{"id":49816,"date":"2022-08-19T15:49:45","date_gmt":"2022-08-19T14:49:45","guid":{"rendered":"https:\/\/www.soitron.com\/trojsky-kun-odhalil-casovanou-bezpecnostni-bombu\/"},"modified":"2022-09-28T09:35:46","modified_gmt":"2022-09-28T08:35:46","slug":"trojsky-kon-odhalil-casovanu-bezpecnostnu-bombu","status":"publish","type":"post","link":"https:\/\/new.soitron.com\/sk\/trojsky-kon-odhalil-casovanu-bezpecnostnu-bombu\/","title":{"rendered":"Trojsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu. SOHO routre potichu sleduj\u00fa prev\u00e1dzku v sieti"},"content":{"rendered":"\n

Takmer dva roky zostalo IT expertom utajen\u00e9 z\u00e1va\u017en\u00e9 bezpe\u010dnostn\u00e9 riziko. A to malware, ktor\u00fd \u00fato\u010dn\u00edkom umo\u017en\u00ed ovl\u00e1dnu\u0165 lok\u00e1lnu sie\u0165 a z\u00edska\u0165 pr\u00edstup do zapojen\u00fdch syst\u00e9mov, ako s\u00fa po\u010d\u00edta\u010de a \u010fal\u0161ie zariadenia. \u00datok prebieha prostredn\u00edctvom doteraz nev\u00eddan\u00e9ho trojsk\u00e9ho ko\u0148a a zameriava sa na \u201edom\u00e1ce\u201c routre v Eur\u00f3pe a severnej Amerike. N\u00e1sledne spr\u00edstupn\u00ed ovl\u00e1danie pripojen\u00fdch zariaden\u00ed so syst\u00e9mami Windows, Mac OS a Linux.<\/strong><\/strong><\/p>\n\n\n\n

Novoobjaven\u00fd trojsk\u00fd k\u00f4\u0148 ZuoRAT bol od roku 2020 nepozorovane pou\u017e\u00edvan\u00fd a zacielen\u00fd na routre nach\u00e1dzaj\u00face sa v mal\u00fdch a dom\u00e1cich kancel\u00e1ri\u00e1ch (SOHO – Small Office\/Home Office). \u201eNie je n\u00e1hoda, \u017ee prv\u00e9 identifikovan\u00e9 nasadenie ZuoRAT sa datuje pr\u00e1ve ku za\u010diatku pand\u00e9mie Covid-19. Jej vypuknutie od\u0161tartoval \u017eiveln\u00fd prechod na vzdialen\u00fa pr\u00e1cu a drastick\u00e9 zv\u00fd\u0161enie po\u010dtu SOHO routrov, ktor\u00e9 zamestnanci vyu\u017e\u00edvaj\u00fa k pr\u00edstupu do firemnej infra\u0161trukt\u00fary z domu,\u201c <\/em>vysvet\u013euje<\/strong> Martin Lohnert, \u0161pecialista pre oblas\u0165 kyberbezpe\u010dnosti v technologickej spolo\u010dnosti Soitron<\/strong>.<\/p>\n\n\n\n

M\u00e1te router? A m\u00f4\u017eem ho vidie\u0165?<\/h2>\n\n\n\n

Nebezpe\u010denstvo postihlo mno\u017estvo \u0161iroko pou\u017e\u00edvan\u00fdch routrov, predov\u0161etk\u00fdm od spolo\u010dnost\u00ed Asus, Cisco, DrayTek \u010di Netgear. Smutnou pravdou je, \u017ee takmer v\u0161etky SOHO routre s\u00fa len zriedka monitorovan\u00e9 a servisovan\u00e9, \u010do z nich rob\u00ed jedno z najslab\u0161\u00edch miest v perimetri siete. Preto m\u00f4\u017eu ve\u013emi dobre posl\u00fa\u017ei\u0165 ku zberu d\u00e1t alebo kompromit\u00e1ci\u00ed zariaden\u00ed pripojen\u00fdch do siete. <\/p>\n\n\n\n

\u201eBe\u017en\u00fd u\u017e\u00edvate\u013e po zak\u00fapen\u00ed routra urob\u00ed jeho z\u00e1kladn\u00fa konfigur\u00e1ciu, alebo mu ju urob\u00ed jeho IT technik, a za\u010dne ho vyu\u017e\u00edva\u0165. Bohu\u017eia\u013e m\u00e1lokedy sa stane, \u017ee by ho potom niekedy skontroloval alebo urobil update jeho firmware. A presne tento pr\u00edstup predstavuje potenci\u00e1lne ve\u013ek\u00e9 riziko,\u201c<\/em> vysvet\u013euje Martin Lohnert.<\/p><\/blockquote>\n\n\n\n

N\u00e1hly prechod k pr\u00e1ci na dia\u013eku umo\u017enil sofistikovan\u00fdm \u00fato\u010dn\u00edkom vyu\u017ei\u0165 t\u00fato pr\u00edle\u017eitos\u0165 a prekona\u0165 tradi\u010dn\u00fa IT obranu mno\u017estva dobre zabehan\u00fdch organiz\u00e1ci\u00ed. Po infikovan\u00ed routra (v\u00e4\u010d\u0161inou bez nastavenia ochrany proti zn\u00e1mym bezpe\u010dnostn\u00fdm chyb\u00e1m) pomocou skriptu d\u00f4jde k \u013eahk\u00e9mu nasadeniu malwaru ZuoRAT. Ten potom m\u00f4\u017ee kompromitova\u0165 v sieti pripojen\u00e9 zariadenia a nain\u0161talova\u0165 \u010fal\u0161\u00ed \u0161kodliv\u00fd softv\u00e9r, a to ako do Windows, tak do Mac Os a Linuxu.<\/p>\n\n\n\n

Cie\u013e ZuoRAT a ako sa chr\u00e1ni\u0165<\/h2>\n\n\n\n

\u00datok prostredn\u00edctvom ZuoRAT je veden\u00fd ako zistenie, \u010di sa v routri st\u00e1le nach\u00e1dzaj\u00fa zn\u00e1me a doteraz neopraven\u00e9 chyby. Po \u00faspe\u0161nom infikovan\u00ed routra nasleduje aktiv\u00e1cia a zistenie toho, ak\u00e9 zariadenia s\u00fa pripojen\u00e9 ku smerova\u010du. \u00dato\u010dn\u00edk potom m\u00f4\u017ee pomocou \u00fanosu DNS a HTTP komunik\u00e1cie prin\u00fati\u0165 pripojen\u00e9 zariadenia k in\u0161tal\u00e1cii \u010fal\u0161ieho malwaru. Zahrnut\u00e1 je tie\u017e funkcia pre zber d\u00e1t prostredn\u00edctvom TCP protokolu cez porty 21 a 8443, ktor\u00e9 sa pou\u017e\u00edvaj\u00fa k FTP pripojeniu a prech\u00e1dzaniu webu, \u010do protivn\u00edkovi potenci\u00e1lne umo\u017e\u0148uje sledova\u0165 internetov\u00fa aktivitu u\u017e\u00edvate\u013eov z napadnut\u00e9ho routra.<\/p>\n\n\n\n

\u00datok je veden\u00fd ve\u013emi profesion\u00e1lne. \u201eBolo vynalo\u017een\u00e9 ve\u013ek\u00e9 \u00fasilie, aby ZuoRAT zostal neodhalen\u00fd. \u00dato\u010dn\u00e1 infra\u0161trukt\u00fara bola vysoko sofistikovan\u00e1. Napriek tomu identifikovan\u00fdch napadnut\u00ed ZuoRATom zatia\u013e nie je z\u00e1vratn\u00e9 mno\u017estvo, no nikto si nem\u00f4\u017ee by\u0165 ist\u00fd, \u017ee sa to net\u00fdka aj jeho dom\u00e1ceho routra. Ide doslova o \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu, ktor\u00e1 m\u00f4\u017ee za\u010da\u0165 \u0161kodi\u0165 kedyko\u013evek,\u201c<\/em> vyzdvihuje Martin Lohnert.<\/p>\n\n\n\n

Ochrana proti tak\u00e9muto sp\u00f4sobu \u00fatoku z poh\u013eadu dom\u00e1ceho u\u017e\u00edvate\u013ea spo\u010d\u00edva predov\u0161etk\u00fdm v pravidelnej aktualiz\u00e1ci\u00ed ich firmwarov a v\u0161\u00edman\u00ed si podozriv\u00e9ho chovania dom\u00e1cej siete. Firmy by si naviac mali uvedomi\u0165, \u017ee IT prvkom mimo infra\u0161trukt\u00fary organiz\u00e1cie nie je mo\u017en\u00e9 veri\u0165 \u2013 mali by po\u010d\u00edta\u0165 s t\u00fdm, \u017ee s\u00fa potenci\u00e1lne nebezpe\u010dn\u00e9. Predsa len ich nemaj\u00fa vo svojej gescii, a tak by k nim v\u017edy mali pristupova\u0165 ako k ned\u00f4veryhodn\u00fdm zariadeniam.<\/p>\n","protected":false},"excerpt":{"rendered":"

Takmer dva roky zostalo IT expertom utajen\u00e9 z\u00e1va\u017en\u00e9 bezpe\u010dnostn\u00e9 riziko. A to malware, ktor\u00fd \u00fato\u010dn\u00edkom umo\u017en\u00ed ovl\u00e1dnu\u0165 lok\u00e1lnu sie\u0165 a z\u00edska\u0165 pr\u00edstup do zapojen\u00fdch syst\u00e9mov, ako s\u00fa po\u010d\u00edta\u010de a \u010fal\u0161ie zariadenia. \u00datok prebieha prostredn\u00edctvom doteraz nev\u00eddan\u00e9ho trojsk\u00e9ho ko\u0148a a zameriava sa na \u201edom\u00e1ce\u201c routre v Eur\u00f3pe a severnej Amerike. N\u00e1sledne spr\u00edstupn\u00ed ovl\u00e1danie pripojen\u00fdch zariaden\u00ed so […]<\/p>\n","protected":false},"author":34,"featured_media":49736,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"news_categories":[370],"class_list":["post-49816","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nezaradene","news_categories-bezpecnost"],"acf":[],"yoast_head":"\nTr\u00f3jsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu<\/title>\n<meta name=\"description\" content=\"Malware, ktor\u00fd \u00fato\u010dn\u00edkom umo\u017en\u00ed ovl\u00e1dnu\u0165 lok\u00e1lnu sie\u0165 a z\u00edska\u0165 pr\u00edstup do zapojen\u00fdch syst\u00e9mov bol takmer dva roky skryt\u00fd.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tr\u00f3jsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu\" \/>\n<meta property=\"og:description\" content=\"Malware, ktor\u00fd \u00fato\u010dn\u00edkom umo\u017en\u00ed ovl\u00e1dnu\u0165 lok\u00e1lnu sie\u0165 a z\u00edska\u0165 pr\u00edstup do zapojen\u00fdch syst\u00e9mov bol takmer dva roky skryt\u00fd.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/\" \/>\n<meta property=\"og:site_name\" content=\"Soitron\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-19T14:49:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-28T08:35:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Natalia Jurakova\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Jurakova\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 min\u00faty\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Tr\u00f3jsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu","description":"Malware, ktor\u00fd \u00fato\u010dn\u00edkom umo\u017en\u00ed ovl\u00e1dnu\u0165 lok\u00e1lnu sie\u0165 a z\u00edska\u0165 pr\u00edstup do zapojen\u00fdch syst\u00e9mov bol takmer dva roky skryt\u00fd.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"sk_SK","og_type":"article","og_title":"Tr\u00f3jsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu","og_description":"Malware, ktor\u00fd \u00fato\u010dn\u00edkom umo\u017en\u00ed ovl\u00e1dnu\u0165 lok\u00e1lnu sie\u0165 a z\u00edska\u0165 pr\u00edstup do zapojen\u00fdch syst\u00e9mov bol takmer dva roky skryt\u00fd.","og_url":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/","og_site_name":"Soitron","article_published_time":"2022-08-19T14:49:45+00:00","article_modified_time":"2022-09-28T08:35:46+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","type":"image\/jpeg"}],"author":"Natalia Jurakova","twitter_card":"summary_large_image","twitter_misc":{"Autor":"Natalia Jurakova","Predpokladan\u00fd \u010das \u010d\u00edtania":"3 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#article","isPartOf":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/"},"author":{"name":"Natalia Jurakova","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986"},"headline":"Trojsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu. SOHO routre potichu sleduj\u00fa prev\u00e1dzku v sieti","datePublished":"2022-08-19T14:49:45+00:00","dateModified":"2022-09-28T08:35:46+00:00","mainEntityOfPage":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/"},"wordCount":704,"publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"image":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","inLanguage":"sk-SK"},{"@type":"WebPage","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/","url":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/","name":"Tr\u00f3jsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu","isPartOf":{"@id":"https:\/\/new.soitron.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage"},"image":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","datePublished":"2022-08-19T14:49:45+00:00","dateModified":"2022-09-28T08:35:46+00:00","description":"Malware, ktor\u00fd \u00fato\u010dn\u00edkom umo\u017en\u00ed ovl\u00e1dnu\u0165 lok\u00e1lnu sie\u0165 a z\u00edska\u0165 pr\u00edstup do zapojen\u00fdch syst\u00e9mov bol takmer dva roky skryt\u00fd.","breadcrumb":{"@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#primaryimage","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/08\/AdobeStock_216274011-min-1920x1280.jpeg","width":1920,"height":1280,"caption":"trojan horse malware computer toy horse"},{"@type":"BreadcrumbList","@id":"https:\/\/new.soitron.com\/trojan-horse-revealed-intercept-network-traffic\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/new.soitron.com\/"},{"@type":"ListItem","position":2,"name":"Trojsk\u00fd k\u00f4\u0148 ZuoRAT odhalil \u010dasovan\u00fa bezpe\u010dnostn\u00fa bombu. SOHO routre potichu sleduj\u00fa prev\u00e1dzku v sieti"}]},{"@type":"WebSite","@id":"https:\/\/new.soitron.com\/#website","url":"https:\/\/new.soitron.com\/","name":"Soitron","description":"Soitron je IT firma s viac ako 30 ro\u010dnou trad\u00edciou.","publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/new.soitron.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Organization","@id":"https:\/\/new.soitron.com\/#organization","name":"Soitron","url":"https:\/\/new.soitron.com\/","logo":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","width":224,"height":56,"caption":"Soitron"},"image":{"@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986","name":"Natalia Jurakova","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","caption":"Natalia Jurakova"},"url":"https:\/\/new.soitron.com\/sk\/author\/naty\/"}]}},"_links":{"self":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/49816","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/comments?post=49816"}],"version-history":[{"count":2,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/49816\/revisions"}],"predecessor-version":[{"id":49897,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/49816\/revisions\/49897"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media\/49736"}],"wp:attachment":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media?parent=49816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/categories?post=49816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/tags?post=49816"},{"taxonomy":"news_categories","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/news_categories?post=49816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}