{"id":8110,"date":"2022-05-25T11:43:03","date_gmt":"2022-05-25T08:43:03","guid":{"rendered":"https:\/\/www.inforte.com\/?p=8110"},"modified":"2022-05-25T11:43:03","modified_gmt":"2022-05-25T08:43:03","slug":"rusya-ddos-tehdit-genel-gorunumu","status":"publish","type":"post","link":"https:\/\/www.inforte.com\/en\/rusya-ddos-tehdit-genel-gorunumu\/","title":{"rendered":"Rusya DDoS Tehdit Genel G\u00f6r\u00fcn\u00fcm\u00fc"},"content":{"rendered":"

Y\u00f6netici \u00d6zeti<\/strong><\/p>\n

NETSCOUT Arbor Siber G\u00fcvenlik M\u00fchendisli\u011fi ve M\u00fcdahale Ekibi (ASERT), 2022 \u015eubat ay\u0131n\u0131n ortas\u0131ndan bu yana Rusya ve Ukrayna’daki durumu izliyor. K\u0131sa s\u00fcre \u00f6nce, Ukrayna’daki kurulu\u015flar\u0131, a\u011flar\u0131, uygulamalar\u0131 ve hizmetleri hedef alan devam eden y\u00fcksek profilli DDoS sald\u0131r\u0131lar\u0131n\u0131n ilk teknik analizine y\u00f6nelik bir g\u00fcncelleme yay\u0131nlad\u0131k.<\/p>\n

Rus hedeflerine odaklanan DDoS sald\u0131r\u0131lar\u0131nda ikinci bir belirgin art\u0131\u015f da ortaya \u00e7\u0131kt\u0131 ve bu da Rusya’ya y\u00f6nelik sald\u0131r\u0131larda aydan aya ~%236 art\u0131\u015fa neden oldu. Bu \u00e7at\u0131\u015fmaya do\u011frudan dahil olmayan kom\u015fu \u00fclkelere y\u00f6nelik DDoS sald\u0131r\u0131lar\u0131n\u0131n ayn\u0131 aral\u0131kta t\u00fcm Avrupa, Orta Do\u011fu ve Afrika (EMEA) b\u00f6lgesinde ~%32 d\u00fc\u015ft\u00fc\u011f\u00fc g\u00f6z \u00f6n\u00fcne al\u0131nd\u0131\u011f\u0131nda, Rus \u00e7evrimi\u00e7i m\u00fclklerine y\u00f6nelik sald\u0131r\u0131lardaki art\u0131\u015f \u00f6zellikle dikkate de\u011ferdir.<\/p>\n

DDoS vekt\u00f6r se\u00e7imi ve hedefleme kriterleri a\u00e7\u0131s\u0131ndan hem Rusya’ya hem de Ukrayna’ya y\u00f6nelik sald\u0131r\u0131larda bir\u00e7ok benzerlik bulunurken, sald\u0131r\u0131 hacimleri olduk\u00e7a farkl\u0131la\u015ft\u0131. Bug\u00fcne kadar, Rus m\u00fclklerine kar\u015f\u0131 g\u00f6zlemledi\u011fimiz en y\u00fcksek bant geni\u015fli\u011fi (bps) sald\u0131r\u0131s\u0131 ~ 454 Gbps’de \u00f6l\u00e7\u00fcld\u00fc. Ayn\u0131 d\u00f6nemde en y\u00fcksek verim (pps) sald\u0131r\u0131s\u0131 ~173 mpps’de \u00f6l\u00e7\u00fclm\u00fc\u015ft\u00fcr. Bu \u00f6l\u00e7\u00fcmler, k\u00fcresel olarak g\u00f6zlemlenen en b\u00fcy\u00fck DDoS sald\u0131r\u0131lar\u0131na yakla\u015fmasa da, bu \u00f6l\u00e7ekteki sald\u0131r\u0131lar, yaln\u0131zca ama\u00e7lanan hedefler i\u00e7in internet operasyonlar\u0131n\u0131 ciddi \u015fekild y\u0131k\u0131c\u0131 potansiyele sahip olmakla kalmaz, ayn\u0131 zamanda ba\u011fl\u0131 kurulu\u015flar ve internet trafi\u011fi i\u00e7in \u00f6nemli bir\u00a0 side effect ayak izi de olabilir.<\/p>\n

Sald\u0131r\u0131lar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011funun, \u00f6ny\u00fckleme\/stresleme hizmetleri olarak da bilinen, halka a\u00e7\u0131k kiral\u0131k DDoS hizmetlerinden kaynakland\u0131\u011f\u0131 g\u00f6r\u00fcl\u00fcyor. Bu yasa d\u0131\u015f\u0131 hizmetlerin neredeyse tamam\u0131, potansiyel m\u00fc\u015fterilere s\u0131n\u0131rl\u0131 bir \u00fccretsiz tan\u0131t\u0131m ile DDoS sald\u0131r\u0131lar\u0131 sunar. \u0130lk sald\u0131r\u0131lar s\u0131ras\u0131nda g\u00f6zlemledi\u011fimiz DDoS sald\u0131r\u0131 vekt\u00f6rlerinin ve sald\u0131r\u0131 hacimlerinin \u00e7o\u011fu, \u00fccretsiz \u00f6ny\u00fckleyiciler\/stresleyiciler arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015ftirilebilir, ancak Rusya’ya kar\u015f\u0131 g\u00f6r\u00fclen daha b\u00fcy\u00fck sald\u0131r\u0131lar\u0131n baz\u0131lar\u0131, bu underground hizmetlerinin \u00e7o\u011fu i\u00e7in profil d\u0131\u015f\u0131ndad\u0131r ve muhtemelen baz\u0131 geleneklere i\u015faret etmektedir.<\/p>\n

Baz\u0131 sald\u0131r\u0131lar\u0131n, hem ki\u015fisel bilgisayarlar\u0131n (PC’ler) hem de IoT cihazlar\u0131n\u0131n \u00f6zel olarak kontrol edilen botnetlerinden yararland\u0131\u011f\u0131 da ortaya \u00e7\u0131kt\u0131. G\u00f6zlemlenen botnet kaynakl\u0131 sald\u0131r\u0131lar\u0131n t\u00fcm\u00fc, iyi bilinen DDoS sald\u0131r\u0131 vekt\u00f6rlerini kulland\u0131 ve Mirai, XOR.DDoS, Meris ve Dvinis gibi DDoS bot aileleriyle tutarl\u0131yd\u0131.<\/p>\n

Unutulmamal\u0131d\u0131r ki; \u00f6zellikle sald\u0131rganlar taraf\u0131ndan \u00f6ny\u00fckleyiciler\/stresleyiciler kullan\u0131ld\u0131\u011f\u0131nda, DDoS sald\u0131r\u0131lar\u0131n\u0131n ili\u015fkilendirilmesi \u00e7ok zordur. DDoS sald\u0131r\u0131lar\u0131n\u0131n \u00e7o\u011fu, sald\u0131rganlar\u0131n zay\u0131f operasyonel g\u00fcvenli\u011finden kaynaklan\u0131r. Di\u011fer durumlarda ortaya \u00e7\u0131kan sonu\u00e7, sald\u0131rganlar\u0131 tespit etmek i\u00e7in hem DDoS-kiral\u0131k servislerin hem de \u00f6zel DDoS sald\u0131r\u0131 botnetlerinin komuta ve kontrol (C2) altyap\u0131s\u0131na aktif olarak s\u0131zan g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, kolluk kuvvetleri ve istihbarat te\u015fkilatlar\u0131n\u0131n ortak \u00e7al\u0131\u015fma \u00fcr\u00fcn\u00fcd\u00fcr. NETSCOUT, sekt\u00f6rdeki en ayr\u0131nt\u0131l\u0131 DDoS sald\u0131r\u0131 analizi ve azaltma \u00f6nerilerini sa\u011flama konusunda uzmanla\u015fm\u0131\u015ft\u0131r ve sald\u0131r\u0131 niteli\u011fine odaklanmam\u0131\u015ft\u0131r.<\/p>\n

Temel Bulgular<\/strong><\/p>\n