{"id":6532,"date":"2026-05-05T10:31:11","date_gmt":"2026-05-05T07:31:11","guid":{"rendered":"https:\/\/ekonomievreni.com\/?p=6532"},"modified":"2026-05-05T10:31:11","modified_gmt":"2026-05-05T07:31:11","slug":"internete-acik-uygulamalardaki-zafiyetler-ve-tedarik-zinciri-baglantili-saldirilar-baslica-saldiri-vektorleri-arasindaki-yerini-guclendiriyor","status":"publish","type":"post","link":"https:\/\/ekonomievreni.com\/?p=6532","title":{"rendered":"\u0130nternete a\u00e7\u0131k uygulamalardaki zafiyetler ve tedarik zinciri ba\u011flant\u0131l\u0131 sald\u0131r\u0131lar, ba\u015fl\u0131ca sald\u0131r\u0131 vekt\u00f6rleri aras\u0131ndaki yerini g\u00fc\u00e7lendiriyor"},"content":{"rendered":"

2025 y\u0131l\u0131nda \u00f6ne \u00e7\u0131kan ilk sald\u0131r\u0131 vekt\u00f6rleri 2024 ile b\u00fcy\u00fck \u00f6l\u00e7\u00fcde benzerlik g\u00f6sterirken toplam i\u00e7indeki paylar\u0131 %80\u2019in \u00fczerine \u00e7\u0131kt\u0131. \u0130nternete a\u00e7\u0131k uygulamalar %43,7 ile ilk s\u0131rada yer al\u0131rken, tedarik zinciri ve i\u015f ortaklar\u0131 \u00fczerinden ger\u00e7ekle\u015ftirilen sald\u0131r\u0131lar %12,7\u2019den %15,5\u2019e y\u00fckseldi. Ele ge\u00e7irilmi\u015f me\u015fru kullan\u0131c\u0131 hesaplar\u0131n\u0131n (valid accounts) kullan\u0131m oran\u0131 ise % 25,4 olarak kaydedildi. Bulgular, Kaspersky Security Services taraf\u0131ndan yay\u0131mlanan son k\u00fcresel raporda ortaya kondu.<\/strong><\/p>\n

Kaspersky Managed Detection and Response, Kaspersky Incident Response, Kaspersky Compromise Assessment ve Kaspersky SOC Consulting birimlerinden 2025 y\u0131l\u0131 boyunca elde edilen olay verilerine dayanan “Siber D\u00fcnyan\u0131n Anatomisi” (Anatomy of a Cyber World) \u00a0raporu, kapsaml\u0131 bir k\u00fcresel analiz sunuyor. Rapor, en yayg\u0131n sald\u0131rgan taktik, teknik ve ara\u00e7lar\u0131n\u0131n yan\u0131 s\u0131ra tespit edilen olaylar\u0131n karakteristik \u00f6zelliklerini ve b\u00f6lgeler ile sekt\u00f6rler aras\u0131ndaki da\u011f\u0131l\u0131m\u0131n\u0131 mercek alt\u0131na al\u0131yor.<\/p>\n

Kaspersky Incident Response verilerine g\u00f6re, son yedi y\u0131lda en yayg\u0131n ilk sald\u0131r\u0131 vekt\u00f6rlerinde \u00f6nemli bir de\u011fi\u015fim ya\u015fanmad\u0131. Ge\u00e7erli hesaplar ile internete a\u00e7\u0131k uygulamalardaki zafiyetlerin istismar\u0131, sald\u0131rganlar\u0131n en s\u0131k kulland\u0131\u011f\u0131 giri\u015f noktalar\u0131 olmay\u0131 s\u00fcrd\u00fcrd\u00fc. \u00dc\u00e7\u00fcnc\u00fc s\u0131radaki y\u00f6ntem ise d\u00f6nemsel olarak de\u011fi\u015fiklik g\u00f6sterdi. Ge\u00e7mi\u015fte yayg\u0131n olarak kullan\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 e-postalar\u0131n yerini, ilk kez 2021\u2019de \u00f6ne \u00e7\u0131kan ve 2023 itibar\u0131yla ilk \u00fc\u00e7e giren tedarik zinciri ve i\u015f ortaklar\u0131 \u00fczerinden ger\u00e7ekle\u015ftirilen sald\u0131r\u0131lar ald\u0131. 2025 y\u0131l\u0131 itibar\u0131yla ba\u015fl\u0131ca sald\u0131r\u0131 vekt\u00f6rlerinin da\u011f\u0131l\u0131m\u0131 \u015fu \u015fekilde ger\u00e7ekle\u015fti:<\/p>\n

\u00a0<\/p>\n

Bu sald\u0131r\u0131 vekt\u00f6rleri \u00e7o\u011fu zaman ayn\u0131 sald\u0131r\u0131 zinciri i\u00e7erisinde birbiriyle ba\u011flant\u0131l\u0131 \u015fekilde kullan\u0131l\u0131yor. Tedarik zinciri ve i\u015f ortaklar\u0131 \u00fczerinden hedef al\u0131nan kurulu\u015flar\u0131n \u00e7o\u011fu, ilk a\u015famada internete a\u00e7\u0131k uygulamalardaki zafiyetlerin istismar\u0131 yoluyla ihlal ediliyor. Son d\u00f6nemdeki vakalar, sald\u0131rganlar\u0131n hizmet sa\u011flay\u0131c\u0131lar\u0131 veya BT entegrat\u00f6rlerini hedef alarak onlar\u0131n m\u00fc\u015fterilerine eri\u015fim sa\u011flamaya \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 g\u00f6steriyor. Sorunun boyutu, bir\u00e7ok k\u00fc\u00e7\u00fck \u00f6l\u00e7ekli hizmet sa\u011flay\u0131c\u0131n\u0131n yeterli siber g\u00fcvenlik uzmanl\u0131\u011f\u0131na ve kayna\u011fa sahip olmamas\u0131yla daha da b\u00fcy\u00fcyor. Muhasebe yaz\u0131l\u0131mlar\u0131 veya web siteleri y\u00f6neten bu \u015firketlerde ya\u015fanan bir ihlal, uzaktan eri\u015fim mekanizmalar\u0131n\u0131n k\u00f6t\u00fcye kullan\u0131lmas\u0131 yoluyla m\u00fc\u015fteri sistemlerinin de tehlikeye girmesine neden olabiliyor.<\/p>\n

Ara\u015ft\u0131r\u0131lan sald\u0131r\u0131lar s\u00fcre ve etkilerine g\u00f6re incelendi\u011finde, vakalar\u0131n b\u00fcy\u00fck b\u00f6l\u00fcm\u00fcn\u00fcn (%50,9) h\u0131zl\u0131 ger\u00e7ekle\u015fen sald\u0131r\u0131lar oldu\u011fu g\u00f6r\u00fcl\u00fcyor. Genellikle bir g\u00fcnden k\u0131sa s\u00fcren bu sald\u0131r\u0131lar \u00e7o\u011funlukla dosya \u015fifreleme ile sonu\u00e7lan\u0131yor. Vakalar\u0131n %33\u2019\u00fcn\u00fc olu\u015fturan uzun soluklu sald\u0131r\u0131lar ise ortalama 108 saat s\u00fcr\u00fcyor. Bu s\u00fcre\u00e7te sald\u0131rganlar yaln\u0131zca dosyalar\u0131 \u015fifrelemekle kalm\u0131yor; kal\u0131c\u0131l\u0131k mekanizmalar\u0131 kuruyor, Active Directory altyap\u0131s\u0131n\u0131 ele ge\u00e7iriyor ve veri s\u0131z\u0131nt\u0131s\u0131na yol a\u00e7\u0131yor. Geriye kalan %16,1\u2019lik b\u00f6l\u00fcm ise hibrit bir yap\u0131 sergiliyor. \u0130lk etapta h\u0131zl\u0131 sald\u0131r\u0131lar gibi g\u00f6r\u00fcnen bu vakalarda, ilk ihlal ile sonraki k\u00f6t\u00fc ama\u00e7l\u0131 faaliyetler aras\u0131nda ciddi bir zaman fark\u0131 bulunuyor ve toplam sald\u0131r\u0131 s\u00fcresi yakla\u015f\u0131k 19 g\u00fcne uzayabiliyor. \u00a0\u00a0<\/p>\n

\u00a0 \u00a0\u00a0Kaspersky Global Emergency Response Team Ba\u015fkan\u0131 Konstantin Sapronov<\/strong>\u00a0<\/em>konuyla ilgili \u015funlar\u0131 s\u00f6yledi:\u00a0\u201cTehdit akt\u00f6rleri giderek daha koordineli ve \u00e7ok a\u015famal\u0131 sald\u0131r\u0131lar d\u00fczenlerken, kurumlar\u0131n yaln\u0131zca olay an\u0131na m\u00fcdahale eden reaktif bir g\u00fcvenlik yakla\u015f\u0131m\u0131yla hareket etmesi art\u0131k yeterli de\u011fil. Bunun yerine, ger\u00e7ek zamanl\u0131 tehdit izleme ve s\u00fcrekli tespit yeteneklerini g\u00fcnl\u00fck operasyonlar\u0131n bir par\u00e7as\u0131 haline getiren proaktif bir g\u00fcvenlik yakla\u015f\u0131m\u0131 kritik \u00f6nem ta\u015f\u0131yor. Bu sayede g\u00fcvenlik ekipleri, sald\u0131rgan faaliyetleri b\u00fcy\u00fcmeden \u00f6nce h\u0131zl\u0131 \u015fekilde m\u00fcdahale edebiliyor. Hem h\u0131zl\u0131 geli\u015fen sald\u0131r\u0131lara hem de uzun s\u00fcreli s\u0131zmalara kar\u015f\u0131 dijital varl\u0131klar\u0131 korumak i\u00e7in zaman\u0131nda yama y\u00f6netimi, \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama kullan\u0131m\u0131 ve \u00fc\u00e7\u00fcnc\u00fc taraf eri\u015fimlerinin s\u0131k\u0131 \u015fekilde kontrol edilmesi temel \u00f6nlemler aras\u0131nda yer al\u0131yor.\u201d<\/em><\/p>\n

\u00a0 \u00a0 \u00a0Kaspersky, geli\u015fmi\u015f tehditlere kar\u015f\u0131 korumay\u0131 g\u00fc\u00e7lendirmek i\u00e7in \u015fu \u00f6nerilerde bulunuyor:<\/p>\n