Uzmanlar\u0131m\u0131z, siber su\u00e7lular\u0131n etkin bir \u015fekilde KOB\u0130’lere odakland\u0131\u011f\u0131n\u0131 ve muhasebecilerle \u00f6zellikle ilgilendiklerini tespit etti. Se\u00e7imleri olduk\u00e7a mant\u0131kl\u0131, paraya do\u011frudan ula\u015fmaya \u00e7al\u0131\u015f\u0131yorlar. Bu ak\u0131m\u0131n son \u00f6rne\u011fi, \u00f6zellikle Buhtrap ve RTM’den gelen Truva At\u0131 etkinli\u011findeki art\u0131\u015ft\u0131r. Bu Truva Atlar\u0131’n\u0131n farkl\u0131 i\u015flevleri ve farkl\u0131 yay\u0131lma y\u00f6ntemleri olmas\u0131na ra\u011fmen ama\u00e7lar\u0131 ayn\u0131d\u0131r: i\u015fletmelerin hesaplar\u0131ndan para \u00e7almak.<\/p>\n
Bu iki tehdit de \u00f6zellikle BT, hukuk, hizmet ve k\u00fc\u00e7\u00fck \u00f6l\u00e7ekli \u00fcretim alanlar\u0131nda \u00e7al\u0131\u015fan \u015firketleri ilgilendiriyor. Bu durum, belki de bu t\u00fcr \u015firketlerin, finans sekt\u00f6r\u00fcnde \u00e7al\u0131\u015fan \u015firketlere k\u0131yasla g\u00fcvenlik b\u00fct\u00e7elerinin daha d\u00fc\u015f\u00fck olmas\u0131yla a\u00e7\u0131klanabilir.<\/p>\n
RTM genellikle kurbanlar\u0131na kimlik av\u0131 postas\u0131 kullanarak bula\u015f\u0131r. Bu postalar i\u015f yan\u0131tlar\u0131nda s\u0131k s\u0131k kullan\u0131lan “iade talebi”, ” ge\u00e7en aya ait belgelerin kopyalar\u0131” veya “\u00f6deme talebi” gibi ifadeleri taklit ediyor. Bir ba\u011flant\u0131ya t\u0131klanmas\u0131 ve bir ekin a\u00e7\u0131lmas\u0131 an\u0131nda vir\u00fcs bula\u015fmas\u0131na sebep olarak operat\u00f6re vir\u00fcsl\u00fc sistem \u00fczerinde tam eri\u015fim sa\u011fl\u0131yor.<\/p>\n
2017’de sistemlerimiz RTM taraf\u0131ndan sald\u0131r\u0131ya u\u011frayan 2.376 kullan\u0131c\u0131 kaydetti. 2018’de ise 130.000 hedef oldu\u011funu g\u00f6rd\u00fck. Buna ek olarak, 2019’da 2 aydan az bir s\u00fcre ge\u00e7mi\u015f olmas\u0131na ra\u011fmen bu Truva At\u0131’yla kar\u015f\u0131la\u015fan 30.000’den fazla kullan\u0131c\u0131 g\u00f6rd\u00fck. Ak\u0131m devam ederse ge\u00e7en senenin rekorunu k\u0131racak. \u015eimdilik, RTM en aktif finansal Truva Atlar\u0131’ndan biri diyebiliriz.<\/p>\n
RTM’lerin hedeflerinin \u00e7o\u011fu Rusya’da faaliyet g\u00f6steriyor. Fakat uzmanlar\u0131m\u0131z bu vir\u00fcs\u00fcn s\u0131n\u0131rlar\u0131 a\u015f\u0131p sonunda di\u011fer \u00fclkelerdeki kullan\u0131c\u0131lara da sald\u0131raca\u011f\u0131n\u0131 \u00f6ng\u00f6r\u00fcyor.<\/p>\n
Buhtrap ile ilk kar\u015f\u0131la\u015fma 2014’te kay\u0131tlara ge\u00e7ti. O zamanlar, Rus finans kurulu\u015flar\u0131ndan para \u00e7alan (her sald\u0131r\u0131da en az 150.000$ seviyesinde) bir siber su\u00e7 grubunun ad\u0131yd\u0131. Kulland\u0131klar\u0131 ara\u00e7lar\u0131n kaynak kodlar\u0131 2016’da yay\u0131nland\u0131ktan sonra bu finansal Truva At\u0131 i\u00e7in Buhtrap ad\u0131 kullan\u0131lmaya ba\u015fland\u0131.<\/p>\n
Buhtrap 2017’nin ba\u015f\u0131nda TwoBee kampanyas\u0131 ile tekrardan ortaya \u00e7\u0131kt\u0131 ve \u00e7o\u011funlukla k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m g\u00f6nderme \u00fczerine \u00e7al\u0131\u015ft\u0131. Ge\u00e7en sene Mart ay\u0131nda, ele ge\u00e7irdikleri bir\u00e7ok b\u00fcy\u00fck haber kurulu\u015funun ana sayfalar\u0131na k\u00f6t\u00fc niyetli komut dosyalar\u0131 yerle\u015ftip yay\u0131larak haberlere damga vurdular (ger\u00e7ek anlamda). Bu komut dosyalar\u0131, ziyaret eden ki\u015filerin taray\u0131c\u0131lar\u0131nda Internet Explorer’a y\u00f6nelik bir a\u00e7\u0131\u011f\u0131 kullan\u0131yordu.<\/p>\n
Birka\u00e7 ay sonra Temmuz’da siber su\u00e7lular hedef kitlelerini daraltarak sadece belirli kullan\u0131c\u0131 gruplar\u0131 \u00fczerine yo\u011funla\u015ft\u0131lar: K\u00fc\u00e7\u00fck ve orta b\u00fcy\u00fckl\u00fckteki i\u015fletmelerde \u00e7al\u0131\u015fan muhasebeciler. Bu sebepten \u00f6t\u00fcr\u00fc, sadece muhasebecilere y\u00f6nelik bilgiler i\u00e7eren web siteleri kurdular.<\/p>\n
2018’in sonunda ba\u015flayan ve g\u00fcn\u00fcm\u00fcze kadar devam eden yeni art\u0131\u015ftan dolay\u0131 bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 hat\u0131rl\u0131yoruz. Koruma sistemlerimiz, 250’si 2019’un ba\u015f\u0131ndan beri ger\u00e7ekle\u015fen, toplamda 5.000’den fazla Buhtrap sald\u0131r\u0131 giri\u015fimini engellemi\u015ftir.<\/p>\n
T\u0131pk\u0131 ge\u00e7en sefer oldu\u011fu gibi Buhtrap haber kurulu\u015flar\u0131nda g\u00f6m\u00fcl\u00fc a\u00e7\u0131klar arac\u0131l\u0131\u011f\u0131yla yay\u0131l\u0131yor. Genelde oldu\u011fu gibi Internet Explorer kullan\u0131c\u0131lar\u0131 risk grubunda. IE, vir\u00fcsl\u00fc sitelerden k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirmek \u00fczere \u015fifreli bir protokol kullan\u0131yor ve bu da analizi karma\u015f\u0131kla\u015ft\u0131rarak k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n herhangi bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc taraf\u0131ndan tespit edilememesine sebep oluyor. Evet, hala 2018’de ortaya \u00e7\u0131kan bir a\u00e7\u0131\u011f\u0131 kullan\u0131yor.<\/p>\n
Vir\u00fcs bula\u015ft\u0131ktan sonra hem Buhtrap hem de RTM ele ge\u00e7irilen i\u015f istasyonlar\u0131na tam eri\u015fim elde ediyor. Bu, siber su\u00e7lular\u0131n muhasebe ile banka sistemleri aras\u0131ndaki veri al\u0131\u015fveri\u015fi i\u00e7in kullan\u0131lan dosyalar\u0131 de\u011fi\u015ftirmelerini sa\u011fl\u0131yor. Bu dosyalar\u0131n varsay\u0131lan adlar\u0131 oldu\u011fu ve ek bir koruma \u00f6nlemi bulunmad\u0131\u011f\u0131 i\u00e7in sald\u0131rganlar taraf\u0131ndan istedikleri gibi de\u011fi\u015ftirilebiliyor. Verilen zarar\u0131 tahmin etmek olduk\u00e7a zor fakat \u00f6\u011frendi\u011fimiz kadar\u0131yla su\u00e7lular bu i\u015flemlerden her biri 15.000 Dolar’\u0131 ge\u00e7meyen mebla\u011flar \u00e7ekiyor.<\/p>\n
\u0130\u015fletmenizi bu t\u00fcr tehditlerden korumak i\u00e7in finansal sistemlere eri\u015fimi olan bilgisayarlar\u0131n (muhasebecilere veya y\u00f6netime ait bilgisayarlar gibi) korumas\u0131na \u00f6zellikle dikkat etmenizi \u00f6neririz. Elbette di\u011fer makinelerin de korunmas\u0131 gerekli. \u0130\u015fte birka\u00e7 pratik ipucu:<\/p>\n
Uzmanlar\u0131m\u0131z, siber su\u00e7lular\u0131n etkin bir \u015fekilde KOB\u0130’lere odakland\u0131\u011f\u0131n\u0131 ve muhasebecilerle \u00f6zellikle ilgilendiklerini tespit etti. Se\u00e7imleri olduk\u00e7a mant\u0131kl\u0131, paraya do\u011frudan ula\u015fmaya \u00e7al\u0131\u015f\u0131yorlar. <\/p>\n","protected":false},"author":2506,"featured_media":5730,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[781,1175,241],"class_list":{"0":"post-5729","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-finans","10":"tag-oltalama-saldirisi","11":"tag-trojan"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/financial-trojans-2019\/5729\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/financial-trojans-2019\/15293\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/financial-trojans-2019\/12860\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/financial-trojans-2019\/17232\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/financial-trojans-2019\/15390\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/financial-trojans-2019\/14086\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/financial-trojans-2019\/17896\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/financial-trojans-2019\/16940\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/financial-trojans-2019\/22301\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/financial-trojans-2019\/25690\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/financial-trojans-2019\/11454\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/financial-trojans-2019\/11526\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/financial-trojans-2019\/10378\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/financial-trojans-2019\/18592\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/financial-trojans-2019\/22606\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/financial-trojans-2019\/17991\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/financial-trojans-2019\/22165\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/financial-trojans-2019\/22101\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/finans\/","name":"finans"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2506"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5729"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5729\/revisions"}],"predecessor-version":[{"id":6831,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5729\/revisions\/6831"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5730"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}