{"id":3517,"date":"2026-03-25T10:31:53","date_gmt":"2026-03-25T07:31:53","guid":{"rendered":"https:\/\/ekonomievreni.com\/?p=3517"},"modified":"2026-03-25T10:31:54","modified_gmt":"2026-03-25T07:31:54","slug":"sirketlerin-guvenlik-sistemlerini-etkisizlestiren-yontemler-artiyor","status":"publish","type":"post","link":"https:\/\/ekonomievreni.com\/?p=3517","title":{"rendered":"\u015eirketlerin g\u00fcvenlik sistemlerini etkisizle\u015ftiren y\u00f6ntemler art\u0131yor"},"content":{"rendered":"<p> <strong>Siber g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinde d\u00fcnya lideri olan ESET, EDR katili ekosistemine y\u00f6nelik en son derinlemesine analizini yay\u0131mlayarak sald\u0131rganlar\u0131n g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan s\u00fcr\u00fcc\u00fcleri nas\u0131l k\u00f6t\u00fcye kulland\u0131\u011f\u0131n\u0131 ortaya koydu. ESET\u2019in raporu, yayg\u0131n olarak g\u00f6r\u00fclen s\u00fcr\u00fcc\u00fc merkezli yakla\u015f\u0131m\u0131n \u00f6tesine ge\u00e7en, telemetri destekli i\u00e7g\u00f6r\u00fcler sunuyor. Rapor, operat\u00f6rlerin de\u011fil, i\u015f ortaklar\u0131n\u0131n ara\u00e7 \u00e7e\u015fitlili\u011fini nas\u0131l \u015fekillendirdi\u011fini ve kod tabanlar\u0131n\u0131n s\u00fcr\u00fcc\u00fcleri rutin olarak nas\u0131l yeniden kulland\u0131\u011f\u0131n\u0131 ve de\u011fi\u015ftirdi\u011fini belgeliyor.<\/strong><\/p>\n<p>Endpoint Detection and Response ifadesinin k\u0131saltmas\u0131 olan EDR, T\u00fcrk\u00e7e&#8217;ye U\u00e7 Nokta Tespit ve Yan\u0131t olarak \u00e7evrilen geli\u015fmi\u015f bir siber g\u00fcvenlik teknolojisidir. Sunucu, bilgisayar ve mobil cihazlar gibi a\u011fdaki u\u00e7 noktalar\u0131 s\u00fcrekli izleyerek, antivir\u00fcslerin ka\u00e7\u0131rabilece\u011fi \u015f\u00fcpheli davran\u0131\u015flar\u0131 ger\u00e7ek zamanl\u0131 tespit eder ve otomatik yan\u0131tlar verir. Siber su\u00e7lular\u0131n \u00e7al\u0131\u015fanlar\u0131n diz\u00fcst\u00fc bilgisayarlar\u0131n\u0131, masa\u00fcst\u00fc bilgisayarlar\u0131n\u0131 ve mobil cihazlar\u0131n\u0131 i\u015f verilerine ve altyap\u0131ya s\u0131zmak i\u00e7in kullanmas\u0131n\u0131 \u00f6nlemek i\u00e7in i\u015fletmeler a\u00e7\u0131s\u0131ndan \u00f6nemli bir ara\u00e7t\u0131r.\u00a0<strong>EDR Killer<\/strong>, bir siber sald\u0131rgan\u0131n hedef sistemdeki g\u00fcvenlik yaz\u0131l\u0131mlar\u0131n\u0131 etkisiz h\u00e2le getirmek i\u00e7in kulland\u0131\u011f\u0131 ara\u00e7 veya teknikleri ifade eder. EDR katilleri, modern fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131n\u0131n temel bir par\u00e7as\u0131d\u0131r; bu nedenle, i\u015f ortaklar\u0131 y\u00fckleri s\u00fcrekli olarak de\u011fi\u015ftirmek yerine \u015fifreleyicileri \u00e7al\u0131\u015ft\u0131rmak i\u00e7in k\u0131sa ve g\u00fcvenilir bir zaman aral\u0131\u011f\u0131n\u0131 tercih ederler. ESET ara\u015ft\u0131rmac\u0131lar\u0131, son zamanlarda g\u00f6zlemlenen EDR katillerinden en az\u0131ndan baz\u0131lar\u0131n\u0131n, yapay zek\u00e2 destekli \u00fcretime i\u015faret eden \u00f6zellikler sergiledi\u011fini de\u011ferlendiriyor. ESET telemetri ve olay ara\u015ft\u0131rmalar\u0131na dayanan bu \u00e7al\u0131\u015fma, sahada aktif olarak kullan\u0131lan yakla\u015f\u0131k 90 EDR katilinin analizine ve izlenmesine dayanmaktad\u0131r.\u00a0<\/p>\n<p><strong>Fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131ndaki yeni taktik \u00f6nce g\u00fcvenli\u011fi devre d\u0131\u015f\u0131 b\u0131rakmak<\/strong><\/p>\n<p>Son y\u0131llarda, EDR katilleri modern fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131nda en s\u0131k g\u00f6r\u00fclen ara\u00e7lardan biri h\u00e2line geldi. Bir sald\u0131rgan y\u00fcksek ayr\u0131cal\u0131klar elde eder, korumay\u0131 bozmak i\u00e7in bu t\u00fcr bir ara\u00e7 kullan\u0131r ve ancak o zaman \u015fifreleyicisini ba\u015flat\u0131r. Her yerde g\u00f6r\u00fclen Bring Your Own Vulnerable Driver (BYOVD) tekni\u011finin yan\u0131 s\u0131ra ESET sald\u0131rganlar\u0131n s\u0131k s\u0131k me\u015fru anti-rootkit yard\u0131mc\u0131 programlar\u0131n\u0131 k\u00f6t\u00fcye kulland\u0131\u011f\u0131n\u0131 veya s\u00fcr\u00fcc\u00fcs\u00fcz yakla\u015f\u0131mlar kullanarak u\u00e7 nokta alg\u0131lama ve yan\u0131t (EDR) yaz\u0131l\u0131m\u0131n\u0131n ileti\u015fimini engelledi\u011fini veya onu ask\u0131ya ald\u0131\u011f\u0131n\u0131 da g\u00f6zlemlemektedir. K\u00f6t\u00fcye kullan\u0131lan bu ara\u00e7lar sadece bol miktarda mevcut olmakla kalmaz, ayn\u0131 zamanda \u00f6ng\u00f6r\u00fclebilir ve tutarl\u0131 bir \u015fekilde davran\u0131r; i\u015fte bu y\u00fczden de i\u015f ortaklar\u0131 bunlara y\u00f6nelmektedir.<\/p>\n<p>EDR katillerini ara\u015ft\u0131ran ESET ara\u015ft\u0131rmac\u0131s\u0131 Jakub Sou\u010dek \u201cBu ara\u015ft\u0131rman\u0131n ortaya \u00e7\u0131kard\u0131\u011f\u0131 manzara, kavram kan\u0131tlar\u0131n\u0131n sonsuz \u00e7atallanmas\u0131ndan karma\u015f\u0131k profesyonel uygulamalara kadar uzanan devasa bir aland\u0131r. Darknet&#8217;te reklamlar\u0131 yap\u0131lan ticari EDR katillerine odaklanmak, m\u00fc\u015fteri tabanlar\u0131n\u0131 daha iyi anlamam\u0131z\u0131 ve aksi takdirde gizli kalacak ba\u011flant\u0131lar\u0131 tespit etmemizi sa\u011fl\u0131yor. \u015eirket i\u00e7inde geli\u015ftirilen EDR katilleri, kapal\u0131 gruplar\u0131n i\u00e7 i\u015fleyi\u015fi hakk\u0131nda fikir vermektedir. Ayr\u0131ca vibe kodlama da i\u015fleri daha da karma\u015f\u0131k h\u00e2le getirmektedir\u201d a\u00e7\u0131klamas\u0131 yapt\u0131.<\/p>\n<p><strong>Sald\u0131r\u0131 ekosistemi b\u00fcy\u00fcyor<\/strong><\/p>\n<p>Verileri ba\u015far\u0131l\u0131 bir \u015fekilde \u015fifrelemek i\u00e7in fidye yaz\u0131l\u0131m\u0131 \u015fifreleyicilerinin tespit edilmekten ka\u00e7\u0131nmas\u0131 gerekir. G\u00fcn\u00fcm\u00fczde, paketleme ve kod sanalla\u015ft\u0131rmadan sofistike enjeksiyona kadar uzanan \u00e7ok \u00e7e\u015fitli olgun ka\u00e7\u0131nma teknikleri mevcuttur. Ancak ESET, \u015fifreleyicilerde bunlar\u0131n uyguland\u0131\u011f\u0131n\u0131 nadiren g\u00f6rmektedir. Bunun yerine, fidye yaz\u0131l\u0131m\u0131 sald\u0131rganlar\u0131, \u015fifreleyicinin da\u011f\u0131t\u0131m\u0131ndan hemen \u00f6nce g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini bozmak i\u00e7in EDR katillerini tercih etmektedir. Ayn\u0131 zamanda, EDR katilleri genellikle me\u015fru ancak savunmas\u0131z s\u00fcr\u00fcc\u00fclere dayan\u0131r; bu da eski veya kurumsal yaz\u0131l\u0131mlar\u0131n kesintiye u\u011framas\u0131 riski olmadan savunmay\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde zorla\u015ft\u0131r\u0131r. Sonu\u00e7, minimum geli\u015ftirme \u00e7abas\u0131yla \u00e7ekirdek d\u00fczeyinde etki sunan bir ara\u00e7 s\u0131n\u0131f\u0131d\u0131r; bu da bu ara\u00e7lar\u0131 basitlikleri g\u00f6z \u00f6n\u00fcne al\u0131nd\u0131\u011f\u0131nda orant\u0131s\u0131z bir \u015fekilde g\u00fc\u00e7l\u00fc k\u0131lar. Bu nedenle ESET, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan s\u00fcr\u00fcc\u00fclerin y\u00fcklenmesini engellemenin savunma hatt\u0131nda \u00e7ok \u00f6nemli bir ad\u0131m oldu\u011funu ancak mevcut \u00e7e\u015fitli atlatma teknikleri nedeniyle bunun kolay bir ad\u0131m olmad\u0131\u011f\u0131n\u0131 vurguluyor. Bu durum, neden sadece buna g\u00fcvenilmemesi gerekti\u011fini ve EDR katillerinin s\u00fcr\u00fcc\u00fcy\u00fc y\u00fckleme \u015fans\u0131 bulamadan onlar\u0131 devre d\u0131\u015f\u0131 b\u0131rakmay\u0131 hedeflemesi gerekti\u011fini ortaya koyuyor.\u00a0<\/p>\n<p>Asl\u0131nda, en basit EDR engelleyiciler g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan s\u00fcr\u00fcc\u00fclere veya di\u011fer geli\u015fmi\u015f tekniklere dayanmaz. Bunun yerine, yerle\u015fik y\u00f6netim ara\u00e7lar\u0131n\u0131 ve komutlar\u0131n\u0131 k\u00f6t\u00fcye kullan\u0131rlar. BYOVD teknikleri, modern EDR engelleyicilerin ay\u0131rt edici \u00f6zelli\u011fi h\u00e2line gelmi\u015ftir: Her yerde bulunur, g\u00fcvenilirdir ve yayg\u0131n olarak kullan\u0131l\u0131r. Tipik bir senaryoda, bir sald\u0131rgan kurban\u0131n makinesine me\u015fru ancak g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan bir s\u00fcr\u00fcc\u00fc yerle\u015ftirir, s\u00fcr\u00fcc\u00fcy\u00fc y\u00fckler ve ard\u0131ndan s\u00fcr\u00fcc\u00fcn\u00fcn g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 k\u00f6t\u00fcye kullanan bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 \u00e7al\u0131\u015ft\u0131r\u0131r. Daha k\u00fc\u00e7\u00fck ancak b\u00fcy\u00fcmekte olan bir EDR katili s\u0131n\u0131f\u0131, \u00e7ekirde\u011fe hi\u00e7 dokunmadan hedeflerine ula\u015f\u0131r. Bu ara\u00e7lar, EDR i\u015flemlerini sonland\u0131rmak yerine di\u011fer kritik \u00f6zelliklere m\u00fcdahale eder.\u00a0<\/p>\n<p><strong>Yapay zek\u00e2 etkisiyle yeni nesil sald\u0131r\u0131 ara\u00e7lar\u0131 geli\u015fiyor<\/strong><\/p>\n<p>Yapay zek\u00e2 art\u0131k EDR katillerinin cephaneliklerindeki en yeni silah olarak kabul edilebilir. Yapay zek\u00e2n\u0131n belirli bir kod taban\u0131n\u0131n olu\u015fturulmas\u0131na do\u011frudan yard\u0131mc\u0131 olup olmad\u0131\u011f\u0131n\u0131 belirlemek genellikle pratik olarak imk\u00e2ns\u0131zd\u0131r. \u00d6zellikle sald\u0131rganlar kodu sonradan i\u015flediklerinde veya gizlediklerinde, yapay zek\u00e2 taraf\u0131ndan \u00fcretilen kodu insan taraf\u0131ndan yaz\u0131lan koddan g\u00fcvenilir bir \u015fekilde ay\u0131ran kesin bir adli belirte\u00e7 yoktur. Ancak ESET ara\u015ft\u0131rmac\u0131lar\u0131, son zamanlarda g\u00f6zlemlenen EDR katillerinden en az\u0131ndan baz\u0131lar\u0131n\u0131n, yapay zek\u00e2 destekli \u00fcretimi g\u00fc\u00e7l\u00fc bir \u015fekilde ima eden \u00f6zellikler sergiledi\u011fini de\u011ferlendiriyor. Buna a\u00e7\u0131k bir \u00f6rnek, Warlock fidye yaz\u0131l\u0131m\u0131 \u00e7etesi taraf\u0131ndan yak\u0131n zamanda kullan\u0131lan bir EDR katilinde g\u00f6r\u00fclmektedir. Ara\u00e7, yapay zek\u00e2 taraf\u0131ndan \u00fcretilen \u015fablonlar i\u00e7in tipik bir \u00f6r\u00fcnt\u00fc olan olas\u0131 d\u00fczeltmelerin bir listesini yazd\u0131rmakla kalmay\u0131p, belirli bir s\u00fcr\u00fcc\u00fcy\u00fc istismar etmek yerine, \u00e7al\u0131\u015fan bir s\u00fcr\u00fcc\u00fc bulana kadar birbiriyle ilgisiz, yayg\u0131n olarak k\u00f6t\u00fcye kullan\u0131lan birka\u00e7 cihaz ad\u0131n\u0131 d\u00f6ng\u00fcsel olarak deneyen bir deneme-yan\u0131lma mekanizmas\u0131 da i\u00e7ermektedir.\u00a0<\/p>\n<p>ESET ara\u015ft\u0131rmac\u0131s\u0131 Jakub Sou\u010dek \u00a0yapt\u0131\u011f\u0131 a\u00e7\u0131klamada \u00a0\u015funlar\u0131 s\u00f6yledi : \u201c\u00d6nemli bir g\u00f6zlem, hizmet olarak fidye yaz\u0131l\u0131m\u0131 (RaaS) ekosistemlerindeki i\u015f b\u00f6l\u00fcm\u00fc. Operat\u00f6rler genellikle \u015fifreleyiciyi ve destekleyici altyap\u0131y\u0131 sa\u011flar ancak EDR katili se\u00e7imi i\u015f ortaklar\u0131na b\u0131rak\u0131l\u0131r. Bu, i\u015f orta\u011f\u0131 havuzu ne kadar b\u00fcy\u00fckse EDR katili ara\u00e7lar\u0131n\u0131n o kadar \u00e7e\u015fitli h\u00e2le geldi\u011fi anlam\u0131na gelir. Fidye yaz\u0131l\u0131m\u0131na kar\u015f\u0131 savunma, otomatik tehditlere kar\u015f\u0131 savunmadan temelde farkl\u0131 bir zihniyet gerektirir. Oltalama e-postalar\u0131, yayg\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar ve istismar zincirleri, g\u00fcvenlik \u00e7\u00f6z\u00fcmleri taraf\u0131ndan tespit edilip etkisiz h\u00e2le getirildi\u011finde durur; ancak fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131 durmaz. Bunlar etkile\u015fimli, insan odakl\u0131 operasyonlard\u0131r ve sald\u0131rganlar tespitlere, ara\u00e7 ar\u0131zalar\u0131na ve \u00e7evresel engellere s\u00fcrekli olarak uyum sa\u011flar.\u201d<\/p>\n<p>\u00a0<\/p>\n<p>Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Siber g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinde d\u00fcnya lideri olan ESET, EDR katili ekosistemine y\u00f6nelik en son derinlemesine analizini yay\u0131mlayarak sald\u0131rganlar\u0131n g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan s\u00fcr\u00fcc\u00fcleri nas\u0131l k\u00f6t\u00fcye kulland\u0131\u011f\u0131n\u0131 ortaya koydu.<\/p>\n","protected":false},"author":1,"featured_media":3518,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-3517","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts\/3517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3517"}],"version-history":[{"count":1,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts\/3517\/revisions"}],"predecessor-version":[{"id":3519,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts\/3517\/revisions\/3519"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/media\/3518"}],"wp:attachment":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}