{"id":5483,"date":"2018-12-18T16:10:35","date_gmt":"2018-12-18T13:10:35","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5483"},"modified":"2019-11-15T14:35:27","modified_gmt":"2019-11-15T11:35:27","slug":"dark-vishnya-attack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/dark-vishnya-attack\/5483\/","title":{"rendered":"\u015eirket \u0130\u00e7inden Gelen DarkVishnya sald\u0131r\u0131lar\u0131"},"content":{"rendered":"<p>Normal \u015fartlar alt\u0131nda bir siber olay\u0131 ara\u015ft\u0131r\u0131rken \u00f6ncelikle vir\u00fcs\u00fcn kayna\u011f\u0131na bakar\u0131z. Kayna\u011f\u0131 bulmak zor de\u011fildir. K\u00f6t\u00fc ama\u00e7l\u0131 bir ek veya ba\u011flant\u0131 i\u00e7eren bir e-posta ya da ele ge\u00e7irilmi\u015f bir sunucu olup olmad\u0131\u011f\u0131n\u0131 ara\u015ft\u0131r\u0131r\u0131z. Genellikle g\u00fcvenlik uzmanlar\u0131nda bir ekipman listesi bulunur, yapman\u0131z gereken tek \u015fey k\u00f6t\u00fc ama\u00e7l\u0131 etkinli\u011fi hangi makinenin ba\u015flatt\u0131\u011f\u0131n\u0131 bulmakt\u0131r. Peki ya t\u00fcm bilgisayarlar temiz olmas\u0131na ra\u011fmen k\u00f6t\u00fc ama\u00e7l\u0131 etkinlik devam ediyorsa\u2026<\/p>\n<p>K\u0131sa bir s\u00fcre \u00f6nce uzmanlar\u0131m\u0131z, tam olarak b\u00f6yle bir olay\u0131n ara\u015ft\u0131r\u0131lmas\u0131na dahil oldu. Ara\u015ft\u0131rma sonucunda, sald\u0131rganlar\u0131n, kendi ekipmanlar\u0131n\u0131 fiziksel olarak kurumsal a\u011fa ba\u011flad\u0131\u011f\u0131 ke\u015ffedildi.<\/p>\n<p>DarkVishnya ad\u0131 verilen bu sald\u0131r\u0131 t\u00fcr\u00fc, su\u00e7lunun ma\u011fdurun ofisine bir cihaz getirip bunu kurumsal a\u011fa ba\u011flamas\u0131yla ba\u015fl\u0131yor. Sald\u0131rganlar, bu cihaz arac\u0131l\u0131\u011f\u0131yla \u015firketin BT altyap\u0131s\u0131n\u0131 ke\u015ffedebiliyor, parolalar\u0131 ele ge\u00e7irebiliyor, ortak klas\u00f6rlerdeki bilgileri okuyabiliyor ve daha bir\u00e7ok \u015feyi yapabiliyor.<\/p>\n<p>Sald\u0131r\u0131yla ilgili teknik ayr\u0131nt\u0131lara, <a href=\"https:\/\/securelist.com\/darkvishnya\/89169\/\" target=\"_blank\" rel=\"noopener\">bu Securelist g\u00f6nderisinden ula\u015fabilirsiniz<\/a>. Ara\u015ft\u0131rd\u0131\u011f\u0131m\u0131z vakada, sald\u0131rganlar Do\u011fu Avrupa\u2019daki bankalar\u0131 hedef al\u0131yordu. Ancak y\u00f6ntem, herhangi bir b\u00fcy\u00fck \u015firkete kar\u015f\u0131 kullan\u0131labilir. \u015eirket ne kadar b\u00fcy\u00fckse sald\u0131rganlar\u0131n i\u015fi de o kadar kolayla\u015f\u0131r; k\u00f6t\u00fc ama\u00e7l\u0131 bir cihaz\u0131, b\u00fcy\u00fck bir ofiste saklamak daha kolayd\u0131r, \u00f6zellikle \u015firket, d\u00fcnya genelinde, tek bir a\u011fa ba\u011fl\u0131 birden \u00e7ok ofise sahipse sald\u0131r\u0131 daha da etkili olur.<\/p>\n<h2>Cihazlar<\/h2>\n<p>Bu vakay\u0131 ara\u015ft\u0131ran uzmanlar\u0131m\u0131z, \u00fc\u00e7 cihaz t\u00fcr\u00fcn\u00fcn kullan\u0131ld\u0131\u011f\u0131n\u0131 tespit etti. Bu cihazlar\u0131n tamam\u0131n\u0131n tek bir grup taraf\u0131ndan m\u0131 yoksa birden \u00e7ok akt\u00f6r taraf\u0131ndan m\u0131 yerle\u015ftirildi\u011fini hen\u00fcz bilmiyoruz fakat t\u00fcm sald\u0131r\u0131larda ayn\u0131 ilke kullan\u0131lm\u0131\u015f. Sald\u0131r\u0131ya dahil olan cihazlar\u0131 a\u015fa\u011f\u0131da g\u00f6rebilirsiniz:<\/p>\n<ul>\n<li>Ucuz bir diz\u00fcst\u00fc bilgisayar veya netbook. Sald\u0131rganlar\u0131n, \u00fcst model bir cihaza ihtiya\u00e7lar\u0131 yok; ikinci el bir bilgisayar al\u0131p 3G modem takabilir ve uzaktan kontrol program\u0131n\u0131 kurabilirler. Daha sonra fark edilmesini \u00f6nlemek i\u00e7in cihaz\u0131 saklayabilir ve birisi a\u011fa, di\u011feri g\u00fc\u00e7 kayna\u011f\u0131na olmak \u00fczere iki kablo ba\u011flayabilirler.<\/li>\n<li>Raspberry Pi. USB ba\u011flant\u0131s\u0131ndan g\u00fc\u00e7 alan bu minyat\u00fcr bilgisayar, Raspberry Pi, ucuz ve dikkat \u00e7ekmeyen bir cihazd\u0131r. Bu cihaz\u0131n sat\u0131n al\u0131nmas\u0131 ve ofiste saklanmas\u0131, diz\u00fcst\u00fc bilgisayara g\u00f6re daha kolayd\u0131r. Cihaz, kablolar\u0131n aras\u0131na gizlenerek bir bilgisayara veya lobideki ya da bekleme odas\u0131ndaki bir televizyonun USB giri\u015fine tak\u0131labilir.<\/li>\n<li>Bash Bunny. S\u0131zma testlerinde ara\u00e7 olarak kullan\u0131lmak \u00fczere tasarlanan Bash Bunny, rahatl\u0131kla hacker forumlar\u0131ndan sat\u0131n al\u0131nabilir. Bu cihaz, \u00f6zel bir a\u011f ba\u011flant\u0131s\u0131na ihtiya\u00e7 duymaz, herhangi bir bilgisayar\u0131n USB giri\u015fi arac\u0131l\u0131\u011f\u0131yla \u00e7al\u0131\u015f\u0131r. Cihaz\u0131n bu \u00f6zelli\u011fi, bir yandan flash s\u00fcr\u00fcc\u00fc gibi g\u00f6r\u00fcnmesini sa\u011flayarak saklamay\u0131 kolayla\u015ft\u0131r\u0131rken di\u011fer yandan cihaz kontrol teknolojisinin, an\u0131nda cihaza m\u00fcdahale etmesine neden olur ve bu se\u00e7ene\u011fin ba\u015far\u0131l\u0131 olma ihtimalini d\u00fc\u015f\u00fcr\u00fcr.<\/li>\n<\/ul>\n<h2>Bu cihazlar a\u011fa nas\u0131l ba\u011flan\u0131r?<\/h2>\n<p>G\u00fcvenlik meselelerinin, ciddiye al\u0131nd\u0131\u011f\u0131 \u015firketlerde bile b\u00f6yle bir cihaz\u0131n yerle\u015ftirilmesi imkans\u0131z de\u011fildir. Kuryeler, i\u015f arayanlar, i\u015f ortaklar\u0131n\u0131n veya m\u00fc\u015fterilerin temsilcileri, genellikle rahat\u00e7a ofislere girip \u00e7\u0131kar. Dolay\u0131s\u0131yla sald\u0131rganlar, bunlardan birini taklit etmeye \u00e7al\u0131\u015fabilir.<\/p>\n<p>Di\u011fer bir risk de \u015fudur: Ethernet yuvalar\u0131; koridorlar, toplant\u0131 odalar\u0131 ve salonlar dahil olmak \u00fczere ofislerin neredeyse her yerine kurulur. Ortalama bir i\u015f merkezinde biraz etrafa bak\u0131n\u0131rsan\u0131z, a\u011fa ve g\u00fc\u00e7 kayna\u011f\u0131na ba\u011fl\u0131 k\u00fc\u00e7\u00fck bir cihaz\u0131 saklayabilecek bir yer bulabilirsiniz.<\/p>\n<h2>Ne yapmal\u0131s\u0131n\u0131z?<\/h2>\n<p>Bu sald\u0131r\u0131n\u0131n en az bir zay\u0131f noktas\u0131 vard\u0131r: Sald\u0131rgan, ofise gelmek ve cihaz\u0131 fiziksel olarak ba\u011flamak zorundad\u0131r. Dolay\u0131s\u0131yla d\u0131\u015far\u0131dan gelenlerin ula\u015fabilece\u011fi noktalardan a\u011f eri\u015fimini k\u0131s\u0131tlayarak i\u015fe ba\u015flayabilirsiniz.<\/p>\n<ul>\n<li>Herkese a\u00e7\u0131k alanlardaki kullan\u0131lmayan Ethernet \u00e7\u0131k\u0131\u015flar\u0131n\u0131 s\u00f6k\u00fcn. Bu m\u00fcmk\u00fcn de\u011filse en az\u0131ndan bu \u00e7\u0131k\u0131\u015flar\u0131 ayr\u0131 bir a\u011f segmentinde izole edin.<\/li>\n<li>Ethernet yuvalar\u0131n\u0131, g\u00fcvenlik kameralar\u0131n\u0131n g\u00f6rebilece\u011fi noktalara yerle\u015ftirin. Bu \u00f6nlem, sald\u0131rganlar\u0131 cayd\u0131rabilir veya en az\u0131ndan bir olay\u0131 ara\u015ft\u0131rman\u0131z gerekti\u011finde kullan\u0131\u015fl\u0131 olabilir.<\/li>\n<li>G\u00fcvenli cihaz kontrol teknolojilerine sahip bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc kullan\u0131n. \u00d6rne\u011fin <a href=\"https:\/\/go.kaspersky.com\/Global_Trial_Advanced_SOC.html?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=tr_KESB-organic_organic&amp;utm_content=link&amp;utm_term=tr_kdaily_organic_link_blog_KESB-organic&amp;_ga=2.13898807.1059749368.1545138649-840717883.1532418141\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Endpoint Security for Business<\/a> \u00e7\u00f6z\u00fcm\u00fcn\u00fc tercih edebilirsiniz.<\/li>\n<li>A\u011fdaki anormallikleri ve \u015f\u00fcpheli etkinlikleri izlemek i\u00e7in \u00f6zelle\u015ftirilmi\u015f bir \u00e7\u00f6z\u00fcm kullanmay\u0131 d\u00fc\u015f\u00fcnebilirsiniz. \u00d6rne\u011fin <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/anti-targeted-attack-platform\" target=\"_blank\" rel=\"noopener\">Kaspersky Anti Targeted Attack Platform<\/a> bu i\u015f i\u00e7in uygun bir \u00e7\u00f6z\u00fcmd\u00fcr.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n","protected":false},"excerpt":{"rendered":"<p>Normal \u015fartlar alt\u0131nda bir siber olay\u0131 ara\u015ft\u0131r\u0131rken \u00f6ncelikle vir\u00fcs\u00fcn kayna\u011f\u0131na bakar\u0131z. Kayna\u011f\u0131 bulmak zor de\u011fildir. K\u00f6t\u00fc ama\u00e7l\u0131 bir ek veya ba\u011flant\u0131 i\u00e7eren bir e-posta ya da ele ge\u00e7irilmi\u015f bir sunucu olup olmad\u0131\u011f\u0131n\u0131 ara\u015ft\u0131r\u0131r\u0131z. Genellikle g\u00fcvenlik uzmanlar\u0131nda bir ekipman listesi bulunur, yapman\u0131z gereken tek \u015fey k\u00f6t\u00fc ama\u00e7l\u0131 etkinli\u011fi hangi makinenin ba\u015flatt\u0131\u011f\u0131n\u0131 bulmakt\u0131r. Peki ya t\u00fcm bilgisayarlar temiz olmas\u0131na ra\u011fmen k\u00f6t\u00fc ama\u00e7l\u0131 etkinlik devam ediyorsa&#8230;<\/p>\n","protected":false},"author":700,"featured_media":5484,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1351],"tags":[1783,1784,615,537],"class_list":{"0":"post-5483","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-threats","10":"tag-bash-bunny","11":"tag-darkvishnya","12":"tag-hedefli-saldiri","13":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/dark-vishnya-attack\/5483\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/dark-vishnya-attack\/14759\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/dark-vishnya-attack\/12362\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/dark-vishnya-attack\/16699\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/dark-vishnya-attack\/14893\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/dark-vishnya-attack\/13846\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/dark-vishnya-attack\/17490\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/dark-vishnya-attack\/16679\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/dark-vishnya-attack\/21833\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/dark-vishnya-attack\/24867\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/dark-vishnya-attack\/11180\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/dark-vishnya-attack\/10130\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/dark-vishnya-attack\/18229\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/dark-vishnya-attack\/22124\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/dark-vishnya-attack\/17721\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/dark-vishnya-attack\/21608\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/dark-vishnya-attack\/21606\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/hedefli-saldiri\/","name":"hedefli sald\u0131r\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5483"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5483\/revisions"}],"predecessor-version":[{"id":6872,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5483\/revisions\/6872"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5484"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}