{"id":8380,"date":"2020-06-03T16:02:08","date_gmt":"2020-06-03T13:02:08","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=8380"},"modified":"2020-06-03T16:02:08","modified_gmt":"2020-06-03T13:02:08","slug":"fighting-internal-bec","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/fighting-internal-bec\/8380\/","title":{"rendered":"\u015eirket i\u00e7i BEC ile nas\u0131l ba\u015fa \u00e7\u0131k\u0131l\u0131r?"},"content":{"rendered":"<p>Son y\u0131llarda kurumsal e-posta gizlili\u011fi ihlali (BEC) sald\u0131r\u0131lar\u0131 daha s\u0131k g\u00f6r\u00fclmeye ba\u015flad\u0131. Bu sald\u0131r\u0131lar, finansal sahtekarl\u0131k yapmak, gizli bilgileri elde etmek veya \u015firketin itibar\u0131na zarar vermek amac\u0131yla ticari yaz\u0131\u015fmalar\u0131n gizlili\u011fini ihlal etmeyi hedefler. <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/what-is-bec-attack\/7936\/\" target=\"_blank\" rel=\"noopener noreferrer\">BEC t\u00fcrleri ve bunlarla ba\u015fa \u00e7\u0131kma yollar\u0131 hakk\u0131ndaki \u00f6nceki yaz\u0131m\u0131zda<\/a> e-posta hacklemelerinden bahsetmi\u015ftik. Ancak bug\u00fcn, en tehlikeli BEC sald\u0131r\u0131s\u0131 t\u00fcr\u00fc olan \u015firket i\u00e7i BEC\u2019den bahsedece\u011fiz. K\u0131sa s\u00fcre \u00f6nce bu \u00f6zel tehdide kar\u015f\u0131 yeni bir teknoloji geli\u015ftirdik ve uygulamaya koyduk.<\/p>\n<h2>\u015eirket i\u00e7i BEC, d\u0131\u015far\u0131dan gelen bir BEC\u2019den neden daha tehlikelidir?<\/h2>\n<p>\u015eirket i\u00e7i BEC sald\u0131r\u0131lar\u0131, hileli e-postalar\u0131n \u015firket i\u00e7indeki me\u015fru bir adreslerden g\u00f6nderilmesi nedeniyle di\u011fer sald\u0131r\u0131 senaryolar\u0131ndan farkl\u0131d\u0131r. Ba\u015fka bir deyi\u015fle, sald\u0131rgan\u0131n bir i\u00e7 sald\u0131r\u0131 ba\u015flatmas\u0131 i\u00e7in \u00e7al\u0131\u015fanlardan birinin posta hesab\u0131na eri\u015fmi\u015f olmas\u0131 gerekir. Bu, BEC sald\u0131r\u0131s\u0131n\u0131 \u00f6nlemek i\u00e7in e-posta kimlik do\u011frulama mekanizmalar\u0131na (DKIM, SPF, DMARC) g\u00fcvenemeyece\u011finiz anlam\u0131na gelir. Teknik ba\u015fl\u0131klarda veya de\u011fi\u015ftirilen adreslerde tutars\u0131zl\u0131klar arayan standart otomatik kimlik av\u0131 ve spam \u00f6nleme ara\u00e7lar\u0131 da yard\u0131mc\u0131 olmayacakt\u0131r.<\/p>\n<p>Genellikle g\u00fcvenli\u011fi ihlal edilmi\u015f posta kutusundaki mektup, (bir tedarik\u00e7iye, y\u00fckleniciye, vergi dairesine) para aktarma veya gizli bilgi g\u00f6nderme talebini i\u00e7erir. Hepsi de olduk\u00e7a <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/phishing-psychology\/5628\/\" target=\"_blank\" rel=\"noopener\">standart sosyal m\u00fchendislik hileleriyle donat\u0131lm\u0131\u015ft\u0131r<\/a>. Siber su\u00e7lular al\u0131c\u0131y\u0131 acele ettirmeye \u00e7al\u0131\u015f\u0131r (\u201cE\u011fer faturay\u0131 bug\u00fcn \u00f6demezsek \u015firket para cezas\u0131na \u00e7arpt\u0131r\u0131lacak!\u201d), tehdit eder (\u201c\u00d6demeyi yapman\u0131 ge\u00e7en ay istedim, hala neyi bekliyorsun?!\u201d), hi\u00e7bir gecikmeyi kabul etmeyen yetkili bir ton benimser veya sosyal m\u00fchendislik oyun kitab\u0131ndaki di\u011fer hileleri kullan\u0131r. T\u00fcm bunlar me\u015fru bir adresle birle\u015fince \u00e7ok inand\u0131r\u0131c\u0131 bir izlenim yaratabilir.<\/p>\n<p>\u015eirket i\u00e7i BEC sald\u0131r\u0131lar\u0131, URL\u2019leri hedef i\u015fletmenin adresinden veya g\u00fcvenilen ba\u015fka bir sayfadan yaln\u0131zca bir veya iki harfi de\u011fi\u015fik olan sahte sitelere ba\u011flant\u0131lar i\u00e7eren e-postalar da g\u00f6nderebilir (\u00f6rne\u011fin k\u00fc\u00e7\u00fck harf \u201cl\u201d yerine b\u00fcy\u00fck harf \u201c\u0131\u201d veya tam tersi gibi). Site, gizli bilgileri isteyen bir \u00f6deme formu veya anket bar\u0131nd\u0131r\u0131yor olabilir. Patronunuzun adresinden \u201cSizi konferansa g\u00f6ndermeye karar verdik. Erken kay\u0131t indirimi alabilmemiz i\u00e7in en k\u0131sa s\u00fcrede hesab\u0131m\u0131zdan bilet rezervasyonu yap\u0131n,\u201d gibi bir e-posta ald\u0131\u011f\u0131n\u0131z\u0131 d\u00fc\u015f\u00fcn\u00fcn. B\u00f6yle bir e-posta, sekt\u00f6r\u00fcn\u00fczdeki en \u00f6nemli etkinli\u011fin sitesine benzeyen bir ba\u011flant\u0131yla birlikte g\u00f6nderildi\u011finde olduk\u00e7a inand\u0131r\u0131c\u0131 g\u00f6r\u00fcn\u00fcr. E-posta imzas\u0131na kadar her \u015fey yolunda g\u00f6r\u00fcn\u00fcyorsa konferans ad\u0131n\u0131n her harfini dikkatlice incelemeye kim zaman ay\u0131r\u0131r?<\/p>\n<h2>\u015eirket i\u00e7i BEC sald\u0131r\u0131lar\u0131na kar\u015f\u0131 nas\u0131l korunulur<\/h2>\n<p>Bu e-postalar teknik olarak kesinlikle ger\u00e7ektir. Bu y\u00fczden sahte bir e-postay\u0131 tan\u0131man\u0131n tek yolu i\u00e7eri\u011fi de\u011ferlendirmektir. Makine \u00f6\u011frenme algoritmalar\u0131 yoluyla bir\u00e7ok hileli mesaj\u0131 elden ge\u00e7irerek, bir mesaj\u0131n ger\u00e7ek mi yoksa bir BEC sald\u0131r\u0131s\u0131n\u0131n par\u00e7as\u0131 m\u0131 oldu\u011funu belirlemeye yard\u0131mc\u0131 olabilecek \u00f6zellik kombinasyonlar\u0131n\u0131 tan\u0131mlamak m\u00fcmk\u00fcnd\u00fcr.<\/p>\n<p>Maalesef, \u00f6rnek konusunda hi\u00e7 s\u0131k\u0131nt\u0131 \u00e7ekmiyoruz. Posta tuzaklar\u0131m\u0131z her g\u00fcn d\u00fcnya \u00e7ap\u0131nda milyonlarca spam mesaj\u0131 yakal\u0131yor. \u015eirket i\u00e7i BEC olmasa da ayn\u0131 hileleri kullanan ve ayn\u0131 hedeflere sahip olan \u00e7ok say\u0131da kimlik av\u0131 e-postas\u0131 da bunlara dahil. Bu sayede bu e-postalar\u0131 \u00f6\u011frenme i\u00e7in kullanabiliyoruz. \u0130lk olarak, bu b\u00fcy\u00fck hacimdeki \u00f6rnekler i\u00e7inde sahtekarl\u0131k belirtileri i\u00e7eren iletileri tan\u0131mlamak \u00fczere bir s\u0131n\u0131fland\u0131r\u0131c\u0131 e\u011fitiyoruz. Makine \u00f6\u011frenimi s\u00fcrecinin bir sonraki a\u015famas\u0131 ise do\u011frudan metin \u00fczerinde \u00e7al\u0131\u015f\u0131yor. Algoritmalar, \u015f\u00fcpheli iletileri tespit edecek deyi\u015fleri se\u00e7iyor. Biz de bunlar \u00fczerinden \u00fcr\u00fcnlerimizin sald\u0131r\u0131lar\u0131 tan\u0131mlamak i\u00e7in kullanabilece\u011fi bulu\u015fsal y\u00f6ntemler ve kurallar geli\u015ftiriyoruz. T\u00fcm makine \u00f6\u011frenimi s\u0131n\u0131fland\u0131r\u0131c\u0131lar\u0131ndan olu\u015fan bir topluluk s\u00fcrece dahil oluyor.<\/p>\n<p>Yine de bu, arkan\u0131za yaslan\u0131p rahatlayabilece\u011finiz anlam\u0131na gelmiyor. \u00dcr\u00fcnlerimiz art\u0131k eskisinden \u00e7ok daha fazla BEC sald\u0131r\u0131s\u0131 tespit edebiliyor, ancak bir \u00e7al\u0131\u015fan\u0131n e-posta hesab\u0131na eri\u015fen davetsiz bir misafir, \u00e7al\u0131\u015fan\u0131n yaz\u0131m tarz\u0131n\u0131 inceleyerek sald\u0131r\u0131 s\u0131ras\u0131nda bu benzersiz tarz\u0131 taklit etmeye \u00e7al\u0131\u015fabilir. Dikkatli olmak hala kritik \u00f6nem ta\u015f\u0131yor.<\/p>\n<p>Finansal aktar\u0131m veya gizli verilerin if\u015fa edilmesini isteyen mesajlar\u0131 uzun uzad\u0131ya ve titiz bir \u015fekilde incelemenizi \u00f6neririz. S\u00f6z konusu i\u015f arkada\u015f\u0131n\u0131z\u0131 arayarak veya g\u00fcvenilir bir hizmet \u00fczerinden mesajla\u015farak ya da ayr\u0131nt\u0131lar\u0131 a\u00e7\u0131kl\u0131\u011fa kavu\u015fturmak i\u00e7in onlarla y\u00fcz y\u00fcze konu\u015farak ekstra bir kimlik do\u011frulama katman\u0131 ekleyin.<\/p>\n<p>Biz <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security\/microsoft-office-365-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kso365___\" target=\"_blank\" rel=\"noopener\">Kaspersky Security for Microsoft Office 365<\/a> \u00e7\u00f6z\u00fcm\u00fcm\u00fczde \u00fcretilen yeni BEC kar\u015f\u0131t\u0131 teknolojimizin bulu\u015fsal y\u00f6ntemlerini kullan\u0131yoruz ve bunlar\u0131 di\u011fer \u00e7\u00f6z\u00fcmlerde de uygulamaya y\u00f6nelik planlar\u0131m\u0131z var.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n","protected":false},"excerpt":{"rendered":"<p>G\u00fcvenli\u011fi ihlal edilmi\u015f posta kutular\u0131n\u0131 kullanan BEC sald\u0131r\u0131lar\u0131 olduk\u00e7a tehlikelidir. Bu yaz\u0131da, bunlar\u0131 tan\u0131mlamay\u0131 nas\u0131l \u00f6\u011frendi\u011fimizi anlat\u0131yoruz.<\/p>\n","protected":false},"author":2598,"featured_media":8385,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2019,1074,2204,990],"class_list":{"0":"post-8380","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-bec","10":"tag-kimlik-avi","11":"tag-posta","12":"tag-teknolojiler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/fighting-internal-bec\/8380\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/fighting-internal-bec\/21361\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/fighting-internal-bec\/16823\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/fighting-internal-bec\/22427\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/fighting-internal-bec\/20566\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/fighting-internal-bec\/18979\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/fighting-internal-bec\/22804\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/fighting-internal-bec\/21831\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/fighting-internal-bec\/28476\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/fighting-internal-bec\/35691\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/fighting-internal-bec\/14965\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/fighting-internal-bec\/15515\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/fighting-internal-bec\/13501\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/fighting-internal-bec\/24133\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/fighting-internal-bec\/28536\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/fighting-internal-bec\/25462\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/fighting-internal-bec\/22363\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/fighting-internal-bec\/27640\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/fighting-internal-bec\/27472\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/bec\/","name":"BEC"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8380"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8380\/revisions"}],"predecessor-version":[{"id":8386,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8380\/revisions\/8386"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/8385"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}