{"id":10448,"date":"2022-01-14T14:58:52","date_gmt":"2022-01-14T11:58:52","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10448"},"modified":"2022-01-14T14:58:52","modified_gmt":"2022-01-14T11:58:52","slug":"attacks-on-google-cloud-platform","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/attacks-on-google-cloud-platform\/10448\/","title":{"rendered":"Kripto madencilik yaz\u0131l\u0131mlar\u0131 GCP sanal sunucular\u0131n\u0131 tehdit ediyor"},"content":{"rendered":"

2021\u2019in sonunda Google, bulut kullan\u0131c\u0131lar\u0131na y\u00f6nelik tipik tehditlere ili\u015fkin Google Cloud Platform\u2019un g\u00fcvenli\u011fine odaklanan ilk raporunu yay\u0131nlad\u0131<\/a>. Google Cloud Platform, kurumsal m\u00fc\u015fterilere bulut sistemler olu\u015fturmak i\u00e7in tek tek uygulamalar\u0131n bar\u0131nd\u0131r\u0131lmas\u0131 ve \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131ndan y\u00fcksek performansl\u0131 bilgi i\u015flem da\u011f\u0131t\u0131m\u0131na kadar \u00e7ok say\u0131da senaryo sunuyor.<\/p>\n

Google Cloud Platform \u00f6rneklerine sald\u0131rman\u0131n nedenleri<\/h2>\n

Rapor, \u00f6zel sunuculara veya uygulamalara y\u00f6nelik son 50 ba\u015far\u0131l\u0131 sald\u0131r\u0131y\u0131 analiz ederek \u00f6zel GCP \u00f6rneklerine y\u00f6nelik sald\u0131r\u0131lar\u0131n nedenlerine ve sonu\u00e7lar\u0131na odaklan\u0131yor. Google\u2019\u0131n analiz etti\u011fi vakalar\u0131n %48\u2019i, sunucu tabanl\u0131 hesaplarda zay\u0131f bir parolan\u0131n kullan\u0131lmas\u0131ndan (veya hi\u00e7 bir parola kullan\u0131lmamas\u0131ndan) kaynaklan\u0131yordu. Vakalar\u0131n %26\u2019s\u0131nda hackerlar bulut sunucusu yaz\u0131l\u0131m\u0131ndaki bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 kulland\u0131. Yanl\u0131\u015f sunucu veya uygulama yap\u0131land\u0131rmas\u0131 %12 vakaya yol a\u00e7arken, vakalar\u0131n yaln\u0131zca %4\u2019\u00fc parola veya eri\u015fim anahtar\u0131 s\u0131z\u0131nt\u0131lar\u0131ndan kaynaklan\u0131yordu.<\/p>\n

\u0130kinci kategori, geli\u015ftiriciler i\u00e7in al\u0131\u015f\u0131lmad\u0131k olmayan bir hataya dayan\u0131yordu: GitHub veya benzer bir hizmetteki halka a\u00e7\u0131k bir havuza kaynak koduyla birlikte kimlik do\u011frulama verilerinin y\u00fcklenmesi. GitGuardian taraf\u0131ndan haz\u0131rlanan bir rapora g\u00f6re<\/a>, her g\u00fcn 5.000\u2019e kadar \u201cgizli bilgi\u201d (API anahtarlar\u0131, parola\/kullan\u0131c\u0131 ad\u0131 ikilisi, sertifikalar) GitHub\u2019a y\u00fckleniyor ve 2020\u2019de bu tarzda 2 milyon s\u0131z\u0131nt\u0131 g\u00f6r\u00fcld\u00fc.<\/p>\n

\"\"

Google\u2019a g\u00f6re, sunucular\u0131 hacklenmeye a\u00e7\u0131k hale getiren g\u00fcvenlik a\u00e7\u0131klar\u0131. Sald\u0131r\u0131lar\u0131n \u00e7o\u011funun nedeni zay\u0131f veya eksik parolalard\u0131. Kaynak<\/a>.<\/p><\/div>\n

\u00a0<\/p>\n

Google, siber su\u00e7lular\u0131n belirli \u015firketleri hedef almama e\u011filiminde oldu\u011funu, bunun yerine g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan \u00f6rnekleri aramak i\u00e7in Google Cloud Platform\u2019a ait t\u00fcm IP adreslerini d\u00fczenli olarak tarad\u0131\u011f\u0131n\u0131 belirtiyor. Bu otomasyonun anlam\u0131 a\u00e7\u0131kt\u0131r: Korunmas\u0131z bir sunucuyu internet \u00fczerinden eri\u015filebilir hale getirirseniz, hacklenme ihtimali hemen hemen kesindir ve muhtemelen yak\u0131nda hacklenecektir (baz\u0131 durumlarda, sald\u0131r\u0131 yeni bir \u00f6rne\u011fin olu\u015fturulmas\u0131ndan sonraki 30 dakika i\u00e7inde ba\u015flam\u0131\u015ft\u0131r). Hacklenen sunucular\u0131n \u00e7o\u011fu yar\u0131m dakika i\u00e7inde yasad\u0131\u015f\u0131 operasyonlara dahil edildi\u011finden, hacklenme ile k\u00f6t\u00fc niyetli faaliyetlerin ba\u015flamas\u0131 aras\u0131ndaki s\u00fcre daha da k\u0131sad\u0131r.<\/p>\n

Sald\u0131rganlar neden Google Cloud Platform \u00f6rneklerini tercih ediyor?<\/h2>\n

Siber su\u00e7lular, hackledikten sonra bulut kaynaklar\u0131yla ne yap\u0131yor? Vakalar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011funda (%86), sunucuya bir kripto madencilik yaz\u0131l\u0131m\u0131 (kripto para birimi olu\u015fturmak i\u00e7in ba\u015fkalar\u0131n\u0131n kaynaklar\u0131n\u0131 kullanan bir program) kuruldu. En yayg\u0131n olarak kritp madencilikte kullan\u0131lan kaynaklar CPU\/GPU kaynaklar\u0131d\u0131r, ancak raporda ayn\u0131 zamanda bo\u015f disk alan\u0131ndan yararlanan Chia kripto para birimi madencili\u011finden de bahsediliyor. Vakalar\u0131n di\u011fer %10\u2019unu olu\u015fturan g\u00fcvenli\u011fi ihlal edilmi\u015f sunucular, yeni kurbanlar\u0131 aramak i\u00e7in ba\u011flant\u0131 noktas\u0131 taramas\u0131 i\u00e7in kullan\u0131ld\u0131. Vakalar\u0131n %8\u2019inde ise sunucudan di\u011fer a\u011f kaynaklar\u0131na sald\u0131r\u0131 ger\u00e7ekle\u015ftirildi. Ele ge\u00e7irilen bulut platformu sunucular\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131 daha nadir yasa d\u0131\u015f\u0131 etkinlik t\u00fcrleri aras\u0131nda \u015funlar yer al\u0131yor: K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, yasak i\u00e7erik veya her ikisini birden bar\u0131nd\u0131rma, DDoS sald\u0131r\u0131lar\u0131n\u0131 ger\u00e7ekle\u015ftirme ve spam e-posta da\u011f\u0131t\u0131m\u0131.<\/p>\n

\"\"

Hacklenmi\u015f bulut sunucular\u0131ndaki k\u00f6t\u00fc ama\u00e7l\u0131 etkinlik t\u00fcrleri. Baz\u0131 durumlarda, ayn\u0131 anda birka\u00e7 t\u00fcrde yasad\u0131\u015f\u0131 faaliyet ger\u00e7ekle\u015ftirildi. Kaynak<\/a>.<\/p><\/div>\n

Birisi bir bulut hizmetini hackleyip, kripto madencilik yaz\u0131l\u0131m\u0131 kurarsa, eylemleri yaln\u0131zca m\u00fc\u015fterinin itibar\u0131n\u0131 zedelemekle ve kendi uygulamalar\u0131na veya internet sitelerine eri\u015fimi riske atmakla kalmaz, ayn\u0131 zamanda kurbanlar\u0131 da sadece birka\u00e7 saat i\u00e7inde bile b\u00fcy\u00fck tutarda hizmet kullan\u0131m faturalar\u0131yla kar\u015f\u0131 kar\u015f\u0131ya b\u0131rakabilir.<\/p>\n

GCP \u00f6rneklerinin g\u00fcvenli\u011fini sa\u011flamaya y\u00f6nelik \u00f6neriler<\/h2>\n

Google\u2019\u0131n inceledi\u011fi \u00e7o\u011fu vakada kullan\u0131c\u0131lar, g\u00fc\u00e7l\u00fc parolalar ve ek yetkilendirme fakt\u00f6rleri kullanmak, kaynak kodu y\u00fcklerken gereken \u00f6zeni g\u00f6stermek ve bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 d\u00fczeltmek i\u00e7in y\u00fckl\u00fc olan yaz\u0131l\u0131mlar\u0131 d\u00fczenli olarak g\u00fcncellemek gibi minimum g\u00fcvenlik gereksinimlerini takip ederek ya\u015fanan sorunlar\u0131n \u00f6n\u00fcne ge\u00e7ebilirdi.<\/p>\n

Genel olarak, bulut sistemler i\u00e7in de di\u011fer altyap\u0131 t\u00fcrleri ile ayn\u0131 koruma \u00f6nlemlerini uygulamak gerekiyor. Asgari olarak d\u00fczenli denetimlere, \u015f\u00fcpheli faaliyetlerin izlenmesine ve kritik verilerin yal\u0131t\u0131lmas\u0131na ihtiya\u00e7 duyarlar.<\/p>\n

Yaln\u0131zca Google Cloud Platform kullanan kurulu\u015flar i\u00e7in de\u011fil altyap\u0131s\u0131n\u0131 genel bulut hizmetlerine da\u011f\u0131tan t\u00fcm i\u015fletmelerin birka\u00e7 ek \u00f6nlem al\u0131nmas\u0131 gereklidir. Google\u2019\u0131n belirtti\u011fi gibi, bu \u00f6nlemlerin en \u00f6nemlilerinden biri, kaynak t\u00fcketiminin belirli bir e\u015fi\u011fi a\u015ft\u0131\u011f\u0131n\u0131 belirlemek veya maliyetlerde h\u0131zl\u0131 bir art\u0131\u015f tespit etmek i\u00e7in otomatik ko\u015fullu uyar\u0131lar ayarlamakt\u0131r.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Google Cloud Platform’daki bulut sistemlere y\u00f6nelik d\u00fczenlenen tipik sald\u0131r\u0131larla ilgili Google’\u0131n haz\u0131rlad\u0131\u011f\u0131 raporda neler yer al\u0131yor?<\/p>\n","protected":false},"author":665,"featured_media":10449,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1195,2527,2528],"class_list":{"0":"post-10448","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-bulut","10":"tag-genel-bulut","11":"tag-kripto-madencilik-yazilimlari"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/attacks-on-google-cloud-platform\/10448\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/attacks-on-google-cloud-platform\/23825\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/attacks-on-google-cloud-platform\/19324\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/attacks-on-google-cloud-platform\/9690\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/attacks-on-google-cloud-platform\/26054\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/attacks-on-google-cloud-platform\/24023\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/attacks-on-google-cloud-platform\/23732\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/attacks-on-google-cloud-platform\/26718\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/attacks-on-google-cloud-platform\/26304\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/attacks-on-google-cloud-platform\/32206\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/attacks-on-google-cloud-platform\/43312\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/attacks-on-google-cloud-platform\/18419\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/attacks-on-google-cloud-platform\/18801\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/attacks-on-google-cloud-platform\/15707\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/attacks-on-google-cloud-platform\/27965\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/attacks-on-google-cloud-platform\/32290\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/attacks-on-google-cloud-platform\/28015\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/attacks-on-google-cloud-platform\/24773\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/attacks-on-google-cloud-platform\/30171\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/attacks-on-google-cloud-platform\/29962\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/bulut\/","name":"bulut"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10448"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10448\/revisions"}],"predecessor-version":[{"id":10453,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10448\/revisions\/10453"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10449"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}