{"id":100107,"date":"2019-10-03T01:20:37","date_gmt":"2019-10-02T22:20:37","guid":{"rendered":"https:\/\/www.enerjigazetesi.ist\/?p=100107"},"modified":"2019-10-03T11:13:37","modified_gmt":"2019-10-03T08:13:37","slug":"enerji-sektoru-de-siber-tehdit-baskisi-altinda","status":"publish","type":"post","link":"https:\/\/www.enerjigazetesi.ist\/en\/enerji-sektoru-de-siber-tehdit-baskisi-altinda\/","title":{"rendered":"(Turkish) ”Enerji Sekt\u00f6r\u00fc’de Siber Tehdit Bask\u0131s\u0131 Alt\u0131nda”"},"content":{"rendered":"

Sorry, this entry is only available in Turkish<\/a>. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.<\/p>

<\/p>\n

2019\u2019un ilk alt\u0131 ay\u0131nda Kaspersky \u00e7\u00f6z\u00fcmleri, enerji sekt\u00f6r\u00fcnde kullan\u0131lan end\u00fcstriyel kontrol sistemi (ICS) bilgisayarlar\u0131n\u0131n yakla\u015f\u0131k yar\u0131s\u0131nda alarm verdi. En s\u0131k kar\u015f\u0131la\u015f\u0131lan siber tehditler; solucanlar, casusluk yaz\u0131l\u0131mlar\u0131 ve kripto para madencileri oldu. Bu \u00fc\u00e7\u00fc birlikte sald\u0131r\u0131lar\u0131n %14\u2019\u00fcn\u00fc olu\u015fturdu. Kaspersky Lab ICS CERT\u2019in 2019\u2019in 1’inci yar\u0131s\u0131na ait end\u00fcstriyel tehdit alan\u0131 raporunda elde edilen \u00f6nemli bulgulardan biri bu oldu.<\/h1>\n

End\u00fcstriyel siber vakalar, \u00fcretimin aksamas\u0131na ve finansal zarara yol a\u00e7malar\u0131 nedeniyle en tehlikeli vakalar aras\u0131nda yer al\u0131yor. Bu sald\u0131r\u0131lar\u0131n \u00fcstesinden gelmek de bir hayli zor. Bu durum \u00f6zellikle enerji gibi, insanlar\u0131n ya\u015fam\u0131na do\u011frudan etki eden kritik sekt\u00f6rlerde ger\u00e7ekle\u015fti\u011finde b\u00fcy\u00fck \u00f6nem kazan\u0131yor. \"\"Kaspersky g\u00fcvenlik teknolojilerinin otomatik olarak i\u015fledi\u011fi 2019\u2019un ilk yar\u0131s\u0131na ait istatistikler, enerji sekt\u00f6r\u00fcnde y\u00f6neticilik yapanlar\u0131n g\u00fcvenli\u011fi asla elden b\u0131rakmamas\u0131 gerekti\u011fini ortaya koydu. G\u00f6zlem yap\u0131lan s\u00fcre boyunca Kaspersky \u00fcr\u00fcnleri, enerji sekt\u00f6r\u00fcnde kullan\u0131lan ICS bilgisayarlar\u0131n\u0131n %41,6\u2019s\u0131nda alarm verdi. ICS i\u00e7in tasarlanmayan \u00e7ok say\u0131da klasik zararl\u0131 yaz\u0131l\u0131m \u00f6rne\u011fi engellendi.<\/p>\n

Engellenen zararl\u0131 programlar aras\u0131nda en b\u00fcy\u00fck tehlikeyi, kripto para madencileri (%2,9), solucanlar (%7,1) ve \u00e7e\u015fitli \u00e7ok y\u00f6nl\u00fc casusluk yaz\u0131l\u0131mlar\u0131 (%3,7) olu\u015fturdu. Bu t\u00fcr zararl\u0131 yaz\u0131l\u0131mlar\u0131n bula\u015fmas\u0131, ICS ve end\u00fcstriyel a\u011fa ba\u011fl\u0131 di\u011fer sistemlerin b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve kullan\u0131m\u0131n\u0131 olumsuz etkileyebiliyor. Tespit edilen tehditler aras\u0131ndan baz\u0131lar\u0131 \u00f6zellikle dikkat \u00e7ekiciydi.<\/p>\n

Bunlardan biri, kimlik do\u011frulama verilerini, ekran g\u00f6r\u00fcnt\u00fclerini, web kameras\u0131ndan ve klavyeden al\u0131nan verileri \u00e7almak i\u00e7in tasarlanan \u00f6zel casus yaz\u0131l\u0131m\u0131 AgentTesla oldu. Analiz edilen t\u00fcm vakalarda, sald\u0131rganlar\u0131n bir\u00e7ok \u015firkette ele ge\u00e7irdikleri e-posta kutular\u0131ndan veri g\u00f6nderdi\u011fi g\u00f6r\u00fcld\u00fc. Zararl\u0131 yaz\u0131l\u0131m tehdidinin yan\u0131 s\u0131ra Kaspersky \u00fcr\u00fcnleri, Meterpreter arka kap\u0131s\u0131ndan yararlan\u0131lan vakalar\u0131 da belirleyip engelledi. Bu arka kap\u0131, enerji sistemlerinin end\u00fcstriyel a\u011flar\u0131ndaki bilgisayarlar\u0131 uzaktan kontrol etmek i\u00e7in kullan\u0131l\u0131yor. Bu arka kap\u0131 kullan\u0131larak d\u00fczenlenen sald\u0131r\u0131lar belirli bir hedefe y\u00f6nelik ve gizli bir \u015fekilde d\u00fczenleniyor. Sald\u0131r\u0131lar genellikle manuel olarak y\u00fcr\u00fct\u00fcl\u00fcyor. Sald\u0131rganlar\u0131n yaz\u0131l\u0131m bula\u015fan ICS bilgisayarlar\u0131n\u0131 uzaktan gizlice kontrol edebilmesi, end\u00fcstriyel sistemler i\u00e7in b\u00fcy\u00fck bir tehdit olu\u015fturuyor. \u015eirketin \u00e7\u00f6z\u00fcmleri ayr\u0131ca Syswin adl\u0131 yeni bir silici solucan\u0131 da tespit edip engelledi. Python<\/strong> ile yaz\u0131lan bu solucan Windows\u2019un<\/strong> y\u00fcr\u00fct\u00fclebilir dosya bi\u00e7iminde geliyor. Kendi kendine \u00e7o\u011fal\u0131p verileri silebilen bu tehdit, ICS bilgisayarlar\u0131na<\/strong> b\u00fcy\u00fck etki yapabiliyor.<\/p>\n

Zararl\u0131 nesneler ve vakalarla kar\u015f\u0131 kar\u015f\u0131ya kalan tek sekt\u00f6r enerji sekt\u00f6r\u00fc de\u011fil. Kaspersky uzmanlar\u0131n\u0131n analiz etti\u011fi di\u011fer sekt\u00f6rlerin kendilerini rahat hissetmeleri i\u00e7in ortada bir neden yok. Otomotiv \u00fcretimi (%39,3) ve bina otomasyon sistemleri (%37,8), zararl\u0131 nesnelerin hedef ald\u0131\u011f\u0131 ICS bilgisayar\u0131 oran\u0131 a\u00e7\u0131s\u0131ndan ikinci ve \u00fc\u00e7\u00fcnc\u00fc s\u0131rada yer al\u0131yor.<\/p>\n

Raporda yer alan di\u011fer bulgular aras\u0131nda \u015funlar yer al\u0131yor:<\/span><\/strong><\/h2>\n

– ICS bilgisayarlar\u0131 genellikle, kurumsal ortamlardaki tipik g\u00fcvenlik alan\u0131n\u0131n tamamen i\u00e7inde yer alm\u0131yor. Bu ortamlar bir\u00e7ok tehditten b\u00fcy\u00fck \u00f6l\u00e7\u00fcde korunuyor. Benzer bir \u015fekilde, ev kullan\u0131c\u0131lar\u0131 da kendilerine \u00f6zel \u00f6nlemler ve ara\u00e7larla koruma alt\u0131na al\u0131n\u0131yor. Di\u011fer bir deyi\u015fle, kurumsal alan ile ICS\u2019nin g\u00fcvenli\u011fi birbiriyle do\u011frudan ili\u015fkili de\u011fil.<\/p>\n

– ICS b\u00f6l\u00fcm\u00fcnde g\u00f6r\u00fclen zararl\u0131 faaliyetler genellikle \u00fclkede \u201carka planda\u201d ger\u00e7ekle\u015fen zararl\u0131 faaliyetlerle ba\u011flant\u0131l\u0131.<\/p>\n

– ICS b\u00f6l\u00fcm\u00fcn\u00fcn g\u00fcvenli\u011fine \u00f6nem verilen \u00fclkelerde ICS bilgisayarlar\u0131n\u0131n daha d\u00fc\u015f\u00fck seviyede sald\u0131r\u0131ya u\u011framas\u0131n\u0131n sebebi, arka planda az say\u0131da zararl\u0131 faaliyet olmas\u0131ndan \u00e7ok koruma \u00f6nlemleri ve ara\u00e7lar\u0131n\u0131n kullan\u0131lmas\u0131 oluyor.<\/p>\n

– Kendi kendine \u00e7o\u011falan zararl\u0131 programlar baz\u0131 \u00fclkelerde son derece etkin. Analiz edilen vakalardaki solucanlar\u0131n (zararl\u0131 solucan s\u0131n\u0131f\u0131 nesneler), \u00e7\u0131kar\u0131labilir medya cihazlar\u0131na (USB flash s\u00fcr\u00fcc\u00fcler, \u00e7\u0131kar\u0131labilir sabit diskler, mobil telefonlar vb.) bula\u015facak \u015fekilde geli\u015ftirildikleri g\u00f6r\u00fcld\u00fc. ICS bilgisayarlar\u0131n\u0131n en s\u0131k kar\u015f\u0131 kar\u015f\u0131ya kald\u0131\u011f\u0131 senaryonun \u00e7\u0131kar\u0131labilir medya cihazlar\u0131 ile solucan bula\u015fmas\u0131 oldu\u011fu anla\u015f\u0131ld\u0131.<\/p>\n

Kaspersky G\u00fcvenlik Ara\u015ft\u0131rmac\u0131s\u0131 Kirill Kruglov<\/strong>, \u201cToplanan istatistikler ve end\u00fcstriyel siber tehditler \u00fczerine yap\u0131lan analizler, mevcut e\u011filimleri de\u011ferlendirmek ve ne t\u00fcr tehlikelere kar\u015f\u0131 haz\u0131rl\u0131kl\u0131 olmam\u0131z gerekti\u011fine dair tahminler yapmak i\u00e7in \u00e7ok de\u011ferli. Bu rapor, g\u00fcvenlik uzmanlar\u0131n\u0131n \u00f6zellikle veri \u00e7almay\u0131, kritik \u00f6nem ta\u015f\u0131yan alanlarda casusluk yapmay\u0131, sisteme s\u0131zmay\u0131 ve verileri yok etmeyi ama\u00e7layan zararl\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 dikkatli olmas\u0131 gerekti\u011fini g\u00f6sterdi. Bu t\u00fcr vakalar end\u00fcstri i\u00e7in \u00e7ok b\u00fcy\u00fck sorunlar do\u011furabilir<\/em>.\u201d dedi.<\/p>\n

Kaspersky ICS CERT \u015fu teknik \u00f6nlemlerin al\u0131nmas\u0131n\u0131 \u00f6neriyor:<\/span><\/strong><\/h2>\n

– Kurumun end\u00fcstriyel a\u011f\u0131ndaki sistemlerin uygulama yaz\u0131l\u0131mlar\u0131n\u0131, i\u015fletim sistemlerini ve g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini d\u00fczenli olarak g\u00fcncelleyin.<\/p>\n

– U\u00e7 router\u2019larda ve kurumun OT a\u011flar\u0131nda kullan\u0131lan portlar\u0131n ve protokollerin a\u011f trafi\u011fini k\u0131s\u0131tlay\u0131n.<\/p>\n

– Kurumun end\u00fcstriyel a\u011f\u0131nda ve \u00e7evresindeki ICS bile\u015fenlerin eri\u015fim kontrol\u00fcn\u00fc denetleyin.<\/p>\n

– OT\/ICS a\u011f\u0131n\u0131za eri\u015fimi bulunan \u00e7al\u0131\u015fanlar, i\u015f ortaklar\u0131 ve tedarik\u00e7ilere d\u00fczenli olarak \u00f6zel e\u011fitim ve destek verin.<\/p>\n

– OT ve end\u00fcstriyel altyap\u0131y\u0131 siber sald\u0131r\u0131lara kar\u015f\u0131 korumak i\u00e7in ICS sunucular\u0131na, i\u015f istasyonlar\u0131na ve HMI\u2019lara \u00f6zel, Kaspersky Industrial CyberSecurity<\/a> gibi bir u\u00e7 nokta g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc kurun. Hedefli sald\u0131r\u0131lardan daha iyi korunmak i\u00e7in a\u011f trafik takibi, analiz ve tespit \u00e7\u00f6z\u00fcmleri kullan\u0131n.<\/p>\n

Raporun tamam\u0131n\u0131 Kaspersky ICS CERT<\/a> sayfas\u0131ndan okuyabilirsiniz.<\/p>","protected":false},"excerpt":{"rendered":"

Sorry, this entry is only available in Turkish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. 2019\u2019un ilk alt\u0131 ay\u0131nda Kaspersky \u00e7\u00f6z\u00fcmleri, enerji sekt\u00f6r\u00fcnde kullan\u0131lan end\u00fcstriyel kontrol sistemi (ICS) bilgisayarlar\u0131n\u0131n yakla\u015f\u0131k yar\u0131s\u0131nda alarm verdi. En s\u0131k kar\u015f\u0131la\u015f\u0131lan siber […]<\/p>\n","protected":false},"author":1,"featured_media":100110,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[51,53],"tags":[57902,57892,57896,57895,232,52259,55380,57904,57898,56092,57893,57897,57891,57894,57905,57890,57906,57899,57901,57903,57900],"views":309,"_links":{"self":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/100107"}],"collection":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/comments?post=100107"}],"version-history":[{"count":0,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/100107\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media\/100110"}],"wp:attachment":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media?parent=100107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/categories?post=100107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/tags?post=100107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}