{"id":4372,"date":"2017-11-07T12:58:40","date_gmt":"2017-11-07T09:58:40","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=4372"},"modified":"2019-11-15T14:47:00","modified_gmt":"2019-11-15T11:47:00","slug":"silence-financial-apt","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/silence-financial-apt\/4372\/","title":{"rendered":"Sessizlik kanser gibi b\u00fcy\u00fcyor"},"content":{"rendered":"<p>Uzmanlar\u0131m\u0131z, Silence (Sessizlik) ad\u0131nda, Truva At\u0131 kullanan yeni bir hedefli sald\u0131r\u0131 ke\u015ffetti. Bu sald\u0131r\u0131 finansal kurumlara kar\u015f\u0131 d\u00fczenleniyor. Sald\u0131r\u0131n\u0131n ilk hedefi Rus bankalar\u0131 ancak Malezya ve Ermenistan kurumlar\u0131 da sald\u0131r\u0131dan etkilenenler aras\u0131nda.<\/p>\n<p>Sald\u0131r\u0131, taktiksel a\u00e7\u0131dan Carbanak olarak bilinen standart finansal APT sald\u0131r\u0131lar\u0131na \u00e7ok benziyor. Carbanak banka ve finansal kurum \u00e7al\u0131\u015fanlar\u0131na g\u00f6nderilen kimlik av\u0131 e-postas\u0131ndaki k\u00f6t\u00fc ama\u00e7l\u0131 bir ekle ba\u015fl\u0131yor ve daha sonra \u00e7al\u0131\u015fanlar\u0131n izlenerek hileli i\u015flemler ger\u00e7ekle\u015ftiriyor. Ba\u015far\u0131s\u0131n\u0131 kan\u0131tlam\u0131\u015f olan bu y\u00f6ntem, <a href=\"https:\/\/www.kaspersky.com\/blog\/billion-dollar-apt-carbanak\/7519\/\" target=\"_blank\" rel=\"noopener nofollow\">arkas\u0131ndaki ki\u015filere milyarlarca dolar kazand\u0131rd\u0131<\/a>. Bu sald\u0131rganlar da muhtemelen ayn\u0131 y\u00f6ntemi bir kez daha denemek istediler.<\/p>\n<p>Ancak bu sefer sald\u0131r\u0131da m\u00fckemmel bir e-posta tuza\u011f\u0131 kullan\u0131l\u0131yor. Sald\u0131rganlar, altyap\u0131ya ve kuruma sald\u0131rd\u0131ktan ve s\u0131zd\u0131ktan sonra bankan\u0131n i\u015f ortaklar\u0131na \u201cs\u00f6zle\u015fmeler\u201d ile ilgili e-postalar atmaya ba\u015fl\u0131yor. Bir sonraki kurban ger\u00e7ek bir banka \u00e7al\u0131\u015fan\u0131n\u0131n adresinden gelen bir kimlik av\u0131 mesaj\u0131 al\u0131yor. Bu durum zararl\u0131 eke t\u0131klanma oran\u0131n\u0131 olduk\u00e7a artt\u0131r\u0131yor.<\/p>\n<h2>Silence nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/h2>\n<p>Finansal bir kurumda \u00e7al\u0131\u015fan kurban e -posta ekindeki \u201cs\u00f6zle\u015fmeyi\u201d a\u00e7ar. Bu dosya, Microsoft yard\u0131m dosyas\u0131 uzant\u0131s\u0131 olan .chm uzant\u0131l\u0131 bir dosyad\u0131r. G\u00f6m\u00fcl\u00fc HTML dosyas\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 bir JavaScript kodu i\u00e7erir. Bu kod, bilgisayara bir <a href=\"https:\/\/securelist.com\/threats\/trojan-droppers-glossary\/\" target=\"_blank\" rel=\"noopener\">dropper<\/a> (dosya y\u00fckleyici) y\u00fckler ve etkinle\u015ftirir. Daha sonra bu dropper Windows hizmetlerinde \u00e7al\u0131\u015fabilen Silence Truva At\u0131\u2019n\u0131n mod\u00fcllerini y\u00fckler. Ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z, sald\u0131r\u0131 i\u00e7in kontrol ve izleme, ekran kayd\u0131 ve kontrol sunucular\u0131yla ileti\u015fim sa\u011flayan mod\u00fcllerin yan\u0131 s\u0131ra konsol komutlar\u0131n\u0131n uzaktan y\u00fcr\u00fct\u00fclmesi i\u00e7in bir program buldu.<\/p>\n<p>Bu mod\u00fcller sald\u0131rganlar\u0131n vir\u00fcsl\u00fc a\u011fdan bilgi toplamas\u0131n\u0131 ve \u00e7al\u0131\u015fanlar\u0131n ekranlar\u0131ndan g\u00f6r\u00fcnt\u00fc kaydetmelerini sa\u011flar. Sald\u0131r\u0131n\u0131n ilk a\u015famalar\u0131nda herkes izlenirken daha sonra yaln\u0131zca kullan\u0131\u015fl\u0131 finansal bilgilere sahip \u00e7al\u0131\u015fanlar\u0131 izlenilir. Sald\u0131rganlar kurban\u0131n bilgi sistemlerinin nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 tam olarak anlad\u0131ktan sonra fonlar\u0131n kendi hesaplar\u0131na aktar\u0131lmas\u0131 komutunu verir.<\/p>\n<p>Bu sald\u0131r\u0131 hakk\u0131ndaki teknik ayr\u0131nt\u0131lara ve Risk G\u00f6stergelerine bu <a href=\"https:\/\/securelist.com\/the-silence\/83009\/\" target=\"_blank\" rel=\"noopener\">Securelist<\/a> makalesinden ula\u015fabilirsiniz.<\/p>\n<h2>\u0130\u015fletmenizi Silence sald\u0131r\u0131s\u0131na kar\u015f\u0131 nas\u0131l koruyabilirsiniz?<\/h2>\n<p>G\u00f6rd\u00fc\u011f\u00fcn\u00fcz \u00fczere \u00e7al\u0131\u015fanlar\u0131n\u0131za d\u0131\u015far\u0131dan gelen e-posta eklerini a\u00e7mamak konusunda uyarmak yeterli de\u011fildir. Finansal kurumlar\u0131 g\u00fcn\u00fcm\u00fcz tehditlerine kar\u015f\u0131 korumak i\u00e7in a\u015fa\u011f\u0131dakileri yapman\u0131z\u0131 \u00f6neririz:<\/p>\n<ol>\n<li>\u00c7al\u0131\u015fan fark\u0131ndal\u0131\u011f\u0131n\u0131 artt\u0131rmak i\u00e7in e\u011fitim oturumlar\u0131 ve uygulamal\u0131 e\u011fitimler ger\u00e7ekle\u015ftirin. \u00d6rne\u011fin <a href=\"https:\/\/www.kaspersky.com\/advert\/enterprise-security\/security-awareness?redef=1&amp;THRU&amp;reseller=gl_kdailypost_acq_ona_smm__onl_b2b_kasperskydaily_lnk_______\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security Awareness<\/a> \u00e7\u00f6z\u00fcm\u00fcne g\u00f6z atabilirsiniz. Bu \u00e7\u00f6z\u00fcm, tehditler hakk\u0131nda bir dizi dersten de\u011fil daha \u00e7ok \u00e7al\u0131\u015fanlar\u0131n pratik becerilerini geli\u015ftirebilece\u011fi sald\u0131r\u0131 simulasyonlar\u0131ndan olu\u015fan uygulamal\u0131 al\u0131\u015ft\u0131rmalara dayan\u0131r. (T\u00fcrk\u00e7e bilgi almak i\u00e7in sosyal medya \u00fczerinden bizimle ileti\u015fime ge\u00e7ebilirsiniz.)<\/li>\n<li>A\u011f\u0131n\u0131z\u0131n derinliklerindeki anormallikleri tespit etme kabiliyetine sahip \u00fcr\u00fcnler kullan\u0131n. \u00d6rne\u011fin, <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/anti-targeted-attacks\" target=\"_blank\" rel=\"noopener\">Kaspersky Anti Targeted Attack<\/a> \u00fcr\u00fcn\u00fc bunun i\u00e7in m\u00fckemmeldir. Bu g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc, hen\u00fcz bilinmeyen y\u00f6ntemler kullanan hedefli sald\u0131r\u0131lar\u0131 bile tespit edebilir.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Uzmanlar\u0131m\u0131z, Silence (Sessizlik) ad\u0131nda, Truva At\u0131 kullanan yeni bir hedefli sald\u0131r\u0131 ke\u015ffetti. Bu sald\u0131r\u0131 finansal kurumlara kar\u015f\u0131 d\u00fczenleniyor. Sald\u0131r\u0131n\u0131n ilk hedefi Rus bankalar\u0131 ancak Malezya ve Ermenistan kurumlar\u0131 da sald\u0131r\u0131dan etkilenenler aras\u0131nda.<\/p>\n","protected":false},"author":700,"featured_media":4373,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[493,978,781,1429,1430,584,76,1432,1431,241,652,1428],"class_list":{"0":"post-4372","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-apt","10":"tag-bankalar","11":"tag-finans","12":"tag-kaspersky-anti-targeted-attack","13":"tag-kaspersky-security-awareness","14":"tag-oltalama","15":"tag-phishing","16":"tag-sessizlik","17":"tag-silence","18":"tag-trojan","19":"tag-truva-ati","20":"tag-yatirim"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/silence-financial-apt\/4372\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/silence-financial-apt\/11689\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/silence-financial-apt\/14714\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/silence-financial-apt\/14436\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/silence-financial-apt\/19121\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/silence-financial-apt\/19993\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/silence-financial-apt\/8460\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/silence-financial-apt\/15169\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/silence-financial-apt\/18600\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/apt\/","name":"APT"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=4372"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4372\/revisions"}],"predecessor-version":[{"id":7010,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4372\/revisions\/7010"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/4373"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=4372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=4372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=4372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}