{"id":24301,"date":"2022-05-10T05:54:04","date_gmt":"2022-05-10T02:54:04","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=24301"},"modified":"2022-05-10T05:54:04","modified_gmt":"2022-05-10T02:54:04","slug":"windows-ve-linux-sunucularini-maksat-alan-fidye-yazilimi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=24301","title":{"rendered":"Windows ve Linux Sunucular\u0131n\u0131 Maksat Alan Fidye Yaz\u0131l\u0131m\u0131"},"content":{"rendered":"<p>Siber hatal\u0131lar, potansiyel kurbanlar\u0131 yakalanmadan maksat almak i\u00e7in daima yeni teknikler geli\u015ftiriyor.\u00a0Bu durum, bir tertibin a\u011f\u0131na girip buradaki hassas belgeleri \u015fifreleyerek adeta rehin alan fidye yaz\u0131l\u0131m\u0131 sald\u0131rganlar\u0131 i\u00e7in bilhassa ge\u00e7erli. &#39;<strong>Tycoon<\/strong>&#39; ismi verilen yeni bir fidye yaz\u0131l\u0131m\u0131,\u00a0<strong>Java<\/strong> kullanarak Windows ve Linux sunucular\u0131n\u0131 gaye al\u0131yor.\u00a0BlackBerry Ara\u015ft\u0131rma ve \u0130stihbarat Tak\u0131m\u0131 ile KPMG \u0130ngiltere Siber M\u00fcdahale Hizmetleri taraf\u0131ndan yay\u0131nlanan rapor, bu h\u00fccumlar\u0131n nas\u0131l d\u00fczenlendi\u011fine \u0131\u015f\u0131k tutuyor.<\/p>\n<p>Ge\u00e7en aral\u0131k ay\u0131ndan bu yana g\u00f6r\u00fclen Tycoon, \u00e7ok platformlu bir Java fidye yaz\u0131l\u0131m\u0131 ve gayesi <strong>Windows<\/strong> <strong>ve<\/strong> <strong>Linux<\/strong> sunucular\u0131ndaki belgeler. Tycoon, a\u00e7\u0131\u011fa \u00e7\u0131kmaktan\u00a0kurtulmak i\u00e7in pek bilinmeyen bir Java imaj format\u0131 olan JIMAGE&#39;\u0131 kullan\u0131yor. JIMAGE, i\u015fleyi\u015fi esnas\u0131nda Java Virtual Machine (JVM) taraf\u0131ndan kullan\u0131lan <strong>Java<\/strong> <strong>Runtime<\/strong> <strong>Environment<\/strong> (JRE) imgelerini depoluyor. \u00d6zel olarak Tycoon fidye yaz\u0131l\u0131m\u0131, vir\u00fcsl\u00fc JRE derlemesini i\u00e7eren bir ZIP evrak\u0131 olarak geliyor. Fidye yaz\u0131l\u0131mlar\u0131 daha evvel de Java kullanm\u0131\u015f olsa da bu seferki Java&#39;da\u00a0JIMAGE format\u0131n\u0131 kullanarak \u015fahsile\u015ftirilmi\u015f ve mak\u00fbs niyetli bir <strong>JRE<\/strong> derlemesiyle <strong>birinci<\/strong> <strong>sefer<\/strong> kar\u015f\u0131la\u015f\u0131l\u0131yor.<\/p>\n<p><b>Maksatta \u015firketler ve e\u011fitim kurumlar\u0131 var:<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/67\/4580f98701e2c2480117f7472821a5870c37ab75.jpeg\"\/><\/p>\n<p>Fidye yaz\u0131l\u0131m\u0131n\u0131n k\u00fc\u00e7\u00fck ve orta \u00f6l\u00e7ekteki \u015firketleri, e\u011fitim kurumlar\u0131n\u0131 ve yaz\u0131l\u0131m \u015firketlerini maksat ald\u0131\u011f\u0131 g\u00f6r\u00fcl\u00fcyor. Birinci bula\u015fma, internete ba\u011fl\u0131 bir <strong>RDP<\/strong>\u00a0(Remote Desktop Protocol &#8211; Uzak Masa\u00fcst\u00fc Protokol\u00fc) sunucusu arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015fiyor. Bu sistem, kendi inan\u00e7l\u0131 b\u00f6lgesi arac\u0131l\u0131\u011f\u0131yla \u00f6teki ayg\u0131tlar\u0131n denetim edilmesinde kullan\u0131l\u0131yor.\u00a0Alan ismi denetim \u00fcnitesine ve belge sunucular\u0131na sald\u0131rd\u0131ktan sonra\u00a0hackerlar, sistem y\u00f6neticilerini kendi makinelerinin <strong>d\u0131\u015f\u0131nda<\/strong> b\u0131rak\u0131yor.\u00a0<\/p>\n<p>Sonras\u0131nda &#39;sunucu olarak hacker&#39;, s\u00fcrecini ba\u015flat\u0131p mahall\u00ee antivir\u00fcs g\u00fcvenli\u011fini devre d\u0131\u015f\u0131 b\u0131rakan sald\u0131rganlar, kapal\u0131l\u0131\u011f\u0131 ihlal edilmi\u015f sisteme bir <strong>art<\/strong> <strong>kap\u0131<\/strong> b\u0131rak\u0131yor ve a\u011fdan ayr\u0131l\u0131yor. Sald\u0131rgan, daha sonra bir RDP sunucusuna ba\u011flan\u0131yor ve onu a\u011fda yatay olarak hareket ettirmek i\u00e7in kullan\u0131yor. Her sunucuda manuel olarak RDP konta\u011f\u0131 ba\u015flatan hacker, s\u00fcreci\u00a0i\u015fleterek g\u00fcvenlik muhafazas\u0131n\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131yor ve fidye yaz\u0131l\u0131m\u0131n\u0131 ba\u015flatmak i\u00e7in bir <strong>y\u0131\u011f\u0131n<\/strong> <strong>belgesi<\/strong> \u00e7al\u0131\u015ft\u0131r\u0131yor.<\/p>\n<p>Sakl\u0131l\u0131\u011f\u0131 ihlal edilen evraklar\u0131n, <strong>Galois<\/strong>\/<strong>Counter<\/strong> (GCM) modunda bilgi b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc sa\u011flamak emeliyle 16 Byte uzunlu\u011fundaki GCM kimlik do\u011frulama etiketiyle birlikte <strong>ES-256<\/strong> algoritmas\u0131yla \u015fifrelendi\u011fi belirtiliyor. Sald\u0131rganlar, daha b\u00fcy\u00fck belgelerin belli mod\u00fcllerini \u015fifrelemeyerek\u00a0s\u00fcreci h\u0131zland\u0131r\u0131rken yeniden de belgeleri kullan\u0131lamaz h\u00e2le getirmeyi ba\u015far\u0131yor. Belgeler, asimetrik\u00a0<strong>RSA<\/strong> <strong>algoritmas\u0131<\/strong> kullan\u0131larak \u015fifreleniyor. B\u00f6ylelikle bu \u015fifreleri k\u0131rmak i\u00e7in sald\u0131rgan\u0131n \u00f6zel\u00a0RSA anahtar\u0131na ihtiya\u00e7 duyuluyor ki bunu bulmak i\u00e7in devasa boyutlarda hesaplama g\u00fcc\u00fc gerekiyor.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/67\/9f2dbc2087b376dcbb11e48f3c0af4f6f77ae42b.png\"\/><\/p>\n<p>Tycoon yakla\u015f\u0131k 6 ayd\u0131r piyasada olsa da bu ataklardan etkilenenlerin say\u0131s\u0131n\u0131n <strong>hudutlu<\/strong> oldu\u011fu belirtiliyor. Bu durumda ak\u0131nlar, ya belli tertiplere y\u00f6neldi ya da <strong>farkl\u0131<\/strong> <strong>tipte<\/strong>\u00a0fidye yaz\u0131l\u0131mlar\u0131n kullan\u0131ld\u0131\u011f\u0131 daha b\u00fcy\u00fck ata\u011f\u0131n bir kesimi.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Siber hatal\u0131lar, potansiyel kurbanlar\u0131 yakalanmadan maksat almak i\u00e7in daima yeni teknikler geli\u015ftiriyor.\u00a0Bu durum, bir tertibin a\u011f\u0131na girip &#8230;<\/p>\n","protected":false},"author":1,"featured_media":24302,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[1332,2579,1239,2615],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/24301"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24301"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/24301\/revisions"}],"predecessor-version":[{"id":24303,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/24301\/revisions\/24303"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/24302"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}