{"id":47707,"date":"2026-04-18T23:43:31","date_gmt":"2026-04-18T16:43:31","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47707"},"modified":"2026-04-23T23:44:29","modified_gmt":"2026-04-23T16:44:29","slug":"nen-tang-lua-dao-venom-va-xu-huong-tan-cong-phishing-nham-vao-lanh-dao-doanh-nghiep","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/nen-tang-lua-dao-venom-va-xu-huong-tan-cong-phishing-nham-vao-lanh-dao-doanh-nghiep\/","title":{"rendered":"N\u1ec1n t\u1ea3ng l\u1eeba \u0111\u1ea3o VENOM v\u00e0 xu h\u01b0\u1edbng t\u1ea5n c\u00f4ng phishing nh\u1eafm v\u00e0o l\u00e3nh \u0111\u1ea1o doanh nghi\u1ec7p"},"content":{"rendered":"
\n
<\/i>\u00a0Tr\u1ea7n V\u0103n Qu\u00fd<\/a>\u00a0(Tr\u01b0\u1eddng Cao \u0111\u1eb3ng K\u1ef9 thu\u1eadt Th\u00f4ng tin – Binh ch\u1ee7ng Th\u00f4ng tin Li\u00ean l\u1ea1c)<\/span><\/div>\n<\/div>\n

Trong b\u1ed1i c\u1ea3nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi, h\u00ecnh th\u1ee9c l\u1eeba \u0111\u1ea3o phishing kh\u00f4ng c\u00f2n d\u1eebng l\u1ea1i \u1edf quy m\u00f4 \u0111\u1ea1i tr\u00e0 m\u00e0 \u0111\u00e3 chuy\u1ec3n sang t\u1ea5n c\u00f4ng c\u00f3 ch\u1ee7 \u0111\u00edch v\u00e0o c\u00e1c c\u00e1 nh\u00e2n c\u00f3 gi\u00e1 tr\u1ecb cao trong t\u1ed5 ch\u1ee9c. G\u1ea7n \u0111\u00e2y, m\u1ed9t n\u1ec1n t\u1ea3ng phishing-as-a-service (PhaaS) mang t\u00ean VENOM \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n v\u1edbi kh\u1ea3 n\u0103ng \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp Microsoft c\u1ee7a c\u00e1c l\u00e3nh \u0111\u1ea1o c\u1ea5p cao. B\u00e0i b\u00e1o ph\u00e2n t\u00edch c\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a VENOM, c\u00e1c k\u1ef9 thu\u1eadt v\u01b0\u1ee3t qua x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 v\u00e0 \u0111\u00e1nh gi\u00e1 t\u00e1c \u0111\u1ed9ng th\u1ef1c ti\u1ec5n \u0111\u1ed1i v\u1edbi an ninh c\u1ee7a doanh nghi\u1ec7p. Tr\u00ean c\u01a1 s\u1edf \u0111\u00f3, \u0111\u1ec1 xu\u1ea5t m\u1ed9t s\u1ed1 gi\u1ea3i ph\u00e1p nh\u1eb1m n\u00e2ng cao kh\u1ea3 n\u0103ng ph\u00f2ng ch\u1ed1ng c\u00e1c m\u1ed1i \u0111e d\u1ecda t\u01b0\u01a1ng t\u1ef1.<\/p>\n

<\/p>\n

T\u1ed5ng quan v\u1ec1 n\u1ec1n t\u1ea3ng VENOM<\/strong><\/p>\n

Phishing t\u1eeb l\u00e2u \u0111\u00e3 l\u00e0 m\u1ed9t trong nh\u1eefng ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn nh\u1ea5t trong l\u0129nh v\u1ef1c\u00a0an to\u00e0n th\u00f4ng tin<\/a>. Tuy nhi\u00ean, s\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a c\u00e1c c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt nh\u01b0 x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (MFA) \u0111\u00e3 bu\u1ed9c c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng t\u1ea5n c\u00f4ng ph\u1ea3i thay \u0111\u1ed5i chi\u1ebfn thu\u1eadt. Thay v\u00ec g\u1eedi email h\u00e0ng lo\u1ea1t, ch\u00fang chuy\u1ec3n sang h\u00ecnh th\u1ee9c spear phishing – m\u1ed9t t\u1ea5n c\u00f4ng c\u00f3 ch\u1ecdn l\u1ecdc, nh\u1eafm v\u00e0o c\u00e1c c\u00e1 nh\u00e2n c\u1ee5 th\u1ec3.<\/p>\n

Chi\u1ebfn d\u1ecbch VENOM l\u00e0 m\u1ed9t v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh cho xu h\u01b0\u1edbng n\u00e0y khi t\u1eadp trung v\u00e0o c\u00e1c l\u00e3nh \u0111\u1ea1o doanh nghi\u1ec7p nh\u01b0 gi\u00e1m \u0111\u1ed1c \u0111i\u1ec1u h\u00e0nh, gi\u00e1m \u0111\u1ed1c t\u00e0i ch\u00ednh ho\u1eb7c qu\u1ea3n l\u00fd c\u1ea5p cao. \u0110\u00e2y l\u00e0 nh\u00f3m \u0111\u1ed1i t\u01b0\u1ee3ng c\u00f3 quy\u1ec1n truy c\u1eadp v\u00e0o d\u1eef li\u1ec7u quan tr\u1ecdng, do \u0111\u00f3 vi\u1ec7c chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n c\u00f3 th\u1ec3 g\u00e2y ra h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng.<\/p>\n

VENOM \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh l\u00e0 m\u1ed9t n\u1ec1n t\u1ea3ng PhaaS hi\u1ec7n \u0111\u1ea1i, cho ph\u00e9p c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng t\u1ea5n c\u00f4ng tri\u1ec3n khai v\u00e0 v\u1eadn h\u00e0nh c\u00e1c\u00a0chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o<\/a>\u00a0m\u1ed9t c\u00e1ch c\u00f3 h\u1ec7 th\u1ed1ng, chuy\u00ean nghi\u1ec7p v\u00e0 quy m\u00f4 l\u1edbn. Thay v\u00ec y\u00eau c\u1ea7u ki\u1ebfn th\u1ee9c k\u1ef9 thu\u1eadt s\u00e2u nh\u01b0 c\u00e1c ph\u01b0\u01a1ng th\u1ee9c phishing truy\u1ec1n th\u1ed1ng, VENOM cung c\u1ea5p s\u1eb5n m\u1ed9t h\u1ec7 sinh th\u00e1i ho\u00e0n ch\u1ec9nh, trong \u0111\u00f3 bao g\u1ed3m c\u01a1 ch\u1ebf c\u1ea5p quy\u1ec1n s\u1eed d\u1ee5ng nh\u1eb1m ki\u1ec3m so\u00e1t ng\u01b0\u1eddi v\u1eadn h\u00e0nh, giao di\u1ec7n qu\u1ea3n l\u00fd chi\u1ebfn d\u1ecbch t\u1eadp trung gi\u00fap theo d\u00f5i v\u00e0 \u0111i\u1ec1u ph\u1ed1i c\u00e1c ho\u1ea1t \u0111\u1ed9ng t\u1ea5n c\u00f4ng, c\u00f9ng v\u1edbi kh\u1ea3 n\u0103ng l\u01b0u tr\u1eef v\u00e0 qu\u1ea3n l\u00fd token truy c\u1eadp \u0111\u1ec3 duy tr\u00ec quy\u1ec1n ki\u1ec3m so\u00e1t t\u00e0i kho\u1ea3n n\u1ea1n nh\u00e2n sau khi x\u00e2m nh\u1eadp th\u00e0nh c\u00f4ng. Nh\u1edd nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m n\u00e0y, VENOM kh\u00f4ng ch\u1ec9 \u0111\u01a1n thu\u1ea7n l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 m\u00e0 \u0111\u00e3 ph\u00e1t tri\u1ec3n th\u00e0nh m\u1ed9t n\u1ec1n t\u1ea3ng d\u1ecbch v\u1ee5 c\u00f3 c\u1ea5u tr\u00fac r\u00f5 r\u00e0ng, gi\u00fap t\u1ed1i \u01b0u h\u00f3a hi\u1ec7u qu\u1ea3 t\u1ea5n c\u00f4ng v\u00e0 gi\u1ea3m thi\u1ec3u r\u00e0o c\u1ea3n k\u1ef9 thu\u1eadt cho k\u1ebb x\u1ea5u. \u0110\u00e1ng ch\u00fa \u00fd, n\u1ec1n t\u1ea3ng n\u00e0y kh\u00f4ng xu\u1ea5t hi\u1ec7n ph\u1ed5 bi\u1ebfn tr\u00ean c\u00e1c di\u1ec5n \u0111\u00e0n c\u00f4ng khai, cho th\u1ea5y kh\u1ea3 n\u0103ng cao n\u00f3 \u0111ang \u0111\u01b0\u1ee3c khai th\u00e1c trong c\u00e1c nh\u00f3m t\u1ea5n c\u00f4ng c\u00f3 t\u1ed5 ch\u1ee9c, v\u1edbi m\u1ee9c \u0111\u1ed9 tinh vi v\u00e0 ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd, qua \u0111\u00f3 ph\u1ea3n \u00e1nh xu h\u01b0\u1edbng chuy\u00ean nghi\u1ec7p h\u00f3a ng\u00e0y c\u00e0ng r\u00f5 r\u1ec7t c\u1ee7a c\u00e1c ho\u1ea1t \u0111\u1ed9ng t\u1ed9i ph\u1ea1m m\u1ea1ng hi\u1ec7n nay.<\/p>\n

Ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng<\/strong><\/p>\n

VENOM tri\u1ec3n khai chi\u1ebfn l\u01b0\u1ee3c t\u1ea5n c\u00f4ng theo h\u01b0\u1edbng c\u00f3 ch\u1ee7 \u0111\u00edch, trong \u0111\u00f3 kh\u00e2u l\u1ef1a ch\u1ecdn m\u1ee5c ti\u00eau \u0111\u00f3ng vai tr\u00f2 then ch\u1ed1t. Thay v\u00ec ph\u00e1t t\u00e1n h\u00e0ng lo\u1ea1t nh\u01b0 c\u00e1c chi\u1ebfn d\u1ecbch phishing truy\u1ec1n th\u1ed1ng, n\u1ec1n t\u1ea3ng n\u00e0y t\u1eadp trung thu th\u1eadp v\u00e0 ph\u00e2n t\u00edch th\u00f4ng tin t\u1eeb c\u00e1c ngu\u1ed3n c\u00f4ng khai nh\u01b0 website doanh nghi\u1ec7p, h\u1ed3 s\u01a1 m\u1ea1ng x\u00e3 h\u1ed9i ho\u1eb7c c\u00e1c b\u00e0i \u0111\u0103ng chuy\u00ean m\u00f4n. D\u1ef1a tr\u00ean \u0111\u00f3, k\u1ebb t\u1ea5n c\u00f4ng x\u00e1c \u0111\u1ecbnh nh\u1eefng c\u00e1 nh\u00e2n c\u00f3 v\u1ecb tr\u00ed quan tr\u1ecdng trong t\u1ed5 ch\u1ee9c, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u1ea5p qu\u1ea3n l\u00fd v\u00e0 l\u00e3nh \u0111\u1ea1o. Vi\u1ec7c c\u00e1 nh\u00e2n h\u00f3a n\u1ed9i dung email theo t\u1eebng m\u1ee5c ti\u00eau gi\u00fap t\u0103ng m\u1ee9c \u0111\u1ed9 tin c\u1eady, khi\u1ebfn n\u1ea1n nh\u00e2n kh\u00f3 nh\u1eadn ra d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng v\u00e0 t\u1eeb \u0111\u00f3 n\u00e2ng cao \u0111\u00e1ng k\u1ec3 t\u1ef7 l\u1ec7 th\u00e0nh c\u00f4ng c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng.<\/p>\n

\u1ede giai \u0111o\u1ea1n ph\u00e1t t\u00e1n, VENOM s\u1eed d\u1ee5ng k\u1ef9 thu\u1eadt gi\u1ea3 m\u1ea1o c\u00e1c th\u00f4ng b\u00e1o chia s\u1ebb t\u00e0i li\u1ec7u t\u1eeb nh\u1eefng d\u1ecbch v\u1ee5 quen thu\u1ed9c nh\u01b0 Microsoft\u00a0SharePoint<\/a>. N\u1ed9i dung email \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf tinh vi, m\u00f4 ph\u1ecfng g\u1ea7n nh\u01b0 ho\u00e0n to\u00e0n giao di\u1ec7n v\u00e0 ng\u00f4n ng\u1eef c\u1ee7a h\u1ec7 th\u1ed1ng th\u1eadt, t\u1ea1o c\u1ea3m gi\u00e1c h\u1ee3p l\u1ec7 cho ng\u01b0\u1eddi nh\u1eadn. \u0110i\u1ec3m kh\u00e1c bi\u1ec7t \u0111\u00e1ng ch\u00fa \u00fd l\u00e0 thay v\u00ec s\u1eed d\u1ee5ng li\u00ean k\u1ebft tr\u1ef1c ti\u1ebfp, v\u1ed1n d\u1ec5 b\u1ecb c\u00e1c h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt ph\u00e1t hi\u1ec7n, email s\u1ebd ch\u1ee9a\u00a0m\u00e3 QR<\/a>. Khi ng\u01b0\u1eddi d\u00f9ng qu\u00e9t m\u00e3 n\u00e0y, h\u1ecd \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn h\u1ea1 t\u1ea7ng do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t. C\u00e1ch ti\u1ebfp c\u1eadn nh\u01b0 v\u1eady v\u1eeba gi\u00fap n\u00e9 tr\u00e1nh c\u00e1c c\u01a1 ch\u1ebf l\u1ecdc email truy\u1ec1n th\u1ed1ng, v\u1eeba t\u1eadn d\u1ee5ng th\u00f3i quen s\u1eed d\u1ee5ng thi\u1ebft b\u1ecb di \u0111\u1ed9ng \u0111\u1ec3 t\u0103ng kh\u1ea3 n\u0103ng ng\u01b0\u1eddi d\u00f9ng t\u01b0\u01a1ng t\u00e1c.<\/p>\n

<\/p>\n

H\u00ecnh 1. V\u00ed d\u1ee5 v\u1ec1 email phishing \u0111i\u1ec3n h\u00ecnh<\/em><\/p>\n

Ngo\u00e0i ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng ki\u1ec3u Adversary-in-the-Middle (AiTM), t\u1ee9c l\u00e0 k\u1ebb t\u1ea5n c\u00f4ng \u0111\u1ee9ng \u201cgi\u1eefa\u201d ng\u01b0\u1eddi d\u00f9ng v\u00e0 h\u1ec7 th\u1ed1ng \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp theo th\u1eddi gian th\u1ef1c, c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt t\u1ea1i Abnormal c\u00f2n ghi nh\u1eadn m\u1ed9t k\u1ef9 thu\u1eadt kh\u00e1c g\u1ecdi l\u00e0 ph\u01b0\u01a1ng ph\u00e1p t\u1ea5n c\u00f4ng b\u1eb1ng m\u00e3 thi\u1ebft b\u1ecb (device-code phishing). Trong k\u1ef9 thu\u1eadt n\u00e0y, n\u1ea1n nh\u00e2n b\u1ecb \u0111\u00e1nh l\u1eeba \u0111\u1ec3 ch\u1ea5p nh\u1eadn c\u1ea5p quy\u1ec1n truy c\u1eadp v\u00e0o t\u00e0i kho\u1ea3n Microsoft c\u1ee7a h\u1ecd cho m\u1ed9t thi\u1ebft b\u1ecb kh\u00f4ng h\u1ee3p l\u1ec7 (rogue device). N\u00f3i c\u00e1ch kh\u00e1c, k\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng c\u1ea7n l\u1ea5y m\u1eadt kh\u1ea9u tr\u1ef1c ti\u1ebfp m\u00e0 l\u1ee3i d\u1ee5ng ch\u00ednh c\u01a1 ch\u1ebf \u0111\u0103ng nh\u1eadp h\u1ee3p ph\u00e1p c\u1ee7a Microsoft \u0111\u1ec3 \u201c\u0111\u01b0\u1ee3c c\u1ea5p quy\u1ec1n truy c\u1eadp\u201d.<\/p>\n

<\/p>\n

H\u00ecnh 2. Ph\u01b0\u01a1ng ph\u00e1p t\u1ea5n c\u00f4ng b\u1eb1ng m\u00e3 thi\u1ebft b\u1ecb<\/em><\/p>\n

Sau khi truy c\u1eadp, n\u1ea1n nh\u00e2n kh\u00f4ng l\u1eadp t\u1ee9c nh\u00ecn th\u1ea5y trang \u0111\u0103ng nh\u1eadp gi\u1ea3 m\u1ea1o m\u00e0 ph\u1ea3i tr\u1ea3i qua m\u1ed9t chu\u1ed7i b\u01b0\u1edbc x\u00e1c minh trung gian. \u0110\u00e2y l\u00e0 c\u01a1 ch\u1ebf n\u00e9 tr\u00e1nh ph\u00e1t hi\u1ec7n \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf nh\u1eb1m lo\u1ea1i b\u1ecf c\u00e1c h\u1ec7 th\u1ed1ng ph\u00e2n t\u00edch t\u1ef1 \u0111\u1ed9ng nh\u01b0 sandbox, bot hay c\u00f4ng c\u1ee5 qu\u00e9t b\u1ea3o m\u1eadt. Ch\u1ec9 khi h\u00e0nh vi truy c\u1eadp \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh l\u00e0 \u0111\u1ebfn t\u1eeb ng\u01b0\u1eddi d\u00f9ng th\u1eadt, h\u1ec7 th\u1ed1ng m\u1edbi hi\u1ec3n th\u1ecb giao di\u1ec7n l\u1eeba \u0111\u1ea3o. C\u00e1ch l\u00e0m n\u00e0y gi\u00fap k\u00e9o d\u00e0i v\u00f2ng \u0111\u1eddi c\u1ee7a chi\u1ebfn d\u1ecbch v\u00e0 gi\u1ea3m nguy c\u01a1 b\u1ecb ph\u00e1t hi\u1ec7n s\u1edbm b\u1edfi c\u00e1c gi\u1ea3i ph\u00e1p an ninh.<\/p>\n

Trong giai \u0111o\u1ea1n \u0111\u00e1nh c\u1eafp th\u00f4ng tin x\u00e1c th\u1ef1c, VENOM th\u1ec3 hi\u1ec7n m\u1ee9c \u0111\u1ed9 tinh vi v\u01b0\u1ee3t tr\u1ed9i so v\u1edbi c\u00e1c ph\u01b0\u01a1ng th\u1ee9c truy\u1ec1n th\u1ed1ng. N\u1ec1n t\u1ea3ng n\u00e0y kh\u00f4ng ch\u1ec9 thu th\u1eadp t\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 m\u1eadt kh\u1ea9u, m\u00e0 c\u00f2n c\u00f3 kh\u1ea3 n\u0103ng ghi nh\u1eadn m\u00e3 x\u00e1c th\u1ef1c m\u1ed9t l\u1ea7n (OTP) theo th\u1eddi gian th\u1ef1c. \u0110\u1ed3ng th\u1eddi, n\u00f3 l\u1ee3i d\u1ee5ng c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c thi\u1ebft b\u1ecb h\u1ee3p ph\u00e1p \u0111\u1ec3 chi\u1ebfm quy\u1ec1n truy c\u1eadp token m\u00e0 kh\u00f4ng c\u1ea7n l\u01b0u tr\u1eef m\u1eadt kh\u1ea9u l\u00e2u d\u00e0i. \u0110i\u1ec1u n\u00e0y \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c k\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng ch\u1ec9 d\u1eebng l\u1ea1i \u1edf vi\u1ec7c \u201cbi\u1ebft m\u1eadt kh\u1ea9u\u201d m\u00e0 \u0111\u00e3 ti\u1ebfn t\u1edbi \u201cchi\u1ebfm quy\u1ec1n phi\u00ean l\u00e0m vi\u1ec7c\u201d, t\u1eeb \u0111\u00f3 v\u01b0\u1ee3t qua l\u1edbp b\u1ea3o v\u1ec7 c\u1ee7a x\u00e1c th\u1ef1c MFA.<\/p>\n

Cu\u1ed1i c\u00f9ng, m\u1ee5c ti\u00eau quan tr\u1ecdng nh\u1ea5t c\u1ee7a VENOM l\u00e0 duy tr\u00ec truy c\u1eadp l\u00e2u d\u00e0i v\u00e0o h\u1ec7 th\u1ed1ng n\u1ea1n nh\u00e2n. Th\u00f4ng qua vi\u1ec7c thu th\u1eadp phi\u00ean token v\u00e0 th\u00f4ng tin OAuth, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ti\u1ebfp t\u1ee5c truy c\u1eadp ngay c\u1ea3 khi ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 thay \u0111\u1ed5i m\u1eadt kh\u1ea9u. \u0110\u00e2y l\u00e0 m\u1ed9t b\u01b0\u1edbc ti\u1ebfn nguy hi\u1ec3m, b\u1edfi n\u00f3 khi\u1ebfn c\u00e1c bi\u1ec7n ph\u00e1p x\u1eed l\u00fd th\u00f4ng th\u01b0\u1eddng nh\u01b0 \u0111\u1ed5i m\u1eadt kh\u1ea9u tr\u1edf n\u00ean k\u00e9m hi\u1ec7u qu\u1ea3. H\u1ec7 qu\u1ea3 l\u00e0 qu\u00e1 tr\u00ecnh ph\u00e1t hi\u1ec7n v\u00e0 kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 tr\u1edf n\u00ean ph\u1ee9c t\u1ea1p h\u01a1n, \u0111\u00f2i h\u1ecfi ph\u1ea3i ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 phi\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 thu h\u1ed3i c\u00e1c token \u0111\u00e3 b\u1ecb l\u1ed9.<\/p>\n

Gi\u1ea3i ph\u00e1p v\u00e0 khuy\u1ebfn ngh\u1ecb<\/strong><\/p>\n

\u0110\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro t\u1eeb c\u00e1c n\u1ec1n t\u1ea3ng phishing hi\u1ec7n \u0111\u1ea1i nh\u01b0 VENOM, c\u00e1c t\u1ed5 ch\u1ee9c c\u1ea7n tri\u1ec3n khai m\u1ed9t c\u00e1ch \u0111\u1ed3ng b\u1ed9 nhi\u1ec1u l\u1edbp b\u1ea3o v\u1ec7 thay v\u00ec ph\u1ee5 thu\u1ed9c v\u00e0o m\u1ed9t gi\u1ea3i ph\u00e1p \u0111\u01a1n l\u1ebb. Tr\u01b0\u1edbc h\u1ebft, vi\u1ec7c \u00e1p d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c c\u00f3 kh\u1ea3 n\u0103ng ch\u1ed1ng phishing, \u0111i\u1ec3n h\u00ecnh nh\u01b0 kh\u00f3a b\u1ea3o m\u1eadt v\u1eadt l\u00fd theo chu\u1ea9n\u00a0FIDO2<\/a>, \u0111\u00f3ng vai tr\u00f2 quan tr\u1ecdng trong vi\u1ec7c ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp. Kh\u00e1c v\u1edbi c\u00e1c ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c truy\u1ec1n th\u1ed1ng nh\u01b0 OTP, c\u00e1c c\u01a1 ch\u1ebf n\u00e0y d\u1ef1a tr\u00ean y\u1ebfu t\u1ed1 ph\u1ea7n c\u1ee9ng v\u00e0 r\u00e0ng bu\u1ed9c v\u1edbi mi\u1ec1n x\u00e1c th\u1ef1c h\u1ee3p l\u1ec7, t\u1eeb \u0111\u00f3 gi\u1ea3m thi\u1ec3u nguy c\u01a1 b\u1ecb khai th\u00e1c th\u00f4ng qua c\u00e1c trang \u0111\u0103ng nh\u1eadp gi\u1ea3 m\u1ea1o.<\/p>\n

B\u00ean c\u1ea1nh \u0111\u00f3, c\u1ea7n h\u1ea1n ch\u1ebf ho\u1eb7c ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd c\u00e1c c\u01a1 ch\u1ebf \u0111\u0103ng nh\u1eadp b\u1eb1ng m\u00e3 thi\u1ebft b\u1ecb, v\u1ed1n \u0111ang b\u1ecb l\u1ee3i d\u1ee5ng nh\u01b0 m\u1ed9t k\u00eanh h\u1ee3p ph\u00e1p \u0111\u1ec3 chi\u1ebfm quy\u1ec1n truy c\u1eadp t\u00e0i kho\u1ea3n. Vi\u1ec7c thi\u1ebft l\u1eadp c\u00e1c ch\u00ednh s\u00e1ch ki\u1ec3m so\u00e1t truy c\u1eadp, ch\u1eb3ng h\u1ea1n nh\u01b0 gi\u1edbi h\u1ea1n thi\u1ebft b\u1ecb, v\u1ecb tr\u00ed \u0111\u1ecba l\u00fd ho\u1eb7c y\u00eau c\u1ea7u x\u00e1c minh b\u1ed5 sung, s\u1ebd gi\u00fap gi\u1ea3m \u0111\u00e1ng k\u1ec3 b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng. \u0110\u1ed3ng th\u1eddi, t\u1ed5 ch\u1ee9c n\u00ean tri\u1ec3n khai c\u00e1c h\u1ec7 th\u1ed1ng gi\u00e1m s\u00e1t h\u00e0nh vi \u0111\u0103ng nh\u1eadp nh\u1eb1m ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng, nh\u01b0 \u0111\u0103ng nh\u1eadp t\u1eeb v\u1ecb tr\u00ed l\u1ea1, thi\u1ebft b\u1ecb kh\u00f4ng quen thu\u1ed9c ho\u1eb7c th\u1eddi \u0111i\u1ec3m b\u1ea5t th\u01b0\u1eddng. C\u00e1c gi\u1ea3i ph\u00e1p n\u00e0y cho ph\u00e9p ph\u1ea3n \u1ee9ng k\u1ecbp th\u1eddi tr\u01b0\u1edbc khi k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 m\u1edf r\u1ed9ng ph\u1ea1m vi x\u00e2m nh\u1eadp.<\/p>\n

M\u1ed9t y\u1ebfu t\u1ed1 quan tr\u1ecdng c\u1ea7n \u0111\u01b0\u1ee3c ch\u00fa tr\u1ecdng l\u00e0 n\u00e2ng cao nh\u1eadn th\u1ee9c v\u1ec1 an to\u00e0n th\u00f4ng tin cho ng\u01b0\u1eddi d\u00f9ng, \u0111\u1eb7c bi\u1ec7t \u0111\u1ed1i v\u1edbi nh\u00f3m nh\u00e2n s\u1ef1 c\u1ea5p cao – nh\u1eefng \u0111\u1ed1i t\u01b0\u1ee3ng th\u01b0\u1eddng xuy\u00ean tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u00f3 ch\u1ee7 \u0111\u00edch. C\u00e1c ch\u01b0\u01a1ng tr\u00ecnh \u0111\u00e0o t\u1ea1o c\u1ea7n \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf c\u00f3 h\u1ec7 th\u1ed1ng, t\u1eadp trung v\u00e0o vi\u1ec7c trang b\u1ecb kh\u1ea3 n\u0103ng nh\u1eadn di\u1ec7n c\u00e1c k\u1ef9 thu\u1eadt phishing hi\u1ec7n \u0111\u1ea1i, bao g\u1ed3m vi\u1ec7c l\u1ee3i d\u1ee5ng m\u00e3 QR v\u00e0 gi\u1ea3 m\u1ea1o c\u00e1c d\u1ecbch v\u1ee5 s\u1ed1 ph\u1ed5 bi\u1ebfn. Khi \u0111\u01b0\u1ee3c cung c\u1ea5p \u0111\u1ea7y \u0111\u1ee7 ki\u1ebfn th\u1ee9c v\u00e0 k\u1ef9 n\u0103ng c\u1ea7n thi\u1ebft, ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng ch\u1ec9 gi\u1ea3m thi\u1ec3u nguy c\u01a1 b\u1ecb khai th\u00e1c m\u00e0 c\u00f2n \u0111\u00f3ng vai tr\u00f2 nh\u01b0 m\u1ed9t l\u1edbp ph\u00f2ng th\u1ee7 ch\u1ee7 \u0111\u1ed9ng, g\u00f3p ph\u1ea7n n\u00e2ng cao hi\u1ec7u qu\u1ea3 t\u1ed5ng th\u1ec3 c\u1ee7a h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt trong t\u1ed5 ch\u1ee9c.<\/p>\n

B\u00ean c\u1ea1nh c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ng\u1eeba, vi\u1ec7c x\u00e2y d\u1ef1ng v\u00e0 tri\u1ec3n khai quy tr\u00ecnh ph\u1ea3n \u1ee9ng nhanh khi x\u1ea3y ra s\u1ef1 c\u1ed1 an ninh th\u00f4ng tin l\u00e0 m\u1ed9t y\u00eau c\u1ea7u mang t\u00ednh c\u1ea5p thi\u1ebft. Trong tr\u01b0\u1eddng h\u1ee3p ph\u00e1t hi\u1ec7n t\u00e0i kho\u1ea3n c\u00f3 d\u1ea5u hi\u1ec7u b\u1ecb x\u00e2m nh\u1eadp, c\u1ea7n th\u1ef1c hi\u1ec7n ngay c\u00e1c bi\u1ec7n ph\u00e1p x\u1eed l\u00fd nh\u01b0 thu h\u1ed3i to\u00e0n b\u1ed9 token truy c\u1eadp, ki\u1ec3m tra chi ti\u1ebft l\u1ecbch s\u1eed \u0111\u0103ng nh\u1eadp, \u0111\u1ed3ng th\u1eddi r\u00e0 so\u00e1t to\u00e0n b\u1ed9 ho\u1ea1t \u0111\u1ed9ng ph\u00e1t sinh li\u00ean quan nh\u1eb1m x\u00e1c \u0111\u1ecbnh ph\u1ea1m vi v\u00e0 m\u1ee9c \u0111\u1ed9 \u1ea3nh h\u01b0\u1edfng c\u1ee7a s\u1ef1 c\u1ed1. Quy tr\u00ecnh \u1ee9ng ph\u00f3 c\u1ea7n \u0111\u01b0\u1ee3c chu\u1ea9n h\u00f3a, ph\u00e2n c\u00f4ng r\u00f5 tr\u00e1ch nhi\u1ec7m v\u00e0 \u0111\u1ea3m b\u1ea3o kh\u1ea3 n\u0103ng tri\u1ec3n khai nhanh ch\u00f3ng, qua \u0111\u00f3 gi\u1ea3m thi\u1ec3u t\u1ed1i \u0111a thi\u1ec7t h\u1ea1i v\u00e0 ng\u0103n ch\u1eb7n hi\u1ec7u qu\u1ea3 kh\u1ea3 n\u0103ng k\u1ebb t\u1ea5n c\u00f4ng ti\u1ebfp t\u1ee5c duy tr\u00ec quy\u1ec1n truy c\u1eadp trong h\u1ec7 th\u1ed1ng.<\/p>\n<\/article>\n","protected":false},"excerpt":{"rendered":"

\u00a0Tr\u1ea7n V\u0103n Qu\u00fd\u00a0(Tr\u01b0\u1eddng Cao \u0111\u1eb3ng K\u1ef9 thu\u1eadt Th\u00f4ng tin – Binh ch\u1ee7ng Th\u00f4ng tin Li\u00ean l\u1ea1c) Trong b\u1ed1i c\u1ea3nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi, h\u00ecnh th\u1ee9c l\u1eeba \u0111\u1ea3o phishing kh\u00f4ng c\u00f2n d\u1eebng l\u1ea1i \u1edf quy m\u00f4 \u0111\u1ea1i tr\u00e0 m\u00e0 \u0111\u00e3 chuy\u1ec3n sang t\u1ea5n c\u00f4ng c\u00f3 ch\u1ee7 \u0111\u00edch v\u00e0o c\u00e1c c\u00e1 nh\u00e2n […]<\/p>\n","protected":false},"author":20,"featured_media":47708,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[24,35],"tags":[],"class_list":["post-47707","post","type-post","status-publish","format-standard","has-post-thumbnail","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47707"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47707\/revisions"}],"predecessor-version":[{"id":47709,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47707\/revisions\/47709"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47708"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}