Okudingayo ukwazi mayelana ne-Stuxnet worm
I-Stuxnet iyi-worm yekhompiyutha ehlose uhlobo lwezinhlelo zokulawula izimboni (i-ICS) ezivame ukusetshenziselwa ezakhiweni ezisekela ingqalasizinda (ie izitshalo zamandla, izindawo zokwelapha kwamanzi, imigqa yegesi, njll).
I-worm ivame ukutholwa kuqala ngo-2009 noma ngo-2010 kodwa empeleni itholwe ukuthi ihlasele uhlelo lwenuzi ye-nuclear ngo-2007. Ngalezo zinsuku, i-Stuxnet itholakale ikakhulukazi e-Iran, e-Indonesia nase-India, engama-85% kuzo zonke izifo.
Kusukela ngaleso sikhathi, izibungu zithinte ama-computer amaningi emazweni amaningi, ngisho nokubhubhisa ngokuphelele imishini ethile futhi isula ingxenye enkulu ye-centrifuges yase-Iran.
I-Stuxnet Yenzani?
I-Stuxnet iklanyelwe ukushintsha i-Programmable Logic Controllers (i-PLCs) esetshenziswe kulezo zakhiwo. Esimweni se-ICS, i-PLC ishintsha imisebenzi yezinhlobo zezimboni ezifana nokulawula izinga lokugeleza ukugcina ingcindezi nokulawula ukushisa.
Yakhiwe kuphela ekusakazweni kwamakhomphyutha amathathu, kodwa ngayinye yalezo zingasakazeka kwabanye abathathu, okuyindlela esakaza ngayo.
Esinye sezici zayo ukusabalalisa kumadivayisi kunethiwekhi yendawo engaxhunyiwe kwi-intanethi. Isibonelo, singase sithuthelele kwenye ikhompuyutha nge- USB kodwa sisakaze kwenye imishini yangasese ngemuva komzila ongasethiwe ukuze kufinyelele amanethiwekhi angaphandle, okwenza amadivaysi e-intranet abhekane ngokuphumelelayo.
Okokuqala, amashayeli wedivayisi we-Stuxnet ayesayinwe ngamadijithi ngoba ayebiwe ezitifiketi ezisemthethweni ezazisetshenziswa kumadivaysi e-JMicron ne-Realtek, okwakwenza ukuba kube lula ukuzifaka ngaphandle kokumangalela kumsebenzisi. Kusukela ngaleso sikhathi, Nokho, i-VeriSign inqatshelwe izitifiketi.
Uma igciwane lihlala kwikhompyutha engenayo i-software ephathekayo ye-Siemens efakiwe, iyohlala ingenalutho. Lona umehluko omkhulu phakathi kwaleli gciwane nabanye, ngoba lwakhiwe ngenjongo ethile kakhulu futhi 'ayifuni' ukwenza noma yini eminye eminye imishini.
I-Stuxnet ifinyelela kanjani kuma-PLC?
Ngenxa yezizathu zokuphepha, amadivayisi amaningi we-hardware asetshenziselwa izinhlelo zokulawula izimboni awaxhunyiwe kwi-intanethi (futhi ngokuvamile ayifuni ngisho nanoma yimaphi amanethiwekhi wendawo). Ukuphikisana nalokhu, isikhwama se-Stuxnet sihlanganisa izindlela eziningana zokusakazeka ngenhloso yokugcina nokufinyelela amafayela wephrojekthi we-STEP 7 asetshenziselwa ukuhlela amadivayisi we-PLC.
Ukuze uthole izinjongo zokuqala zokusabalalisa, i-worm ihlose amakhompiyutha asebenzisa izinhlelo zokusebenza ze-Windows, futhi ngokuvamile wenza lokhu ngokusebenzisa i- flash drive . Kodwa-ke, i-PLC ngokwayo ayisona isistimu esekelwe yiWindows kodwa kunesidingo solimi lomshini. Ngakho uStuxnet uvele nje awela amakhompiyutha eWindows ukuze afinyelele ohlelweni oluphatha ama-PLC, lapho lunikeza khona ukukhokhelwa kwalo.
Ukuze uphinde uhlele kabusha i-PLC, i-Stuxnet worm ifuna futhi ifinyelele amafayela wephrojekthi we-STEP 7, asetshenziswa ngu-Siemens SIMATIC WinCC, ukulawula kokuphatha nokuthola idatha (SCADA) nesistimu yomsebenzisi womshini (HMI) esetshenziselwa ukuhlela i-PLCs.
I-Stuxnet iqukethe imizila ehlukahlukene ukukhomba uhlobo oluthile lwe-PLC. Ukuhlola imodeli kuyadingeka njengoba imiyalelo yezinga lomshini izohluka kumadivayisi ahlukene we-PLC. Uma idivayisi ehlosiwe ikhonjisiwe futhi igalelwe, i-Stuxnet ithola ukulawula ukuvala yonke idatha ephuma ngaphakathi noma ephuma ku-PLC, kufaka phakathi ikhono lokunciphisa leyo datha.
Amagama e-Stuxnet ahamba ngawo
Ukulandela ngezinye izindlela uhlelo lwakho lwe-antivirus lungase luhlathulule i-Stuxnet worm:
- I-F-Secure : iTrojan-Dropper: W32 / Stuxnet
- I-Kaspersky : i-Rootkit.Win32.Stuxnet.b noma i- Rootkit.Win32.Stuxnet.a
- McAfee : I-Stuxnet
- U-Norman : W32 / Stuxnet.A
- I-Sophos : iTroj / Stuxnet-A noma i-W32 / Stuxnet-B
- I-Symantec : W32.Temphid
- I-Trend Micro : WORM_STUXNET.A
I-Stuxnet ingase futhi ibe "nezihlobo" ezihamba ngamagama ami njenge-Duqu noma i- Flame .
Indlela yokususa i-Stuxnet
Njengoba i-software ye-Siemens yenzeke lapho ikhompyutha isuselwe yi-Stuxnet, kubalulekile ukuxhumana nabo uma ngabe ukutheleleka kusolwa.
Futhi sebenzisa uhlelo olugcwele lokuskena nge-antivirus Uhlelo olufana ne-Avast noma i-AVG, noma isithwebuli se-intanethi esingafuneki njengeMalwarebytes.
Kubalulekile futhi ukugcina iWindows ivuselelwe , ongayenza nge- Windows Update .
Bheka Indlela Yokusebenzisa Ngokufanele Ikhompyutha Yakho Ye-Malware uma udinga usizo.