{"id":5166,"date":"2018-08-06T10:26:58","date_gmt":"2018-08-06T07:26:58","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5166"},"modified":"2018-09-18T15:29:30","modified_gmt":"2018-09-18T12:29:30","slug":"powerghost-fileless-miner","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/powerghost-fileless-miner\/5166\/","title":{"rendered":"PowerGhost: Hayalet veri madencili\u011fine dikkat edin"},"content":{"rendered":"

Uzmanlar\u0131m\u0131z yak\u0131n zamanda \u00f6ncelikle kurumsal a\u011flara odaklanan bir madenci<\/a> ke\u015ffetti. PowerGhost; dosyas\u0131z yap\u0131s\u0131 sayesinde, kurbanlar\u0131n\u0131n \u00e7al\u0131\u015fma yerlerine veya sunucular\u0131na fark edilmeden eklenebiliyor. \u015eimdiye kadar kaydetti\u011fimiz sald\u0131r\u0131lar\u0131n \u00e7o\u011fu Hindistan, T\u00fcrkiye, Brezilya veya Kolombiya\u2019da ger\u00e7ekle\u015fti.<\/p>\n

\"\"<\/p>\n

Bir \u015firketin altyap\u0131s\u0131na n\u00fcfuz eden PowerGhost, me\u015fru uzaktan y\u00f6netim arac\u0131 Windows Y\u00f6netim Ara\u00e7lar\u0131 (WMI) ile a\u011fdaki kullan\u0131c\u0131 hesaplar\u0131na giri\u015f yapmay\u0131 deniyor. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, Mimikatz isimli bir veri ay\u0131klama arac\u0131n\u0131 kullanarak giri\u015fleri ve parolalar\u0131 elde ediyor. Bu madenci ayn\u0131 zamanda WannaCry<\/a> ve ExPetr<\/a> yarat\u0131c\u0131lar\u0131 taraf\u0131ndan kullan\u0131lan ve Windows\u2019taki g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanan EternalBlue yoluyla da da\u011f\u0131t\u0131labiliyor. Teorik olarak bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bir y\u0131l \u00f6nce d\u00fczeltilmi\u015fti fakat pratikte, \u00e7al\u0131\u015fmaya devam ediyor.<\/p>\n

K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kurbanlar\u0131n cihazlar\u0131n\u0131 ele ge\u00e7irdi\u011finde i\u015fletim sisteminde \u00e7e\u015fitli g\u00fcvenlik a\u00e7\u0131klar\u0131 yoluyla ayr\u0131cal\u0131klar\u0131n\u0131 art\u0131rmaya \u00e7al\u0131\u015f\u0131r (teknik ayr\u0131nt\u0131lar i\u00e7in Securelist blog g\u00f6nderisine<\/a> bak\u0131n). Sonras\u0131nda madenci, sistemde kendisine yer edinerek sahipleri i\u00e7in kripto para kazanmaya ba\u015flar.<\/p>\n

PowerGhost neden tehlikelidir?<\/h2>\n

Di\u011fer madenciler gibi PowerGhost da kripto para olu\u015fturmak i\u00e7in i\u015flemci kaynaklar\u0131n\u0131z\u0131 kullan\u0131r. Bu, sunucu ve di\u011fer cihazlar\u0131n performans\u0131n\u0131 azaltmas\u0131n\u0131n yan\u0131 s\u0131ra y\u0131pranma ve a\u015f\u0131nmay\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde h\u0131zland\u0131rarak de\u011fi\u015fim maliyetlerine neden olur.<\/p>\n

Yine de benzeri programlar\u0131n\u0131n \u00e7o\u011fuyla kar\u015f\u0131la\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda, cihaza k\u00f6t\u00fc ama\u00e7l\u0131 dosyalar indirmedi\u011fi i\u00e7in PowerGhost\u2019un fark edilmesi \u00e7ok daha zordur. Bu ayn\u0131 zamanda sunucu veya \u00e7al\u0131\u015fma yerinizde fark edilmeden daha uzun s\u00fcre \u00e7al\u0131\u015fabilece\u011fi ve daha fazla hasara neden olabilece\u011fi anlam\u0131na gelir.<\/p>\n

Dahas\u0131, uzmanlar\u0131m\u0131z, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n bir s\u00fcr\u00fcm\u00fcnde DDoS sald\u0131r\u0131lar\u0131 i\u00e7in bir ara\u00e7 ke\u015ffetti. \u015eirket sunucular\u0131n\u0131n ba\u015fka bir kurban\u0131 bombalamak i\u00e7in kullan\u0131m\u0131, operasyon faaliyetlerini yava\u015flatabilir, hatta fel\u00e7 edebilir. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n ilgin\u00e7 yeteneklerinden biri de, ger\u00e7ek bir i\u015fletim sistemi alt\u0131nda veya koruma alan\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131n\u0131 kontrol edip standart g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini atlatmas\u0131d\u0131r.<\/p>\n

PowerGhost avc\u0131lar\u0131<\/h2>\n

Bula\u015fmay\u0131 \u00f6nlemek ve ekipman\u0131 PowerGhost veya benzeri k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n sald\u0131r\u0131s\u0131ndan korumak i\u00e7in kurumsal a\u011flar\u0131n g\u00fcvenli\u011fini dikkatle izlemelisiniz.<\/p>\n

    \n
  • Yaz\u0131l\u0131m ve i\u015fletim sistemi g\u00fcncellemelerini atlamay\u0131n. Sat\u0131c\u0131lar, madencilerin faydaland\u0131\u011f\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n neredeyse tamam\u0131n\u0131 uzun bir s\u00fcredir d\u00fczeltiyor. Vir\u00fcs yaz\u0131c\u0131lar\u0131 da, \u00fcr\u00fcnleri \u00fczerinde yapt\u0131klar\u0131 geli\u015ftirmelerini, uzun s\u00fcredir d\u00fczeltilmekte olan bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan faydalanarak devam ettiriyor.<\/li>\n
  • \u00c7al\u0131\u015fanlar\u0131n g\u00fcvenlik fark\u0131ndal\u0131\u011f\u0131 ile ilgili bilgi ve becerilerini geli\u015ftirin. Siber olaylar\u0131n \u00e7o\u011funun insan fakt\u00f6r\u00fcnden kaynakland\u0131\u011f\u0131n\u0131 unutmay\u0131n.<\/li>\n
  • Davran\u0131\u015f analizi teknolojisi sunan g\u00fcvenilir g\u00fcvenlik \u00e7\u00f6z\u00fcmleri kullan\u0131n; ancak bu \u015fekilde dosyas\u0131z tehditleri yakalayabilirsiniz. Kaspersky Lab\u2019in kurumsal \u00fcr\u00fcnleri, PowerGhost ve ayr\u0131 bile\u015fenlerinin yan\u0131 s\u0131ra, \u015fu an bilinmeyenler de dahil olmak \u00fczere bir \u00e7ok di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 program\u0131 tespit edebilir.<\/li>\n<\/ul>\n\n","protected":false},"excerpt":{"rendered":"

    Uzmanlar\u0131m\u0131z yak\u0131n zamanda \u00f6ncelikle kurumsal a\u011flara odaklanan bir madenci ke\u015ffetti. PowerGhost; dosyas\u0131z yap\u0131s\u0131 sayesinde, kurbanlar\u0131n\u0131n \u00e7al\u0131\u015fma yerlerine veya sunucular\u0131na fark edilmeden eklenebiliyor. \u015eimdiye kadar kaydetti\u011fimiz sald\u0131r\u0131lar\u0131n \u00e7o\u011fu Hindistan, T\u00fcrkiye, Brezilya veya Kolombiya’da ger\u00e7ekle\u015fti.<\/p>\n","protected":false},"author":2484,"featured_media":5168,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[1033,1689,1663,1457,537,553],"class_list":{"0":"post-5166","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-ddos","10":"tag-kripto-hirsizlik","11":"tag-kripto-madencilik","12":"tag-madenci","13":"tag-tehditler","14":"tag-zararli-yazilim-2"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/powerghost-fileless-miner\/5166\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/powerghost-fileless-miner\/13753\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/powerghost-fileless-miner\/11516\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/powerghost-fileless-miner\/15815\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/powerghost-fileless-miner\/14095\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/powerghost-fileless-miner\/13220\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/powerghost-fileless-miner\/16598\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/powerghost-fileless-miner\/16030\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/powerghost-fileless-miner\/20963\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/powerghost-fileless-miner\/23310\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/powerghost-fileless-miner\/10782\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/powerghost-fileless-miner\/10561\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/powerghost-fileless-miner\/9531\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/powerghost-fileless-miner\/17369\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/powerghost-fileless-miner\/20964\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/powerghost-fileless-miner\/23714\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/powerghost-fileless-miner\/17032\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/powerghost-fileless-miner\/20678\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/powerghost-fileless-miner\/20676\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tehditler\/","name":"tehditler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2484"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5166"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5166\/revisions"}],"predecessor-version":[{"id":5169,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5166\/revisions\/5169"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5168"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}