SK"},{"@type":"WebPage","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/","url":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/","name":"Phishingov\u00fd \u00fatoku ,ktor\u00fd zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom","isPartOf":{"@id":"https:\/\/new.soitron.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage"},"image":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","datePublished":"2022-05-06T09:12:30+00:00","dateModified":"2022-06-02T11:06:31+00:00","description":"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) vyu\u017e\u00edva k simul\u00e1cii vyskakovacie okno internetov\u00e9ho prehliada\u010da v prehliada\u010di.","breadcrumb":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","width":1200,"height":1200,"caption":"broswer"},{"@type":"BreadcrumbList","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/new.soitron.com\/"},{"@type":"ListItem","position":2,"name":"Tento typ phishingov\u00e9ho \u00fatoku zamot\u00e1 hlavu aj sk\u00fasen\u00fdm IT expertom"}]},{"@type":"WebSite","@id":"https:\/\/new.soitron.com\/#website","url":"https:\/\/new.soitron.com\/","name":"Soitron","description":"Soitron je IT firma s viac ako 30 ro\u010dnou trad\u00edciou.","publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/new.soitron.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Organization","@id":"https:\/\/new.soitron.com\/#organization","name":"Soitron","url":"https:\/\/new.soitron.com\/","logo":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","width":224,"height":56,"caption":"Soitron"},"image":{"@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986","name":"Natalia Jurakova","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","caption":"Natalia Jurakova"},"url":"https:\/\/new.soitron.com\/sk\/author\/naty\/"}]}},"_links":{"self":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/48762","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/comments?post=48762"}],"version-history":[{"count":0,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/48762\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media\/48702"}],"wp:attachment":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media?parent=48762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/categories?post=48762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/tags?post=48762"},{"taxonomy":"news_categories","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/news_categories?post=48762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}