{"id":5941,"date":"2019-05-16T15:05:51","date_gmt":"2019-05-16T12:05:51","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5941"},"modified":"2019-11-15T14:29:15","modified_gmt":"2019-11-15T11:29:15","slug":"brazil-spam-mail-takeover","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/brazil-spam-mail-takeover\/5941\/","title":{"rendered":"\u0130stenmeyen e-postalar g\u00f6ndermek i\u015fletmenize zarar verir"},"content":{"rendered":"

K\u0131sa s\u00fcre \u00f6nce, Brezilyal\u0131 b\u00fcy\u00fck bir \u015firket bir olay\u0131 ara\u015ft\u0131rmak i\u00e7in yard\u0131m\u0131m\u0131z\u0131 istedi. Sorunun temelinde siber su\u00e7lular\u0131n \u00e7al\u0131\u015fanlar\u0131n adreslerini kullanarak istenmeyen e-postalar\u0131 yaymaya ba\u015flamas\u0131 vard\u0131. Yani genelde yapt\u0131klar\u0131 gibi yasal g\u00f6ndericilere benzemeye \u00e7al\u0131\u015fm\u0131yorlar, mesajlar\u0131n\u0131 do\u011frudan \u015firketin posta sunucusu arac\u0131l\u0131\u011f\u0131yla g\u00f6nderiyorlard\u0131. Detayl\u0131 bir incelemeden sonra sald\u0131rganlar\u0131n eylem plan\u0131n\u0131 tam olarak belirledik.<\/p>\n

Sald\u0131r\u0131 plan\u0131<\/h2>\n

\u00d6ncelikle doland\u0131r\u0131c\u0131lar, \u015firket \u00e7al\u0131\u015fanlar\u0131na kimlik av\u0131 e-postalar\u0131 g\u00f6nderiyorlar. Bu e-postalarda kullan\u0131c\u0131lara herhangi bir nedenle posta kutular\u0131n\u0131n eri\u015fime kapat\u0131laca\u011f\u0131 s\u00f6yleniyor ve hesap bilgilerini g\u00fcncellemek i\u00e7in bir ba\u011flant\u0131ya t\u0131klamalar\u0131 isteniyor. Elbette bu ba\u011flant\u0131, kullan\u0131c\u0131lar\u0131 sistem oturum a\u00e7ma bilgilerini isteyen bir kimlik av\u0131 formuna y\u00f6nlendiriyor.<\/p>\n

\"\u00c7eviri:<\/a>

\u00c7eviri: Say\u0131n kullan\u0131c\u0131, okunmayan \u00e7ok say\u0131da mesaj oldu\u011fu i\u00e7in bu posta kutusu silinecektir. Bunu \u00f6nlemek i\u00e7in buraya t\u0131klayarak hesab\u0131n\u0131z\u0131 g\u00fcncelleyin. Bu sorun i\u00e7in \u00f6z\u00fcr dileriz. Sistem y\u00f6neticisi.<\/p><\/div>\n

Sald\u0131r\u0131n\u0131n kurbanlar\u0131 formu doldurarak doland\u0131r\u0131c\u0131lar\u0131n posta hesaplar\u0131na tam yetkiyle eri\u015fmesine izin veriyor. Doland\u0131r\u0131c\u0131lar, ele ge\u00e7irilen hesaplardan istenmeyen e-postalar g\u00f6ndermeye ba\u015fl\u0131yor. Bunun i\u00e7in zaten me\u015fru olan teknik ba\u015fl\u0131klar\u0131 de\u011fi\u015ftirmeye bile gerek duymuyorlar. Dolay\u0131s\u0131yla g\u00fcvenli olduklar\u0131 bilinen sunuculardan g\u00f6nderilen bu e-postalar filtrelerin dikkatini \u00e7ekmiyor.<\/p>\n

Siber su\u00e7lular, posta kutular\u0131n\u0131 ele ge\u00e7irdikten sonra di\u011fer e-posta dalgas\u0131n\u0131 ba\u015flat\u0131yor. Bu dalgada doland\u0131r\u0131c\u0131lar, \u201cNigerian spam<\/a>\u201d tekni\u011fini kullanarak farkl\u0131 dillerde yaz\u0131lan e-postalar g\u00f6nderiyor (Bu e-postalar teoride karaborsada sat\u0131lan ila\u00e7 tekliflerinden k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara kadar her \u015feyi i\u00e7erebilir).<\/p>\n

\u00d6rnek \"Nigerian spam\" mesaj\u0131<\/a>

\u00d6rnek \u201cNigerian spam\u201d mesaj\u0131<\/p><\/div>\n

Analizde Brezilyal\u0131 \u015firketin tek kurban olmad\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131. Ayn\u0131 mesaj, \u00e7e\u015fitli resmi kurulu\u015flar\u0131n ve k\u00e2r amac\u0131 g\u00fctmeyen kurulu\u015flar\u0131n adreslerinden de b\u00fcy\u00fck miktarlarda g\u00f6nderilmi\u015fti. Bu durum mesajlar\u0131n g\u00fcvenlik itibar\u0131n\u0131 daha da art\u0131r\u0131yordu.<\/p>\n

Sald\u0131r\u0131n\u0131n sonu\u00e7lar\u0131<\/h2>\n

Sunucular\u0131n\u0131z\u0131n doland\u0131r\u0131c\u0131l\u0131k teklifleri g\u00f6ndermek i\u00e7in kullan\u0131lmas\u0131 kula\u011fa hi\u00e7 iyi gelmiyor. Sald\u0131rganlar bu tekliflerden vazge\u00e7ip k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n\u0131 yaymaya karar verirse \u015firketinizin itibar\u0131 yok olabilir.<\/p>\n

Ancak kar\u015f\u0131la\u015fabilece\u011finiz sonu\u00e7lar bunlarla da kalm\u0131yor. \u00c7al\u0131\u015fanlar\u0131n posta kutular\u0131na giri\u015f bilgilerinin etki alan\u0131 kullan\u0131c\u0131 ad\u0131 ve parolas\u0131 ile ayn\u0131 olmas\u0131 s\u0131k kar\u015f\u0131la\u015f\u0131lan bir durum. Yani \u00e7al\u0131nan giri\u015f bilgileri, di\u011fer kurumsal hizmetlere eri\u015fim kazanmak i\u00e7in de kullan\u0131labilir.<\/p>\n

Ayr\u0131ca siber su\u00e7lular, sayg\u0131n bir kurulu\u015fta \u00e7al\u0131\u015fan ki\u015finin posta kutusuna eri\u015fim sa\u011flad\u0131ktan sonra bu ki\u015finin \u00e7al\u0131\u015fma arkada\u015flar\u0131na, i\u015fletmenin i\u015f ortaklar\u0131na veya resmi yetkililere hedefli bir sald\u0131r\u0131 ger\u00e7ekle\u015ftirebilir. Bu t\u00fcr sald\u0131r\u0131larda kurban\u0131 gerekli t\u00fcm i\u015flemleri yapmaya ikna etmek birinci s\u0131n\u0131f sosyal m\u00fchendislik becerileri gerektirdi\u011finden bu sald\u0131r\u0131lar\u0131 yapmak olduk\u00e7a zordur ancak ger\u00e7ekle\u015ftiklerinde olu\u015fturduklar\u0131 zararlar tahmin edemeyece\u011finiz kadar ciddi olabilir.<\/p>\n

Bu t\u00fcr doland\u0131r\u0131c\u0131l\u0131k sald\u0131r\u0131lar\u0131, kurumsal e-postalar\u0131n ele ge\u00e7irilmesi<\/em> (BEC) olarak adland\u0131r\u0131l\u0131r ve etkilenen \u015firketlerin ba\u015f\u0131n\u0131 ciddi anlamda a\u011fr\u0131tabilir. Bu sald\u0131r\u0131larda temel ama\u00e7 hesap verilerinin, finansal belgelerin ve di\u011fer gizli bilgilerin sahte g\u00f6nderici taraf\u0131ndan yaz\u0131\u015fma yoluyla ele ge\u00e7irilmesidir. BEC mesajlar\u0131, do\u011fru ba\u015fl\u0131klara ve konuyla alakal\u0131 i\u00e7eriklere sahip oldu\u011fundan bu mesajlar\u0131 tespit etmek olduk\u00e7a zordur.<\/p>\n

\u015eirketinizi ve \u00e7al\u0131\u015fanlar\u0131n\u0131z\u0131 nas\u0131l koruyabilirsiniz?<\/h2>\n

\u015eirketinizin itibar\u0131n\u0131 korumak ve k\u00f6t\u00fc niyetli bir spam g\u00f6ndericisi olarak alg\u0131lanman\u0131n \u00f6n\u00fcne ge\u00e7mek i\u00e7in g\u00fcvenilir bir koruma \u00e7\u00f6z\u00fcm\u00fc<\/a> kullanarak hem posta sunucular\u0131nda hem de \u00e7al\u0131\u015fan i\u015f istasyonlar\u0131nda kimlik av\u0131 giri\u015fimlerini tespit edebilirsiniz. Sezgisel antispam veritabanlar\u0131n\u0131 ve kimlik av\u0131 sald\u0131r\u0131s\u0131na kar\u015f\u0131 koruma bile\u015fenlerini d\u00fczenli olarak g\u00fcncellemenin kritik \u00f6nem ta\u015f\u0131d\u0131\u011f\u0131n\u0131 belirtmeye bile gerek yok.<\/p>\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Siber su\u00e7lular, filtreleri atlatan spam e-postalar g\u00f6ndermek i\u00e7in kurumsal e-posta hesaplar\u0131n\u0131 ele ge\u00e7iriyor <\/p>\n","protected":false},"author":2495,"featured_media":5943,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[612,1921,1920],"class_list":{"0":"post-5941","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-dolandiricilik","10":"tag-e-posta","11":"tag-istenmeyen-e-posta"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/brazil-spam-mail-takeover\/5941\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/brazil-spam-mail-takeover\/15735\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/brazil-spam-mail-takeover\/13264\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/brazil-spam-mail-takeover\/17644\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/brazil-spam-mail-takeover\/15789\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/brazil-spam-mail-takeover\/14493\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/brazil-spam-mail-takeover\/18377\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/brazil-spam-mail-takeover\/17271\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/brazil-spam-mail-takeover\/22686\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/brazil-spam-mail-takeover\/26855\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/brazil-spam-mail-takeover\/11676\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/brazil-spam-mail-takeover\/11791\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/brazil-spam-mail-takeover\/10673\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/brazil-spam-mail-takeover\/19150\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/brazil-spam-mail-takeover\/23175\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/brazil-spam-mail-takeover\/18338\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/brazil-spam-mail-takeover\/22571\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/brazil-spam-mail-takeover\/22506\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/istenmeyen-e-posta\/","name":"istenmeyen e-posta"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2495"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5941"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5941\/revisions"}],"predecessor-version":[{"id":6792,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5941\/revisions\/6792"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5943"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}