DAVUT G\u00dcLE\u00c7<\/strong><\/p>\n

GAZETEC\u0130<\/strong><\/p>\n

davutgulec@hotmail.com<\/strong><\/p>\n

Son y\u0131llarda, sorunlar\u0131n en b\u00fcy\u00fc\u011f\u00fc\u00a0 ki\u015fisel verilerin korunmamas\u0131.<\/p>\n

Bu konudaki a\u00e7\u0131klar, tehditler, istismarlar, haks\u0131z ticari kazan\u00e7lar.<\/p>\n

Fortinet Tehdit Ara\u015ft\u0131rmas\u0131da bunu bir kez daha ortaya \u00e7\u0131kard\u0131.<\/p>\n

Ara\u015ft\u0131rmaya g\u00f6re, siber su\u00e7lular\u0131n sekt\u00f6rlerdeki yeni g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 2023’\u00fcn ilk yar\u0131s\u0131na g\u00f6re %43 daha h\u0131zl\u0131 istismar etti\u011fini g\u00f6steriyor.<\/p>\n

FortiGuard Labs Raporu, tedarik\u00e7ilerin en iyi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 if\u015fa uygulamalar\u0131na uymas\u0131 ve kurumlar\u0131n siber hijyen ve yama y\u00f6netimini iyile\u015ftirmesi gerekti\u011fini vurguluyor.A\u011f ve g\u00fcvenli\u011fin yak\u0131nsamas\u0131na \u00f6nc\u00fcl\u00fck eden k\u00fcresel siber g\u00fcvenlik lideri Fortinet, FortiGuard Labs 2H 2023 K\u00fcresel Tehdit Ortam\u0131 Raporu’nu yay\u0131nlad\u0131. Alt\u0131 ayda bir yay\u0131nlanan en son rapor, aktif tehdit ortam\u0131n\u0131n anl\u0131k bir g\u00f6r\u00fcnt\u00fcs\u00fcn\u00fc veriyor ve siber sald\u0131rganlar\u0131n siber g\u00fcvenlik end\u00fcstrisindeki yeni tan\u0131mlanan a\u00e7\u0131klardan yararlanma h\u0131z\u0131 ve end\u00fcstriyel ve OT sekt\u00f6r\u00fcne kar\u015f\u0131 hedeflenen fidye yaz\u0131l\u0131m\u0131 ve wiper (silici) faaliyetlerinin y\u00fckseli\u015fine ili\u015fkin analizler de dahil olmak \u00fczere 2023 y\u0131l\u0131n\u0131n Temmuz ay\u0131ndan Aral\u0131k ay\u0131na kadar olan e\u011filimleri vurguluyor.
\nFortiGuard Labs Ba\u015f G\u00fcvenlik Stratejisti ve Tehdit \u0130stihbarat\u0131 K\u00fcresel Ba\u015fkan Yard\u0131mc\u0131s\u0131 Derek Manky, “FortiGuard Labs’\u0131n 2Y 2023 K\u00fcresel Tehdit Ortam\u0131 Raporu, tehdit akt\u00f6rlerinin yeni a\u00e7\u0131klanan g\u00fcvenlik a\u00e7\u0131klar\u0131ndan ne kadar h\u0131zl\u0131 faydaland\u0131\u011f\u0131na \u0131\u015f\u0131k tutmaya devam ediyor. Bu ortamda hem tedarik\u00e7ilere hem de m\u00fc\u015fterilere \u00f6nemli g\u00f6revler d\u00fc\u015f\u00fcyor. Tedarik\u00e7iler, \u00fcr\u00fcn geli\u015ftirme ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fcn t\u00fcm a\u015famalar\u0131nda sa\u011flam g\u00fcvenlik incelemesi yapmal\u0131 ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 a\u00e7\u0131klamalar\u0131nda sorumlu ve \u015feffaf davranmaya kendilerini adamal\u0131d\u0131r. NIST taraf\u0131ndan belirtildi\u011fi \u00fczere 2023 y\u0131l\u0131nda 2.000’den fazla sat\u0131c\u0131da 26.447’den fazla g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunmas\u0131 nedeniyle, m\u00fc\u015fterilerin istismar riskini azaltmak i\u00e7in s\u0131k\u0131 bir yama rejimi s\u00fcrd\u00fcrmeleri de kritik \u00f6nem ta\u015f\u0131yor” dedi.
\n2023’\u00fcn ikinci yar\u0131s\u0131ndan elde edilen \u00f6nemli bulgular \u015funlar:<\/p>\n

Sald\u0131r\u0131lar, yeni a\u00e7\u0131klar\u0131n kamuya a\u00e7\u0131klanmas\u0131ndan ortalama 4,76 g\u00fcn sonra ba\u015flad\u0131: \u00a02023’\u00fcn ikinci yar\u0131s\u0131nda sald\u0131rganlar\u0131n yeni duyurulan g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanma h\u0131zlar\u0131n\u0131 art\u0131rd\u0131klar\u0131 g\u00f6r\u00fcld\u00fc (1Y 2023’\u00fcnilk yar\u0131s\u0131ndan %43 daha h\u0131zl\u0131). Bu durum, tedarik\u00e7ilerin g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 dahili olarak ke\u015ffetmeleri ve istismar ger\u00e7ekle\u015fmeden \u00f6nce bir yama geli\u015ftirmelerini gerekti\u011fini g\u00f6steriyor (0 G\u00fcn g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 azaltmalar\u0131 gerekiyor). Ayr\u0131ca, tedarik\u00e7ilerin, siber sald\u0131rganlar N-day g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanmadan \u00f6nce m\u00fc\u015fterilerin varl\u0131klar\u0131n\u0131 etkili bir \u015fekilde korumalar\u0131 i\u00e7in gereken bilgilere sahip olduklar\u0131ndan emin olmalar\u0131n\u0131 sa\u011flamas\u0131n\u0131n, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 proaktif ve \u015feffaf bir \u015fekilde m\u00fc\u015fterilere a\u00e7\u0131klamas\u0131n\u0131n ne kadar \u00f6nemli oldu\u011funu ortaya koyuyor.<\/p>\n

Baz\u0131 N-Day g\u00fcvenlik a\u00e7\u0131klar\u0131 15+ y\u0131l boyunca yamalanmadan kal\u0131yor: CISO’lar\u0131n ve g\u00fcvenlik ekiplerinin endi\u015felenmesi gereken yaln\u0131zca yeni tan\u0131mlanan g\u00fcvenlik a\u00e7\u0131klar\u0131 de\u011fil. Fortinet telemetrisi, kurumlar\u0131n %41’inin bir aydan daha eski a\u00e7\u0131klar\u0131n istismar edildi\u011fini tespit etti\u011fini ve neredeyse her kurumun (%98) en az be\u015f y\u0131ld\u0131r var olan N-Day g\u00fcvenlik a\u00e7\u0131klar\u0131 buldu\u011funu g\u00f6rd\u00fc. FortiGuard Labs ayr\u0131ca, tehdit akt\u00f6rlerinin 15 y\u0131ldan daha eski g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 da istismar etti\u011fini g\u00f6zlemlemeye devam ediyor, bu da g\u00fcvenlik hijyeni konusunda tetikte olma ihtiyac\u0131n\u0131 vurguluyor ve kurumlar\u0131n tutarl\u0131 bir yama ve g\u00fcncelleme program\u0131 arac\u0131l\u0131\u011f\u0131yla h\u0131zl\u0131 hareket etmelerinin kritik oldu\u011funu g\u00f6steriyor. Ayr\u0131ca a\u011flar\u0131n genel g\u00fcvenli\u011fini iyile\u015ftirmek i\u00e7in \u00a0A\u011f Dayan\u0131kl\u0131l\u0131k Koalisyonu gibi kurulu\u015flar\u0131n en iyi uygulamalar\u0131n\u0131n ve rehberli\u011finin kullan\u0131lmas\u0131 \u00f6neriliyor.<\/p>\n

Bilinen t\u00fcm u\u00e7 nokta g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n %9’undan az\u0131 sald\u0131r\u0131lar taraf\u0131ndan hedef al\u0131nd\u0131: 2022’de FortiGuard Labs, tehdit akt\u00f6rlerinin \u00a0belirli g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanma olas\u0131l\u0131\u011f\u0131n\u0131n ne kadar oldu\u011funu daha iyi anlamalar\u0131na yard\u0131mc\u0131 olan “k\u0131rm\u0131z\u0131 b\u00f6lge” kavram\u0131n\u0131 tan\u0131tt\u0131\u00a0 . Bu noktay\u0131 a\u00e7\u0131klamak i\u00e7in, son \u00fc\u00e7 K\u00fcresel Tehdit Ortam\u0131 Raporu, u\u00e7 noktalar\u0131 hedef alan toplam g\u00fcvenlik a\u00e7\u0131\u011f\u0131 say\u0131s\u0131na bakt\u0131. 2023’\u00fcn ikinci yar\u0131s\u0131nda yap\u0131lan ara\u015ft\u0131rmalar, u\u00e7 noktalarda g\u00f6zlemlenen t\u00fcm CVE’lerin %0,7’sinin asl\u0131nda sald\u0131r\u0131 alt\u0131nda oldu\u011funu ve g\u00fcvenlik ekiplerinin iyile\u015ftirme \u00e7abalar\u0131na odaklanmas\u0131 ve \u00f6nceliklendirmesi i\u00e7in \u00e7ok daha k\u00fc\u00e7\u00fck bir aktif sald\u0131r\u0131 y\u00fczeyi ortaya \u00e7\u0131kard\u0131\u011f\u0131n\u0131 ortaya koydu.<\/p>\n

T\u00fcm fidye yaz\u0131l\u0131m\u0131 ve wiper (silici) \u00f6rneklerinin %44’\u00fc end\u00fcstriyel sekt\u00f6rleri hedef ald\u0131: Fortinet’in t\u00fcm sens\u00f6rlerinde fidye yaz\u0131l\u0131m\u0131 alg\u0131lamalar\u0131 2023’\u00fcn ilk yar\u0131s\u0131na k\u0131yasla %70 d\u00fc\u015ft\u00fc.\u00a0Ge\u00e7en y\u0131l fidye yaz\u0131l\u0131mlar\u0131nda g\u00f6zlemlenen yava\u015flama, en iyi \u015fekilde, sald\u0131rganlar\u0131n geleneksel “rastgele ate\u015f a\u00e7ma” stratejisinden uzakla\u015farak, b\u00fcy\u00fck \u00f6l\u00e7\u00fcde enerji, sa\u011fl\u0131k, \u00fcretim, ula\u015f\u0131m ve lojistik ve otomotiv end\u00fcstrilerine y\u00f6nelik daha hedefli bir yakla\u015f\u0131ma ge\u00e7mesine ba\u011flanabilir.<\/p>\n

Botnet’ler inan\u0131lmaz bir dayan\u0131kl\u0131l\u0131k g\u00f6sterdi ve ilk tespitten sonra komuta ve kontrol (C2) ileti\u015fiminin durmas\u0131 ortalama 85 g\u00fcn s\u00fcrd\u00fc: Bot trafi\u011fi 2023’\u00fcn ilk yar\u0131s\u0131na g\u00f6re sabit kal\u0131rken, FortiGuard Labs Gh0st, Mirai ve ZeroAccess gibi son birka\u00e7 y\u0131l\u0131n daha belirgin botnet’lerini g\u00f6rmeye devam etti, ancak 2023’\u00fcn ikinci yar\u0131s\u0131nda \u00fc\u00e7 yeni botnet daha ortaya \u00e7\u0131kt\u0131: AndroxGh0st, Prometei ve DarkGate.<\/p>\n

MITRE taraf\u0131ndan listelenen 143 geli\u015fmi\u015f kal\u0131c\u0131 tehdit (APT) grubundan 38’inin 2H 2023’te aktif oldu\u011fu g\u00f6zlemlendi: Fortinet’in dijital risk koruma hizmeti FortiRecon, istihbarat, MITRE’nin izledi\u011fi \u00a0143 Gruptan 38’inin 2023’\u00fcn 2. yar\u0131s\u0131nda aktif oldu\u011funu g\u00f6steriyor. Bunlardan Lazarus Group, Kimusky, APT28, APT29, Andariel ve OilRig’in en aktif gruplar oldu\u011fu g\u00f6r\u00fcld\u00fc. Siber su\u00e7lular\u0131n uzun \u00f6m\u00fcrl\u00fc ve uzun s\u00fcreli sald\u0131r\u0131lar\u0131na k\u0131yasla APT ve ulus devlet siber gruplar\u0131n\u0131n hedefli do\u011fas\u0131 ve nispeten k\u0131sa \u00f6m\u00fcrl\u00fc sald\u0131r\u0131lar\u0131 g\u00f6z \u00f6n\u00fcne al\u0131nd\u0131\u011f\u0131nda, bu alandaki evrim ve faaliyet hacminin FortiGuard Labs taraf\u0131ndan s\u00fcrekli olarak izlenece\u011fi a\u00e7\u0131k.<\/p>\n

Karanl\u0131k Web S\u00f6ylemi
\n2023 2. Yar\u0131 K\u00fcresel Tehdit Ortam\u0131 Raporu, karanl\u0131k web forumlar\u0131nda, pazar yerlerinde, Telegram kanallar\u0131nda ve di\u011fer kaynaklarda tehdit akt\u00f6rleri aras\u0131ndaki s\u00f6yleme bir bak\u0131\u015f sa\u011flayan FortiRecon’un bulgular\u0131n\u0131 da i\u00e7eriyor.Bulgulardan baz\u0131lar\u0131 \u015funlar:<\/p>\n

Tehdit akt\u00f6rleri, en \u00e7ok finans sekt\u00f6r\u00fcndeki kurulu\u015flar\u0131 hedef almay\u0131 tart\u0131\u015ft\u0131, bunu i\u015f hizmetleri ve e\u011fitim sekt\u00f6rleri izledi.<\/p>\n

\u00d6nde gelen karanl\u0131k web forumlar\u0131nda 3.000’den fazla veri ihlali payla\u015f\u0131ld\u0131.<\/p>\n

Darknet’te 221 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 aktif olarak tart\u0131\u015f\u0131l\u0131rken, Telegram kanallar\u0131nda 237 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 tart\u0131\u015f\u0131ld\u0131.<\/p>\n

850.000’den fazla \u00f6deme kart\u0131n\u0131n sat\u0131\u015f\u0131 ilan edildi.<\/p>\n

R\u00fczgar\u0131n y\u00f6n\u00fc siber su\u00e7lara kar\u015f\u0131 esmeli
\nSald\u0131r\u0131 y\u00fczeyinin s\u00fcrekli geni\u015flemesi ve sekt\u00f6r genelinde siber g\u00fcvenlik becerileri eksikli\u011fi nedeniyle, i\u015fletmelerin tek amaca y\u00f6nelik \u00fcr\u00fcnlerden gelen uyar\u0131lar\u0131n hacmine ve tehdit akt\u00f6rlerinin kurbanlar\u0131n\u0131 tehlikeye atmak i\u00e7in kulland\u0131klar\u0131 \u00e7e\u015fitli taktiklere, tekniklere ve prosed\u00fcrlere ayak uydurmak \u015f\u00f6yle dursun, farkl\u0131 \u00e7\u00f6z\u00fcmlerden olu\u015fan karma\u015f\u0131k altyap\u0131y\u0131 d\u00fczg\u00fcn bir \u015fekilde y\u00f6netmesi her zamankinden daha zor.<\/p>\n

Siber su\u00e7lara kar\u015f\u0131 gidi\u015fat\u0131 tersine \u00e7evirmek, siber g\u00fcvenlik alan\u0131ndaki bireysel kurumlardan daha b\u00fcy\u00fck \u00f6l\u00e7ekte bir i\u015fbirli\u011fi, \u015feffafl\u0131k ve hesap verebilirlik k\u00fclt\u00fcr\u00fc gerektiriyor. Siber tehditlere kar\u015f\u0131 bozulma zincirinde her kurumun bir yeri var.<\/p>\n","protected":false},"excerpt":{"rendered":"

DAVUT G\u00dcLE\u00c7 GAZETEC\u0130 davutgulec@hotmail.com Son y\u0131llarda, sorunlar\u0131n en b\u00fcy\u00fc\u011f\u00fc\u00a0 ki\u015fisel verilerin korunmamas\u0131. Bu konudaki a\u00e7\u0131klar, tehditler, istismarlar, haks\u0131z ticari kazan\u00e7lar. Fortinet Tehdit Ara\u015ft\u0131rmas\u0131da bunu bir kez daha ortaya \u00e7\u0131kard\u0131. Ara\u015ft\u0131rmaya g\u00f6re, siber su\u00e7lular\u0131n sekt\u00f6rlerdeki yeni g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 2023’\u00fcn ilk yar\u0131s\u0131na g\u00f6re %43 daha h\u0131zl\u0131 istismar etti\u011fini g\u00f6steriyor. FortiGuard Labs Raporu, tedarik\u00e7ilerin en iyi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 …<\/p>\n","protected":false},"author":2,"featured_media":320439,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-320438","post","type-post","status-publish","format-standard","has-post-thumbnail","","category-kose-yazilari"],"_links":{"self":[{"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/posts\/320438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/comments?post=320438"}],"version-history":[{"count":0,"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/posts\/320438\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/media\/320439"}],"wp:attachment":[{"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/media?parent=320438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/categories?post=320438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.davutgulec.com\/wp-json\/wp\/v2\/tags?post=320438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}