{"id":5668,"date":"2019-02-06T14:38:56","date_gmt":"2019-02-06T11:38:56","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5668"},"modified":"2019-11-15T14:33:30","modified_gmt":"2019-11-15T11:33:30","slug":"sharepoint-phishing-attack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/sharepoint-phishing-attack\/5668\/","title":{"rendered":"Office 365 hesab\u0131 avc\u0131l\u0131\u011f\u0131"},"content":{"rendered":"<p>Ge\u00e7ti\u011fimiz yazdan beri, kimli\u011fi belirsiz siber su\u00e7lular oturum a\u00e7ma bilgilerini ele ge\u00e7irme umuduyla Office 365 kullan\u0131c\u0131lar\u0131na e-postalar yolluyor. <a href=\"https:\/\/threatpost.com\/office-365-phishing-campaign-hides-malicious-urls-in-sharepoint-files\/136525\/\" target=\"_blank\" rel=\"noopener nofollow\">Bu sald\u0131r\u0131y\u0131 ilk kez su y\u00fcz\u00fcne \u00e7\u0131karan ara\u015ft\u0131rmac\u0131lara g\u00f6re<\/a>, s\u00f6z konusu hizmetin kullan\u0131c\u0131lar\u0131n\u0131n yakla\u015f\u0131k %10\u2019u b\u00f6yle bir e-posta mesaj\u0131 alm\u0131\u015f olabilir.<\/p>\n<h2>PhishPoint sald\u0131r\u0131s\u0131<\/h2>\n<p>Bu doland\u0131r\u0131c\u0131l\u0131k e-postalar\u0131 g\u00f6r\u00fcn\u00fcrde, SharePoint program\u0131nda i\u015f birli\u011fi yapmaya davet eden standart e-postalardan farks\u0131z. E-postalar\u0131n al\u0131c\u0131lar\u0131, OneDrive \u0130\u015f\u2019te depolanan bir belgeyi a\u00e7maya y\u00f6nlendiriliyor. Yap\u0131lan kurnazl\u0131k \u015fu: E-postadaki link ger\u00e7ekten de bir OneDrive \u0130\u015f belgesine y\u00f6nlendiriyor, ama bu belge asl\u0131nda i\u00e7inde bir eri\u015fim talebi bar\u0131nd\u0131r\u0131yor. Sayfan\u0131n en alt\u0131nda yer alan \u201cBelgeye Eri\u015fin\u201d ba\u011flant\u0131s\u0131, kurban\u0131 Microsoft Office 365 oturum a\u00e7ma sayfas\u0131 olarak gizlenmi\u015f \u00fc\u00e7\u00fcnc\u00fc parti bir siteye y\u00f6nlendiriyor.<\/p>\n<p>Kurumsal \u00e7al\u0131\u015fma alanlar\u0131, di\u011fer kaynaklardan daha g\u00fcvenilir olarak alg\u0131lan\u0131r ve kullan\u0131c\u0131lar, yabanc\u0131lar\u0131n SharePoint hizmetlerine kolayca eri\u015fim sa\u011flayamayaca\u011f\u0131 izlenimine kap\u0131l\u0131r. Bu y\u00fczden kullan\u0131c\u0131lar, doland\u0131r\u0131c\u0131l\u0131k web sitesine y\u00f6nlendiren ba\u011flant\u0131lar\u0131 korkmadan a\u00e7ar. E\u011fer kurban bu site \u00fczerinde oturum a\u00e7ma bilgilerini girerse bu bilgiler s\u00f6z konusu dosya sahiplerinin eline ge\u00e7mi\u015f olur.<\/p>\n<p>Siber su\u00e7lular, bu bilgilerle e-posta hesaplar\u0131na, bulut depolama hizmetlerine ve gizli i\u015f bilgilerine eri\u015fim de dahil olmak \u00fczere kurban\u0131n b\u00fct\u00fcn ayr\u0131cal\u0131klar\u0131n\u0131 ele ge\u00e7irme potansiyeline sahiptir. Doland\u0131r\u0131c\u0131lar, kurumsal bir hesab\u0131n arkas\u0131na saklanarak rakipler i\u00e7in hassas bilgiler \u00e7alabilir, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 yayabilir veya hedefli kimlik av\u0131 (spear-phishing) sald\u0131r\u0131s\u0131 i\u00e7in \u00e7al\u0131\u015fanlar\u0131n isimlerini ve proje bilgilerini kullanabilir.<\/p>\n<p>Bu sald\u0131r\u0131daki as\u0131l kurnazl\u0131k, e-posta filtrelerinin de mesajdaki ba\u011flant\u0131y\u0131 kontrol etmesi ancak ba\u011flant\u0131n\u0131n tamamen temiz olarak alg\u0131lanmas\u0131d\u0131r. \u00c7\u00fcnk\u00fc ba\u011flant\u0131, kullan\u0131c\u0131lar\u0131 kusursuz itibara sahip bir \u00e7al\u0131\u015fma alan\u0131nda yer alan bir belgeye y\u00f6nlendirir. Ancak kullan\u0131c\u0131, bu belgeye eri\u015fti\u011fi andan itibaren e-posta filtrelerinin etki alan\u0131ndan \u00e7\u0131kar ve art\u0131k koruma i\u015fi tamamen, bilgisayarda y\u00fckl\u00fc olan g\u00fcvenlik yaz\u0131l\u0131m\u0131n\u0131n becerisine kal\u0131r.<\/p>\n<h2>\u015eirketinizi ve \u00e7al\u0131\u015fanlar\u0131n\u0131z\u0131 nas\u0131l koruyabilirsiniz?<\/h2>\n<p>\u00c7al\u0131\u015fanlar\u0131n\u0131z\u0131n konuya ili\u015fkin fark\u0131ndal\u0131\u011f\u0131n\u0131 artt\u0131rmak, bu ve benzeri sald\u0131r\u0131lara kar\u015f\u0131 \u015firketinizin g\u00fcvenli\u011fini iyile\u015ftirmek i\u00e7in i\u015fte size baz\u0131 \u00f6neriler:<\/p>\n<ul>\n<li>Office 365 kullanan personele bu doland\u0131r\u0131c\u0131l\u0131k y\u00f6ntemini anlat\u0131n. Belge ba\u011flant\u0131lar\u0131n\u0131n, \u00f6ncesinde hi\u00e7 s\u00f6z\u00fc edilmeden, ani bir kararla g\u00f6nderilmesi \u00e7ok nadir ya\u015fanan bir durumdur. O y\u00fczden daha \u00f6nce \u00fczerinde hi\u00e7 konu\u015fulmadan g\u00f6nderilen bir belgeyi a\u00e7madan \u00f6nce, dosyay\u0131 g\u00f6nderdi\u011fini d\u00fc\u015f\u00fcnd\u00fc\u011f\u00fcn\u00fcz ki\u015fi ile mutlaka ileti\u015fime ge\u00e7in.<\/li>\n<li>Bilinmeyen adreslerden gelen e-postalar\u0131 dikkatli bir \u015fekilde inceleyin ve personelden de ayn\u0131s\u0131n\u0131 yapmas\u0131n\u0131 isteyin. \u015e\u00fcpheli durumlar\u0131 kesinlikle ara\u015ft\u0131r\u0131n.<\/li>\n<li>Bir u\u00e7 nokta siber g\u00fcvenlik yaz\u0131l\u0131m\u0131 ile her \u00e7al\u0131\u015fan\u0131n i\u015f istasyonunu koruyun. Bu koruma, bahsetti\u011fimiz kimlik av\u0131 sald\u0131r\u0131lar\u0131na kar\u015f\u0131 m\u00fccadelede hayati bir \u00f6neme sahiptir.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos\">\n","protected":false},"excerpt":{"rendered":"<p>Ge\u00e7ti\u011fimiz yazdan beri, kimli\u011fi belirsiz siber su\u00e7lular oturum a\u00e7ma bilgilerini ele ge\u00e7irme umuduyla Office 365 kullan\u0131c\u0131lar\u0131na e-postalar yolluyor. Bu sald\u0131r\u0131y\u0131 ilk kez su y\u00fcz\u00fcne \u00e7\u0131karan ara\u015ft\u0131rmac\u0131lara g\u00f6re, s\u00f6z konusu hizmetin kullan\u0131c\u0131lar\u0131n\u0131n yakla\u015f\u0131k %10&#8217;u b\u00f6yle bir e-posta mesaj\u0131 alm\u0131\u015f olabilir.<\/p>\n","protected":false},"author":2484,"featured_media":5669,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[584,1843,1844,240],"class_list":{"0":"post-5668","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-oltalama","10":"tag-onedrive","11":"tag-sharepoint","12":"tag-spam"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/sharepoint-phishing-attack\/5668\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/sharepoint-phishing-attack\/15170\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/sharepoint-phishing-attack\/12748\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/sharepoint-phishing-attack\/17091\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/sharepoint-phishing-attack\/15287\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/sharepoint-phishing-attack\/14019\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/sharepoint-phishing-attack\/17789\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/sharepoint-phishing-attack\/16850\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/sharepoint-phishing-attack\/22203\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/sharepoint-phishing-attack\/25515\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/sharepoint-phishing-attack\/11401\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/sharepoint-phishing-attack\/11453\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/sharepoint-phishing-attack\/10306\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/sharepoint-phishing-attack\/18491\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/sharepoint-phishing-attack\/22350\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/sharepoint-phishing-attack\/23777\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/sharepoint-phishing-attack\/17901\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/sharepoint-phishing-attack\/22057\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/sharepoint-phishing-attack\/21990\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/oltalama\/","name":"oltalama"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2484"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5668"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5668\/revisions"}],"predecessor-version":[{"id":6844,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5668\/revisions\/6844"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5669"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}