{"id":158022,"date":"2022-06-24T11:54:04","date_gmt":"2022-06-24T08:54:04","guid":{"rendered":"https:\/\/www.enerjigazetesi.ist\/?p=158022"},"modified":"2022-06-24T11:54:04","modified_gmt":"2022-06-24T08:54:04","slug":"calisanlari-kimlik-avi-saldirilari-na-karsi-korumak-mumkun","status":"publish","type":"post","link":"https:\/\/www.enerjigazetesi.ist\/en\/calisanlari-kimlik-avi-saldirilari-na-karsi-korumak-mumkun\/","title":{"rendered":"(Turkish) \u00c7al\u0131\u015fanlar\u0131 Kimlik Av\u0131 Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 Korumak M\u00fcmk\u00fcn"},"content":{"rendered":"

Sorry, this entry is only available in Turkish<\/a>. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.<\/p>

<\/p>\n

ESET Tehdit Raporu D1 2022\u2019ye g\u00f6re, e-posta tehditlerinde 2021’in son d\u00f6rt ay\u0131na k\u0131yasla, 2022’nin ilk 4 ay\u0131nda % 37’lik bir art\u0131\u015f g\u00f6r\u00fcld\u00fc. Engellenen kimlik av\u0131 URL’lerinin say\u0131s\u0131 neredeyse ayn\u0131 oranda artt\u0131.<\/strong><\/h2>\n

\"\"Kimlik av\u0131 doland\u0131r\u0131c\u0131l\u0131klar\u0131<\/strong> sald\u0131rganlar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fcklemek, kimlik bilgilerini \u00e7almak<\/strong> ve kullan\u0131c\u0131lar\u0131 kurumsal para transferleri yapmalar\u0131<\/strong> i\u00e7in kand\u0131rmak amac\u0131yla kulland\u0131klar\u0131 en ba\u015far\u0131l\u0131 yollardan biri olmay\u0131 s\u00fcrd\u00fcr\u00fcrken doland\u0131r\u0131c\u0131lar me\u015fru g\u00f6ndericileri taklit etmelerine<\/strong> yard\u0131mc\u0131 olan sahte e-posta taktikleri<\/strong> kullan\u0131l\u0131yorlar. Al\u0131c\u0131y\u0131, s\u00f6z konusu eylemin sonu\u00e7lar\u0131n\u0131 d\u00fc\u015f\u00fcnmeden harekete ge\u00e7irmek i\u00e7in<\/strong> acele etmesini sa\u011flayacak \u015fekilde tasarlanm\u0131\u015f sosyal m\u00fchendislik tekniklerinden<\/strong> yararlan\u0131yorlar.<\/p>\n

Bu taktikler aras\u0131nda \u015funlar yer al\u0131yor:<\/strong><\/h3>\n

Sahte g\u00f6nderici kimlikleri \/ etki alanlar\u0131 \/ telefon numaralar\u0131<\/strong> ve bazen de yaz\u0131m hatalar\u0131<\/strong> ya da uluslararas\u0131la\u015ft\u0131r\u0131lm\u0131\u015f alan adlar\u0131<\/strong> (IDN’ler) kullanma<\/p>\n

Kimlik av\u0131 giri\u015fimleri<\/strong> olarak tespit edilmesi neredeyse imkans\u0131z olan ele ge\u00e7irilmi\u015f g\u00f6nderici hesaplar\u0131<\/p>\n

– Hedefe y\u00f6nelik kimlik av\u0131 giri\u015fimlerini<\/strong> daha inand\u0131r\u0131c\u0131 hale getirmek i\u00e7in \u00e7evrimi\u00e7i ara\u015ft\u0131rma<\/strong> (sosyal medya arac\u0131l\u0131\u011f\u0131yla)<\/p>\n

– Resmi logolar, \u00fcst bilgiler, alt bilgiler vb. kullan\u0131lmas\u0131<\/p>\n

– Kullan\u0131c\u0131y\u0131 aceleyle karar vermeye iten bir aciliyet<\/strong> veya heyecan duygusu yaratmak<\/strong><\/p>\n

– G\u00f6nderenin ger\u00e7ek hedefini gizleyen<\/strong> k\u0131salt\u0131lm\u0131\u015f ba\u011flant\u0131lar<\/p>\n

– Yasal g\u00f6r\u00fcn\u00fcml\u00fc giri\u015f portallar\u0131, web siteleri vb.<\/strong> olu\u015fturma<\/p>\n

Son yay\u0131mlanan Verizon DBIR raporuna<\/strong> g\u00f6re, ge\u00e7en y\u0131l g\u00fcvenlik olaylar\u0131n\u0131n<\/strong> b\u00fcy\u00fck k\u0131sm\u0131ndan 4 vekt\u00f6r sorumluydu: Kimlik bilgileri, kimlik av\u0131, g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanma<\/strong> ve botnet’ler<\/strong>. Bunlardan ilk ikisi insan hatas\u0131<\/strong> ile ilgili. Raporda incelenen toplam ihlallerin d\u00f6rtte biri (%25), sosyal m\u00fchendislik sald\u0131r\u0131lar\u0131n\u0131n<\/strong> sonucuydu. \u0130nsan hatalar\u0131<\/strong> ve ayr\u0131cal\u0131\u011f\u0131n k\u00f6t\u00fcye kullan\u0131lmas\u0131yla bir araya geldi\u011finde, insan unsuru t\u00fcm ihlallerin<\/strong> %82<\/strong>‘sini olu\u015fturuyordu.<\/p>\n

Kimlik av\u0131 nelere yol a\u00e7abilir?<\/strong><\/h3>\n

Kimlik av\u0131 sald\u0131r\u0131lar\u0131<\/strong> son 2 y\u0131lda<\/strong> daha da b\u00fcy\u00fck bir tehdit haline geldi. Muhtemelen yamanmam\u0131\u015f ve yetersiz korunan cihazlara sahip dikkati da\u011f\u0131n\u0131k<\/strong> ve evden \u00e7al\u0131\u015fan ki\u015filer<\/strong>, tehdit akt\u00f6rleri taraf\u0131ndan ac\u0131mas\u0131zca hedef al\u0131nd\u0131. Nisan 2020<\/strong>‘de Google<\/strong>, d\u00fcnya \u00e7ap\u0131nda her g\u00fcn 18 milyon kadar<\/strong> k\u00f6t\u00fc ama\u00e7l\u0131<\/strong> ve kimlik av\u0131 e-postas\u0131n\u0131 engelledi\u011fini<\/strong> iddia etti.<\/p>\n

Bu \u00e7al\u0131\u015fanlar\u0131n \u00e7o\u011fu ofise geri d\u00f6nd\u00fck\u00e7e, daha fazla say\u0131da SMS<\/strong> ile kimlik av\u0131 (smishing)<\/strong> ve sesli arama tabanl\u0131 kimlik av\u0131 (vishing) sald\u0131r\u0131s\u0131na<\/strong> maruz kalmalar\u0131 riski de s\u00f6z konusu. Hareket halindeki kullan\u0131c\u0131lar\u0131n ba\u011flant\u0131lara t\u0131klamalar\u0131<\/strong> ve a\u00e7mamalar\u0131 gereken ek dosyalar\u0131 a\u00e7ma<\/strong> olas\u0131l\u0131klar\u0131 daha y\u00fcksek olabilir. Bu durum ise \u015funlara yol a\u00e7abilir:<\/span><\/p>\n

– Fidye yaz\u0131l\u0131m\u0131 indirmeleri<\/p>\n

– Bankac\u0131l\u0131k Truva Atlar\u0131<\/p>\n

– Veri h\u0131rs\u0131zl\u0131\u011f\u0131\/ihlalleri<\/p>\n

– K\u00f6t\u00fc ama\u00e7l\u0131 kripto madencili\u011fi yaz\u0131l\u0131mlar\u0131<\/p>\n

– Botnet da\u011f\u0131t\u0131mlar\u0131<\/p>\n

– Takip eden sald\u0131r\u0131larda kullan\u0131lmak \u00fczere ele ge\u00e7irilen hesaplar<\/p>\n

Sahte faturalar\/\u00f6deme<\/strong> isteklerine<\/strong> ba\u011fl\u0131 olarak para kaybedilmesiyle sonu\u00e7lanan i\u015f e-postalar\u0131n\u0131n<\/strong> ele ge\u00e7irilmesi (BEC)<\/strong><\/p>\n

Finansal<\/strong> ve itibari yans\u0131malar\u0131<\/strong> \u00e7ok b\u00fcy\u00fckt\u00fcr. Bir veri ihlalinin<\/strong> ortalama maliyeti bug\u00fcn rekor bir seviye olan 4,2 milyon dolar\u0131n<\/strong> \u00fczerindeyken, baz\u0131 fidye yaz\u0131l\u0131m\u0131 ihlalleri<\/strong> bunun birka\u00e7 kat \u00fcst\u00fcne mal olmaktad\u0131r.<\/p>\n

ESET T\u00fcrkiye \u00dcr\u00fcn ve Pazarlama M\u00fcd\u00fcr\u00fc Can Erginkurban,<\/strong> e\u011fitimin her zaman \u00f6nemli oldu\u011funu vurgulayarak \u015funlar\u0131 s\u00f6yledi: “\u00c7al\u0131\u015fanlara y\u00f6nelik sald\u0131r\u0131lar\u0131n \u00f6n\u00fcne ge\u00e7ebilmek i\u00e7in d\u00fczenli e\u011fitimler ger\u00e7ekle\u015ftirilmelidir. Kimlik av\u0131 fark\u0131ndal\u0131\u011f\u0131 e\u011fitimi, sosyal m\u00fchendislik<\/strong> tehditleriyle m\u00fccadeleye y\u00f6nelik \u00e7ok katmanl\u0131 bir stratejinin<\/strong> yaln\u0131zca bir par\u00e7as\u0131 olmal\u0131d\u0131r. En e\u011fitimli personel bile, bazen karma\u015f\u0131k doland\u0131r\u0131c\u0131l\u0131klar\u0131n kurban\u0131<\/strong> olabilir. Bu y\u00fczden g\u00fcvenlik kontrolleri<\/strong> de \u00f6nemlidir. Oltalama sald\u0131r\u0131lar\u0131na<\/strong> kar\u015f\u0131 kurumunuzu korumak istiyorsan\u0131z<\/strong> \u00e7al\u0131\u015fanlar\u0131n\u0131z\u0131 mutlaka e\u011fitimlerle desteklemelisiniz.<\/strong>“<\/em><\/p>","protected":false},"excerpt":{"rendered":"

Sorry, this entry is only available in Turkish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. ESET Tehdit Raporu D1 2022\u2019ye g\u00f6re, e-posta tehditlerinde 2021’in son d\u00f6rt ay\u0131na k\u0131yasla, 2022’nin ilk 4 ay\u0131nda % 37’lik bir art\u0131\u015f g\u00f6r\u00fcld\u00fc. […]<\/p>\n","protected":false},"author":1,"featured_media":158025,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[53,157],"tags":[103759,104232,104228,104230,104229,92842,104231,38611,86241,104233,104234,99839,104227],"views":50,"_links":{"self":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/158022"}],"collection":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/comments?post=158022"}],"version-history":[{"count":0,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/158022\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media\/158025"}],"wp:attachment":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media?parent=158022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/categories?post=158022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/tags?post=158022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}