{"id":72851,"date":"2018-03-28T22:01:43","date_gmt":"2018-03-28T19:01:43","guid":{"rendered":"https:\/\/www.enerjigazetesi.ist\/?p=72851"},"modified":"2018-03-28T22:01:43","modified_gmt":"2018-03-28T19:01:43","slug":"enerji-sektoru-2017nin-ikinci-yarisinda-daha-fazla-saldiriya-ugradi","status":"publish","type":"post","link":"https:\/\/www.enerjigazetesi.ist\/en\/enerji-sektoru-2017nin-ikinci-yarisinda-daha-fazla-saldiriya-ugradi\/","title":{"rendered":"(Turkish) Enerji Sekt\u00f6r\u00fc 2017\u2019nin \u0130kinci Yar\u0131s\u0131nda Daha Fazla Sald\u0131r\u0131ya U\u011frad\u0131"},"content":{"rendered":"

Sorry, this entry is only available in Turkish<\/a>. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.<\/p>

Kaspersky Lab \u00e7\u00f6z\u00fcmleri taraf\u0131ndan korunan enerji kurumlar\u0131ndaki end\u00fcstriyel kontrol sistemlerinin (ICS – Industrial Control Systems) yakla\u015f\u0131k %40\u2019\u0131 2017\u2019nin ilk yar\u0131s\u0131nda en az bir kez zararl\u0131 yaz\u0131l\u0131m sald\u0131r\u0131s\u0131na u\u011frad\u0131. Bunlar\u0131 %35,3 ile m\u00fchendislik ve ICS entegrasyon a\u011flar\u0131 takip ediyor. Kaspersky Lab\u2019in \u2018End\u00fcstriyel Otomasyon Sistemleri i\u00e7in 2017\u2019nin ikinci yar\u0131s\u0131ndaki Tehdit Alan\u0131\u2019 adl\u0131 en son raporundaki en \u00f6nemli bulgulardan biri olan bu oranlar, di\u011fer sekt\u00f6rleri b\u00fcy\u00fck \u00f6l\u00e7\u00fcde geride b\u0131rak\u0131yor. Di\u011fer sekt\u00f6rlerde ise ICS bilgisayarlar\u0131n\u0131n ortalama %26 ila %30\u2019u sald\u0131r\u0131ya u\u011frad\u0131. Tespit edilen sald\u0131r\u0131lar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011funun kazara yap\u0131ld\u0131\u011f\u0131 belirlendi.<\/strong><\/p>\n

End\u00fcstriyel tesislerin siber g\u00fcvenlik sorunlar\u0131 \u00fcretim s\u00fcre\u00e7lerini etkileyip zarara neden olacak sonu\u00e7lara yol a\u00e7abiliyor. Farkl\u0131 end\u00fcstrilerin tehdit alanlar\u0131n\u0131 analiz eden Kaspersky Lab ICS CERT, ICS bilgisayarlar\u0131n\u0131n neredeyse t\u00fcm sekt\u00f6rlerde d\u00fczenli olarak siber sald\u0131r\u0131ya u\u011frad\u0131\u011f\u0131n\u0131 tespit etti.<\/p>\n

\"\"Ancak, bu konuda \u00f6zellikle iki sekt\u00f6r \u00f6ne \u00e7\u0131k\u0131yor: Enerji kurumlar\u0131 (%38,7), m\u00fchendislik ve ICS entegrasyon \u015firketleri (%35,5). Sald\u0131r\u0131ya u\u011frayan ICS bilgisayar\u0131 say\u0131s\u0131n\u0131n 2017\u2019nin ikinci yar\u0131s\u0131nda en fazla art\u0131\u015f g\u00f6sterdi\u011fi (2017\u2019nin ilk yar\u0131s\u0131na k\u0131yasla) sekt\u00f6r, %31,1 ile in\u015faat sekt\u00f6r\u00fc oldu. \u0130ncelenen di\u011fer sekt\u00f6rlerde (\u00fcretim, ula\u015f\u0131m, kamu, g\u0131da, sa\u011fl\u0131k, vb.) ise sald\u0131r\u0131ya u\u011frayan bilgisayarlar\u0131n oran\u0131 ortalama %26 ile %30 aras\u0131nda de\u011fi\u015fti.<\/p>\n

Uzmanlara g\u00f6re enerji sekt\u00f6r\u00fc, otomasyon \u00e7\u00f6z\u00fcmlerini geni\u015f \u00f6l\u00e7ekli kullanmaya ilk ba\u015flayan ve bilgisayarlar\u0131n en \u00e7ok kullan\u0131ld\u0131\u011f\u0131 sekt\u00f6rler aras\u0131nda yer al\u0131yor. Son y\u0131llarda ger\u00e7ekle\u015fen siber g\u00fcvenlik vakalar\u0131 ve hedefli sald\u0131r\u0131lar\u0131n yan\u0131 s\u0131ra getirilen d\u00fczenlenmeler, g\u00fc\u00e7 ve enerji \u015firketlerinin siber g\u00fcvenlik \u00fcr\u00fcnleri kullanmaya ve operasyonel teknoloji (OT) sistemlerini koruyacak \u00f6nlemler almaya ba\u015flamas\u0131 gerekti\u011fini ortaya koyuyor.<\/p>\n

Modern g\u00fc\u00e7 \u015febekeleri, en yayg\u0131n end\u00fcstriyel nesne a\u011flar\u0131ndan biri. A\u011fa ba\u011fl\u0131 \u00e7ok say\u0131da bilgisayar bulunmas\u0131, Kaspersky Lab ICS CERT istatistiklerinin de g\u00f6sterdi\u011fi gibi siber tehditlere olabildi\u011fince a\u00e7\u0131k olunmas\u0131na neden oluyor. M\u00fchendislik ve ICS entegrasyonu \u015firketlerinde sald\u0131r\u0131ya u\u011frayan ICS bilgisayarlar\u0131n\u0131n y\u00fcksek oran\u0131 da bir di\u011fer ciddi sorun. Son y\u0131llarda tedarik zincirlerine y\u00f6nelik ger\u00e7ekle\u015ftirilen y\u0131k\u0131c\u0131 sald\u0131r\u0131lar da bu sorunun ne kadar ciddi oldu\u011funu g\u00f6steriyor.<\/p>\n

\u0130n\u015faat sekt\u00f6r\u00fcnde sald\u0131r\u0131ya u\u011frayan ICS bilgisayarlar\u0131n\u0131n oran\u0131n\u0131n 2017\u2019nin ikinci yar\u0131s\u0131nda y\u00fcksek olmas\u0131, bu kurumlar\u0131n da end\u00fcstriyel bilgisayarlar\u0131n\u0131 koruma olgunlu\u011funa sahip olmad\u0131\u011f\u0131n\u0131 g\u00f6steriyor. Bilgisayar destekli otomasyon sistemlerinin yeni oldu\u011fu bu kurumlarda, end\u00fcstriyel siber g\u00fcvenlik k\u00fclt\u00fcr\u00fc hen\u00fcz geli\u015fme a\u015famas\u0131nda.<\/p>\n

ICS sald\u0131r\u0131lar\u0131n\u0131n en az ya\u015fand\u0131\u011f\u0131 alan ise %14,7 ile ICS yaz\u0131l\u0131m\u0131 geli\u015ftiren kurumlar oldu. Bu da, ICS Ar-Ge laboratuvarlar\u0131n\u0131n, test platformlar\u0131n\u0131n, demolar\u0131n ve e\u011fitim ortamlar\u0131n\u0131n, end\u00fcstriyel kurumlar\u0131n ICS bilgisayarlar\u0131 kadar olmasa da sald\u0131r\u0131lardan nasibini ald\u0131\u011f\u0131 anlam\u0131na geliyor. Kaspersky Lab ICS CERT uzmanlar\u0131, ICS \u00e7\u00f6z\u00fcmleri satan \u015firketlerin g\u00fcvenli\u011fine de dikkat \u00e7ekerek, sat\u0131c\u0131lar\u0131n i\u015f orta\u011f\u0131 ekosistemine ve m\u00fc\u015fteri portf\u00f6y\u00fcne yay\u0131lan bir sald\u0131r\u0131n\u0131n, daha \u00f6nce exPetr sald\u0131r\u0131s\u0131nda g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi olduk\u00e7a b\u00fcy\u00fck etkileri olabilece\u011fini belirtiyor.<\/p>\n

\"\"<\/p>\n

Kaspersky Lab ICS CERT ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n 2017\u2019de ke\u015ffetti\u011fi yeni e\u011filimler aras\u0131nda ICS\u2019lere yap\u0131lan madencilik sald\u0131r\u0131lar\u0131 bulunuyor. Bu sald\u0131r\u0131lardaki art\u0131\u015f kripto para birimi pazar\u0131 ve madencilerinin genel olarak artt\u0131\u011f\u0131 Eyl\u00fcl ay\u0131nda ba\u015flad\u0131. Bu tip sald\u0131r\u0131lar end\u00fcstriyel \u015firketler i\u00e7in \u00e7ok daha b\u00fcy\u00fck tehdit te\u015fkil edebiliyor. Bilgisayarlara b\u00fcy\u00fck y\u00fck binmesiyle \u015firketin ICS bile\u015fenlerinin \u00e7al\u0131\u015fmas\u0131 olumsuz etkileniyor ve sistem kararl\u0131l\u0131\u011f\u0131 azal\u0131yor. \u015eubat 2017\u2019den Ocak 2018\u2019e kadar uzanan d\u00f6nemde, end\u00fcstriyel otomasyon sistemlerinin %3,3\u2019\u00fc, \u00e7o\u011fu kazara olmak \u00fczere, kripto para madencili\u011fi programlar\u0131n\u0131n sald\u0131r\u0131s\u0131na u\u011frad\u0131.<\/p>\n

Raporda \u00f6ne \u00e7\u0131kan di\u011fer konular aras\u0131nda \u015funlar yer al\u0131yor:<\/p>\n

– Kaspersky Lab \u00fcr\u00fcnlerinin korudu\u011fu ICS bilgisayar\u0131n\u0131n\u00a0%37,8<\/strong>\u2019ine sald\u0131r\u0131 te\u015feb\u00fcss\u00fc yap\u0131ld\u0131. Bu te\u015feb\u00fcssler engellendi. Bu oran 2016\u2019n\u0131n ikinci yar\u0131s\u0131na g\u00f6re 1,4 puan daha d\u00fc\u015f\u00fck.<\/p>\n

– \u0130nternet, sald\u0131r\u0131lar\u0131n ana kayna\u011f\u0131 olmaya devam ediyor. Sald\u0131r\u0131ya u\u011frayan ICS bilgisayarlar\u0131n\u0131n\u00a0%22,7<\/strong>\u2019sinde kaynak internetti. Bu oran y\u0131l\u0131n ilk alt\u0131 ay\u0131na k\u0131yasla %2,3 daha fazla. Engellenen web kaynakl\u0131 sald\u0131r\u0131lar\u0131n oran\u0131 Avrupa ve Kuzey Amerika\u2019da di\u011fer b\u00f6lgelere g\u00f6re daha d\u00fc\u015f\u00fck.<\/p>\n

– ICS bilgisayarlar\u0131n\u0131n en \u00e7ok sald\u0131r\u0131ya u\u011frad\u0131\u011f\u0131 ilk be\u015f \u00fclkenin s\u0131ralamas\u0131 2017\u2019nin 1. yar\u0131s\u0131ndan bu yana de\u011fi\u015fmedi. Bu \u00fclkeler Vietnam (%69,6), Cezayir (%66,2), Fas (%60,4), Endonezya (%60,1) ve \u00c7in (%59,5) \u015feklinde s\u0131ralan\u0131yor.<\/p>\n

– 2017\u2019nin ikinci yar\u0131s\u0131nda, otomasyon sistemlerine kurulu Kaspersky Lab \u00e7\u00f6z\u00fcmlerinin tespit etti\u011fi zararl\u0131 yaz\u0131l\u0131m modlar\u0131n\u0131n say\u0131s\u0131 18.000\u2019den 18.900\u2019e y\u00fckseldi.<\/p>\n

– 2017\u2019de t\u00fcm ICS sistemlerinin %10,8\u2019i botnet sald\u0131r\u0131s\u0131na u\u011frad\u0131. Makinelere bula\u015fan ve onlar\u0131 uzaktan komut \u00e7al\u0131\u015ft\u0131rmak i\u00e7in bir botnet a\u011f\u0131na dahil eden bu zararl\u0131 yaz\u0131l\u0131mlar\u0131n ana kayna\u011f\u0131 internet, \u00e7\u0131kar\u0131labilir medya ve e-posta mesajlar\u0131 oluyor.<\/p>\n

– Kaspersky Lab ICS CERT, 2017\u2019de end\u00fcstriyel sistemler ve End\u00fcstriyel Nesnelerin \u0130nterneti \/ Nesnelerin \u0130nterneti (IIoT \/ IoT) sistemlerinde 63 adet a\u00e7\u0131k tespit etti. A\u00e7\u0131klar\u0131n 26\u2019s\u0131 \u00fcreticiler taraf\u0131ndan kapat\u0131ld\u0131.<\/p>\n

\u201cSald\u0131r\u0131ya u\u011frayan ICS bilgisayarlar\u0131yla ilgili ara\u015ft\u0131rmam\u0131z\u0131n sonu\u00e7lar\u0131 bizi \u015fa\u015f\u0131rtt\u0131. \u00d6rne\u011fin, g\u00fc\u00e7 ve enerji \u015firketlerinde sald\u0131r\u0131ya u\u011frayan ICS bilgisayarlar\u0131n\u0131n y\u00fcksek oran\u0131, kurumlar\u0131n baz\u0131 ciddi sorunlar ya\u015fad\u0131ktan sonra giri\u015fti\u011fi otomasyon sistemlerini koruma \u00e7abalar\u0131n\u0131n yeterli olmad\u0131\u011f\u0131n\u0131 ve halen siber su\u00e7lular\u0131n kullanabilece\u011fi bir\u00e7ok a\u00e7\u0131k bulundu\u011funu g\u00f6sterdi<\/i>.\u201d diyen Kaspersky Lab ICS CERT Lideri Evgeny Goncharov, s\u00f6zlerini \u015f\u00f6yle s\u00fcrd\u00fcrd\u00fc:<\/i><\/p>\n

\u201cGenel olarak, ICS sald\u0131r\u0131lar\u0131nda 2016\u2019ya k\u0131yasla az da olsa bir d\u00fc\u015f\u00fc\u015f g\u00f6r\u00fcyoruz. Bu da muhtemelen, kurumlar\u0131n genel olarak ICS siber g\u00fcvenli\u011fi ile ilgili durumlara daha fazla dikkat etti\u011fini g\u00f6steriyor. Kurumlar a\u011flar, e\u011fitim ekipleri gibi end\u00fcstriyel segmentlerini denetlemeye ba\u015flad\u0131. Bu gayet iyi bir i\u015faret \u00e7\u00fcnk\u00fc \u015firketlerin ileride sorunlarla bo\u011fu\u015fmaktansa proaktif \u00f6nlemler almas\u0131 \u00f6nemli.\u201d<\/i><\/p>\n

Kaspersky Lab ICS CERT \u015fu teknik \u00f6nlemlerin al\u0131nmas\u0131n\u0131 \u00f6neriyor:<\/p>\n

– Kurumun end\u00fcstriyel a\u011f\u0131ndaki sistemlerin uygulama yaz\u0131l\u0131mlar\u0131n\u0131, i\u015fletim sistemlerini ve g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini d\u00fczenli olarak g\u00fcncelleyin.<\/p>\n

– U\u00e7 router\u2019larda ve kurumun OT a\u011flar\u0131nda kullan\u0131lan portlar\u0131n ve protokollerin a\u011f trafi\u011fini k\u0131s\u0131tlay\u0131n.<\/p>\n

– Kurumun end\u00fcstriyel a\u011f\u0131nda ve \u00e7evresindeki ICS bile\u015fenlerin eri\u015fim kontrol\u00fcn\u00fc denetleyin.<\/p>\n

– OT ve end\u00fcstriyel altyap\u0131y\u0131 rastgele siber sald\u0131r\u0131lardan korumak i\u00e7in ICS sunucular\u0131na, i\u015f istasyonlar\u0131na ve insan makine aray\u00fczlerine \u00f6zel u\u00e7 nokta koruma \u00e7\u00f6z\u00fcmleri kurun.<\/p>\n

– Hedefli sald\u0131r\u0131lardan kar\u015f\u0131 daha iyi koruma i\u00e7in a\u011f trafi\u011fi izleme, analiz ve tespit \u00e7\u00f6z\u00fcmleri kullan\u0131n.<\/p>\n

2017\u2019nin ikinci yar\u0131s\u0131na dair raporun tamam\u0131n\u0131 Kaspersky Lab ICS CERT\u00a0websitesinde\u00a0<\/a>okuyabilirsiniz.<\/p>","protected":false},"excerpt":{"rendered":"

Sorry, this entry is only available in Turkish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.Kaspersky Lab \u00e7\u00f6z\u00fcmleri taraf\u0131ndan korunan enerji kurumlar\u0131ndaki end\u00fcstriyel kontrol sistemlerinin (ICS – Industrial Control Systems) yakla\u015f\u0131k %40\u2019\u0131 2017\u2019nin ilk yar\u0131s\u0131nda en az bir […]<\/p>\n","protected":false},"author":1,"featured_media":64289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[53],"tags":[67,1009,37216,19577],"views":874,"_links":{"self":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/72851"}],"collection":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/comments?post=72851"}],"version-history":[{"count":1,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/72851\/revisions"}],"predecessor-version":[{"id":72853,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/72851\/revisions\/72853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media\/64289"}],"wp:attachment":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media?parent=72851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/categories?post=72851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/tags?post=72851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}