{"id":8446,"date":"2016-08-29T09:10:27","date_gmt":"2016-08-29T07:10:27","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=8446"},"modified":"2020-08-12T15:14:45","modified_gmt":"2020-08-12T13:14:45","slug":"ssl-kullanan-kotu-amacli-yazilim-sayisinda-ani-artis","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/ssl-kullanan-kotu-amacli-yazilim-sayisinda-ani-artis\/","title":{"rendered":"SSL Kullanan K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131m Say\u0131s\u0131nda Ani Art\u0131\u015f"},"content":{"rendered":"

C&C sunucu ileti\u015fimini korumak i\u00e7in SSL kullanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131nda ani bir art\u0131\u015f ya\u015fand\u0131.<\/span><\/p>\n

Ara\u015ft\u0131rmac\u0131lar hem ay baz\u0131nda tespit edilen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131nda hem de toplam aktif C&C<\/a> sunucusu say\u0131s\u0131nda bir art\u0131\u015f oldu\u011funu s\u00f6yl\u00fcyor. G\u00fcvenlik \u015firketi Blue Coat 2015 sonundan itibaren SSL kullan\u0131m\u0131nda ciddi bir art\u0131\u015f g\u00f6zlemlediklerini ifade ediyor.<\/span><\/p>\n

\u015eirket Ocak 2014 ve Aral\u0131k 2015 aras\u0131ndaki siberkriminal faaliyetleri inceledi\u011fini ve kriminal faaliyetlerde s\u0131k s\u0131k kullan\u0131lan istismar edilmi\u015f veya k\u00f6t\u00fc SSL sertifikalar\u0131n\u0131n takibinin yap\u0131ld\u0131\u011f\u0131 SSL Blacklist sitesinden elde ettikleri veriyi de\u011ferlendirdiklerini s\u00f6yl\u00fcyor.<\/span><\/p>\n

\"SSL<\/p>\n

\u015eirketin haz\u0131rlad\u0131\u011f\u0131 raporda kendini korumak i\u00e7in SSL kullanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailelerinin tespitine ve altyap\u0131lar\u0131na y\u00f6nelik bir analiz bulunmakta. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131nmlar aras\u0131nda Dridex, KINS, Shylock, URLzone, TeslaCrypt, CryptoLocker, TorrentLocker, CryptoWall, Upatre, Gootkit, Geodo, Tinba, Gozi, VMZeus, Redyms, Vawtrack, Qadars, Spambot, Emotee ve Retefe gibi isimler bulunmakta.<\/span><\/p>\n

SSL kullanan C&C sunucusu say\u0131s\u0131 200 kat artt\u0131<\/span><\/strong><\/p>\n

Blue Coat ara\u015ft\u0131rmac\u0131lar\u0131, inceleme alt\u0131na ald\u0131klar\u0131 iki y\u0131ll\u0131k periyod i\u00e7erisinde, SSL kullans\u0131n ya da kullanmas\u0131n t\u00fcm k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n say\u0131s\u0131nda bir art\u0131\u015f oldu\u011funu tespit etti.<\/span><\/p>\n

SSL<\/a> kullanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131, genel k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131na k\u0131yasla bug\u00fcne kadar hep daha az olmu\u015ftu. Ancak Ekim 2015\u2019ten sonra SSL kullanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131nda ani bir art\u0131\u015f g\u00f6zlendi. \u00a0<\/span><\/p>\n

Ara\u015ft\u0131rmac\u0131lar SSL kullanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131n\u0131n ayda 500\u2019den iki ayl\u0131k bir dilimde 29.000\u2019e \u00e7\u0131kt\u0131\u011f\u0131n\u0131 tespit ettiklerini ifade ediyorlar. Ayn\u0131 durum botlar\u0131yla konu\u015fmak i\u00e7in SSL korumal\u0131 ba\u011flant\u0131lar\u0131 kullanan C&C sunucusu say\u0131s\u0131nda da ya\u015fand\u0131. Bu say\u0131 2015\u2019in ilk \u00e7eyre\u011finde yakla\u015f\u0131k 1000\u2019ken, 2015\u2019in \u00fc\u00e7\u00fcnc\u00fc \u00e7eyre\u011finde 200.000\u2019e \u00e7\u0131kt\u0131.<\/span><\/p>\n

Blue Coat C&C sunucular\u0131n\u0131n hackerlar\u0131n koordinasyon noktas\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirme siteleri, veri s\u0131zd\u0131rma noktalar\u0131 ve di\u011fer web tabanl\u0131 operasyon noktalar\u0131 olarak kulland\u0131\u011f\u0131 web siteleri veya IP\u2019ler oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor.<\/span><\/p>\n

SSL k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarda tatillerden hemen \u00f6nce ge\u00e7en y\u0131llara nazaran b\u00fcy\u00fck bir art\u0131\u015f g\u00f6zlemlendi<\/span><\/strong><\/p>\n

Konu hakk\u0131nda Blue Coat ara\u015ft\u0131rmac\u0131lar\u0131 \u015funlar\u0131 s\u00f6yl\u00fcyor: \u201cBu ani art\u0131\u015f\u0131n zamanlamas\u0131na bak\u0131ld\u0131\u011f\u0131nda, tatil sezonunun hemen \u00f6ncesine denk geldi\u011fi g\u00f6r\u00fcl\u00fcyor. Bu nedenle bu art\u0131\u015f\u0131n bu tip k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailelerine dayanan bir ya da daha fazla b\u00fcy\u00fck kampanyan\u0131n ba\u015flat\u0131lmas\u0131yla ba\u011flant\u0131l\u0131 oldu\u011fu s\u00f6ylenebilir.\u201d<\/span><\/p>\n

Ara\u015ft\u0131rmac\u0131lar ayr\u0131ca C&C sunucusu say\u0131s\u0131n\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131ndaki art\u0131\u015ftan epey \u00f6nce tespit edildi\u011fini, bunun da siber su\u00e7lular\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kampanyalar\u0131n\u0131 ba\u015flatmadan \u00f6nce C&C sunucu altyap\u0131lar\u0131n\u0131 olu\u015fturmalar\u0131 gerekti\u011fi i\u00e7in tahmin edilebilir bir durum oldu\u011funu s\u00f6zlerine ekliyor.<\/span><\/p>\n

Blue Coat ekibi C&C sunucusu say\u0131s\u0131ndaki b\u00fcy\u00fck art\u0131\u015f\u0131n nedenlerini ise \u201cC&C sunucusu say\u0131s\u0131ndaki b\u00fcy\u00fck art\u0131\u015f b\u00fcy\u00fck ihtimalle C&C altyap\u0131s\u0131n\u0131n kurulaca\u011f\u0131 k\u0131sa \u00f6m\u00fcrl\u00fc domainler i\u00e7in Domain Olu\u015fturan Algoritmalar (Domain Generating Algorithms\/DGA) kullanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan kaynaklan\u0131yor,\u201d ifadesiyle a\u00e7\u0131kl\u0131yor.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

C&C sunucu ileti\u015fimini korumak i\u00e7in SSL kullanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131nda ani bir art\u0131\u015f ya\u015fand\u0131. Ara\u015ft\u0131rmac\u0131lar hem ay baz\u0131nda tespit edilen k\u00f6t\u00fc…<\/p>\n","protected":false},"author":3,"featured_media":8448,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,400],"tags":[],"class_list":["post-8446","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8446"}],"version-history":[{"count":5,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8446\/revisions"}],"predecessor-version":[{"id":13650,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8446\/revisions\/13650"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/8448"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}