{"id":2839,"date":"2021-03-09T12:06:34","date_gmt":"2021-03-09T12:06:34","guid":{"rendered":"https:\/\/partnernews.sophos.com\/fr-fr\/?p=2839"},"modified":"2024-07-18T16:14:06","modified_gmt":"2024-07-18T16:14:06","slug":"how-to-protect-your-customers-from-hafnium","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/fr-fr\/2021\/03\/resources\/how-to-protect-your-customers-from-hafnium\/","title":{"rendered":"Attaque HAFNIUM\u00a0: comment prot\u00e9ger vos clients"},"content":{"rendered":"<p>Le 2\u00a0mars 2021, des vuln\u00e9rabilit\u00e9s de type \u00ab\u00a0zero-day\u00a0\u00bb affectant Microsoft Exchange ont \u00e9t\u00e9 rendues publiques. Ces vuln\u00e9rabilit\u00e9s sont actuellement activement exploit\u00e9es par HAFNIUM, un acteur malveillant soup\u00e7onn\u00e9 d\u2019\u00eatre un \u00c9tat-nation. Selon une <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/03\/02\/microsoft-releases-out-band-security-updates-exchange-server\" target=\"_blank\" rel=\"noopener\">alerte de la CISA (Cybersecurity &amp; Infrastructure Security Agency) am\u00e9ricaine<\/a>\u00a0:<\/p>\n<p>\u00ab\u00a0<em>Microsoft a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 hors bande pour rem\u00e9dier aux vuln\u00e9rabilit\u00e9s affectant Microsoft Exchange Server\u00a02013, 2016 et 2019. Un attaquant distant peut exploiter trois vuln\u00e9rabilit\u00e9s d\u2019ex\u00e9cution de code \u00e0 distance (CVE-2021-26857, CVE-2021-26858 et CVE-2021-27065) pour prendre le contr\u00f4le d\u2019un syst\u00e8me affect\u00e9 et peut exploiter une vuln\u00e9rabilit\u00e9 (CVE-2021-26855) pour obtenir l\u2019acc\u00e8s \u00e0 des informations sensibles. <strong><i>Ces vuln\u00e9rabilit\u00e9s sont actuellement activement exploit\u00e9es<\/i><\/strong>.<\/em>\u00a0\u00bb<\/p>\n<p><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/03\/03\/cisa-issues-emergency-directive-and-alert-microsoft-exchange\" target=\"_blank\" rel=\"noopener\">La CISA a publi\u00e9 une directive d\u2019urgence<\/a> invitant les organisations \u00e0 corriger leurs serveurs Exchange sur site tout en effectuant les analyses de s\u00e9curit\u00e9 associ\u00e9es pour voir si des attaquants sont pr\u00e9sents dans les syst\u00e8mes.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h2><strong>Que doivent faire les clients Sophos\u00a0?<\/strong><\/h2>\n<p><strong>L\u2019\u00e9quipe Sophos MTR a publi\u00e9<\/strong> <a href=\"https:\/\/news.sophos.com\/en-us\/2021\/03\/05\/hafnium-advice-about-the-new-nation-state-attack\/\" target=\"_blank\" rel=\"noopener\"><strong>un guide \u00e9tape par \u00e9tape<\/strong><\/a><strong> sur la mani\u00e8re de rechercher des signes de compromission sur le r\u00e9seau d\u2019un client.<\/strong><\/p>\n<p>La bonne nouvelle est que les clients Sophos MTR, R\u00e9seau et Endpoint disposent de multiples protections contre l\u2019exploitation des nouvelles vuln\u00e9rabilit\u00e9s.<\/p>\n<p>Un <a href=\"https:\/\/news.sophos.com\/en-us\/2021\/03\/08\/protecting-sophos-customers-from-hafnium\/\" target=\"_blank\" rel=\"noopener\">article a \u00e9t\u00e9 publi\u00e9 sur Sophos News<\/a>, qui passe en revue un grand nombre de ces protections\u00a0:<\/p>\n<ul>\n<li>Les signatures AV connexes qui ont bloqu\u00e9 HAFNIUM, et des conseils sur ce qu\u2019il faut faire si elles ont \u00e9t\u00e9 d\u00e9clench\u00e9es<\/li>\n<li>Des requ\u00eates que les clients Sophos EDR peuvent lancer pour identifier des shells web potentiels \u00e0 examiner<\/li>\n<li>Des signatures IPS pour les clients Sophos Firewall<\/li>\n<\/ul>\n<p>De nombreux avis de s\u00e9curit\u00e9 ont d\u00e9j\u00e0 \u00e9t\u00e9 envoy\u00e9s aux clients de Sophos MTR, soulignant le probl\u00e8me et les actions prises par l\u2019\u00e9quipe MTR pour assurer la protection des clients.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Sophos Managed Threat Response (MTR) et Rapid Response<\/strong><\/h2>\n<p>Ces derniers jours, les organisations nous ont demand\u00e9 plus d\u2019informations sur les services Sophos pouvant valider le fait qu\u2019elles aient \u00e9t\u00e9 expos\u00e9es \u00e0 la menace. <strong>Sophos MTR Advanced est la solution id\u00e9ale pour se prot\u00e9ger contre les attaques avanc\u00e9es telles que HAFNIUM.<\/strong><\/p>\n<p>Les clients MTR existants peuvent garder l\u2019esprit tranquille sachant que Sophos MTR a imm\u00e9diatement recherch\u00e9 toute activit\u00e9 connexe dans leurs r\u00e9seaux.<\/p>\n<p>Si un client non MTR soup\u00e7onne qu\u2019il fait face \u00e0 une attaque, nous lui recommandons de contacter l\u2019<a href=\"https:\/\/www.sophos.com\/fr-fr\/products\/managed-threat-response\/rapid-response.aspx\" target=\"_blank\" rel=\"noopener\">\u00e9quipe Sophos Rapid Response<\/a> imm\u00e9diatement.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le 2\u00a0mars 2021, des vuln\u00e9rabilit\u00e9s de type \u00ab\u00a0zero-day\u00a0\u00bb affectant Microsoft Exchange ont \u00e9t\u00e9 rendues publiques. Ces vuln\u00e9rabilit\u00e9s sont actuellement activement exploit\u00e9es par HAFNIUM, un acteur malveillant soup\u00e7onn\u00e9 d\u2019\u00eatre un \u00c9tat-nation. Selon une alerte de la CISA (Cybersecurity &amp; Infrastructure Security [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":300000351,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[77],"tags":[29,21,88,243],"coauthors":[43],"class_list":["post-2839","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-managed-threat-response","tag-menaces-malwares","tag-rapid-response","tag-sophos-incident-response-services"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2019\/11\/featured-image-cybersecurity.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/posts\/2839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/comments?post=2839"}],"version-history":[{"count":1,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/posts\/2839\/revisions"}],"predecessor-version":[{"id":2840,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/posts\/2839\/revisions\/2840"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/media?parent=2839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/categories?post=2839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/tags?post=2839"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/fr-fr\/wp-json\/wp\/v2\/coauthors?post=2839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}