{"id":24343,"date":"2024-05-29T01:00:00","date_gmt":"2024-05-28T22:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=24343"},"modified":"2024-05-29T10:28:40","modified_gmt":"2024-05-29T07:28:40","slug":"kaspersky-t%c9%99r%c9%99find%c9%99n-qanuni-windows-funksiyasi-vasit%c9%99sil%c9%99-cihazlara-hucum-ed%c9%99n-fidy%c9%99-proqrami-askarlayib","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=24343","title":{"rendered":"Kaspersky t\u0259r\u0259find\u0259n qanuni \u201cWindows\u201d funksiyas\u0131 vasit\u0259sil\u0259…."},"content":{"rendered":"\n

Kaspersky t\u0259r\u0259find\u0259n qanuni \u201cWindows\u201d funksiyas\u0131 vasit\u0259sil\u0259 cihazlara h\u00fccum ed\u0259n fidy\u0259 proqram\u0131 a\u015fkarlay\u0131b <\/strong><\/p>\n\n\n\n

Kaspersky-nin kiberinsidentl\u0259r\u0259 reaksiya \u00fczr\u0259 qlobal qrupunun (Kaspersky GERT) m\u00fct\u0259x\u0259ssisl\u0259ri \u201cBitLocker\u201dd\u0259n istifad\u0259 ed\u0259n yeni fidy\u0259 proqram\u0131 vasit\u0259sil\u0259 korporativ cihazlara qar\u015f\u0131 t\u0259\u015fkil edil\u0259n h\u00fccumlar a\u015fkar edibl\u0259r. Bu, \u201cWindows\u201d \u0259m\u0259liyyat sistemind\u0259 \u015fifr\u0259l\u0259m\u0259d\u0259n istifad\u0259 ed\u0259r\u0259k m\u0259lumatlar\u0131 qoruma\u011fa imkan ver\u0259n t\u0259hl\u00fck\u0259sizlik funksiyas\u0131d\u0131r. Z\u0259r\u0259rli proqram \u201cShrinkLocker\u201d adlan\u0131r. H\u0259d\u0259fl\u0259r s\u0259naye v\u0259 \u0259cza\u00e7\u0131l\u0131q \u015firk\u0259tl\u0259ri, el\u0259c\u0259 d\u0259 d\u00f6vl\u0259t qurumlar\u0131 olub.<\/p>\n\n\n\n

T\u0259cav\u00fczkarlar \u201cWindows\u201d il\u0259 i\u015fl\u0259y\u0259n komp\u00fcterl\u0259rd\u0259 tap\u015f\u0131r\u0131qlar\u0131n avtomatla\u015fd\u0131r\u0131lmas\u0131 \u00fc\u00e7\u00fcn istifad\u0259 edil\u0259n proqramla\u015fd\u0131rma dili \u201cVBScript\u201din bazas\u0131nda z\u0259r\u0259rli skript yarad\u0131blar. Bu skript cihazda hans\u0131 \u201cWindows\u201d versiyas\u0131n\u0131n qura\u015fd\u0131r\u0131ld\u0131\u011f\u0131n\u0131 yoxlay\u0131r v\u0259 m\u00fcvafiq olaraq \u201cBitLocker\u201d funksiyas\u0131n\u0131 aktivl\u0259\u015fdirir. Z\u0259r\u0259rli proqram \u201cWindows Server 2008\u201d\u0259 q\u0259d\u0259r \u0259m\u0259liyyat sisteminin h\u0259m yeni, h\u0259m d\u0259 k\u00f6hn\u0259 versiyalar\u0131na q\u0259d\u0259r yoluxdura bil\u0259r.<\/p>\n\n\n\n

Skript \u0259m\u0259liyyat sisteminin y\u00fckl\u0259nm\u0259 parametrl\u0259rini d\u0259yi\u015fir v\u0259 sonra \u201cBitLocker\u201dd\u0259n istifad\u0259 ed\u0259r\u0259k s\u0259rt disk b\u00f6lm\u0259l\u0259rini \u015fifr\u0259l\u0259m\u0259y\u0259 \u00e7al\u0131\u015f\u0131r. \u015eifr\u0259l\u0259nmi\u015f komp\u00fcteri daha sonra y\u00fckl\u0259y\u0259 bilm\u0259k \u00fc\u00e7\u00fcn yeni y\u00fckl\u0259m\u0259 b\u00f6lm\u0259si yarad\u0131l\u0131r. T\u0259cav\u00fczkarlar h\u0259m\u00e7inin \u201cBitLocker\u201d \u015fifr\u0259l\u0259m\u0259 a\u00e7ar\u0131n\u0131 qorumaq \u00fc\u00e7\u00fcn istifad\u0259 edil\u0259n t\u0259hl\u00fck\u0259sizlik al\u0259tl\u0259rini d\u0259 silirl\u0259r ki, istifad\u0259\u00e7i daha sonra onlar\u0131 b\u0259rpa ed\u0259 bilm\u0259sin.<\/p>\n\n\n\n

Daha sonra z\u0259r\u0259rli skript sistem haqq\u0131nda m\u0259lumat\u0131 v\u0259 yoluxmu\u015f komp\u00fcterd\u0259 yarad\u0131lan \u015fifr\u0259l\u0259m\u0259 a\u00e7ar\u0131n\u0131 t\u0259cav\u00fczkarlar\u0131n serverin\u0259 g\u00f6nd\u0259rir. Bundan sonra, o, “izl\u0259rini itirir\u201d: h\u00fccumun ara\u015fd\u0131r\u0131lmas\u0131na k\u00f6m\u0259k ed\u0259 bil\u0259c\u0259k qeydl\u0259ri v\u0259 m\u00fcxt\u0259lif fayllar\u0131 silir.<\/p>\n\n\n\n

Son m\u0259rh\u0259l\u0259d\u0259 z\u0259r\u0259rli proqram sistem\u0259 giri\u015fi m\u0259cburi \u015f\u0259kild\u0259 bloklay\u0131r. Qurban ekranda bir mesaj g\u00f6r\u00fcr: “Komp\u00fcterinizd\u0259 BitLocker b\u0259rpa variantlar\u0131 yoxdur.”<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Sistem\u0259 giri\u015f blokland\u0131qdan sonra qurban\u0131n ekran\u0131nda peyda olan mesaj <\/em><\/em><\/p>\n\n\n\n

Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri z\u0259r\u0259rli skript\u0259 \u201cShrinkLocker\u201d (ingilis dilind\u0259 \u201cshrink\u201d \u2013 azaltmaq) ad\u0131n\u0131 veribl\u0259r. O, h\u00fccumlar zaman\u0131 sabit disk b\u00f6lm\u0259l\u0259rinin parametrl\u0259rinin d\u0259yi\u015fdirilm\u0259si \u0259sas rol oynay\u0131r: bu, t\u0259cav\u00fczkarlara sistemi \u015fifr\u0259l\u0259nmi\u015f fayllarla y\u00fckl\u0259m\u0259k imkan\u0131 verir.<\/p>\n\n\n\n

\u201cH\u00fccumlar ilkin olaraq m\u0259lumatlara icaz\u0259siz giri\u015fin qar\u015f\u0131s\u0131n\u0131 almaq \u00fc\u00e7\u00fcn yarad\u0131lm\u0131\u015f \u2018BitLocker\u2019 al\u0259tind\u0259n istifad\u0259 edib. Bu m\u00fcdafi\u0259 al\u0259ti t\u0259cav\u00fczkarlar\u0131n \u0259lind\u0259 silaha \u00e7evrilib. \u2018BitLocker\u2019 istifad\u0259 ed\u0259n \u015firk\u0259tl\u0259r g\u00fccl\u00fc \u015fifr\u0259l\u0259rd\u0259n istifad\u0259 etm\u0259li v\u0259 giri\u015fi b\u0259rpa etm\u0259k \u00fc\u00e7\u00fcn istifad\u0259 edil\u0259n a\u00e7arlar\u0131n\u0131 t\u0259hl\u00fck\u0259siz saxlamal\u0131d\u0131rlar. Vacib m\u0259lumatlar\u0131n ehtiyat n\u00fcsx\u0259sini \u00e7\u0131xarmaq da vacibdir. H\u00fccumu erk\u0259n m\u0259rh\u0259l\u0259d\u0259 a\u015fkarlamaq \u00fc\u00e7\u00fcn MDR v\u0259 ya EDR sinif h\u0259ll\u0259rind\u0259n istifad\u0259 etm\u0259yi v\u0259 \u0259lb\u0259tt\u0259 ki, g\u0259l\u0259c\u0259kd\u0259 ox\u015far hadis\u0259l\u0259rin t\u0259krarlanmas\u0131n\u0131 aradan qald\u0131rmaq \u00fc\u00e7\u00fcn ilkin h\u00fccum vektorunu m\u00fc\u0259yy\u0259n etm\u0259k \u00fc\u00e7\u00fcn b\u00fct\u00fcn insidentl\u0259ri ara\u015fd\u0131rma\u011f\u0131 t\u00f6vsiy\u0259 edirik\u201d, – dey\u0259 Kaspersky-nin kiberinsidentl\u0259r\u0259 reaksiya \u00fczr\u0259 qlobal qrupunun r\u0259hb\u0259ri Konstantin Sapronov bildirir.<\/p>\n\n\n\n

Riskl\u0259ri azaltmaq \u00fc\u00e7\u00fcn Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edirl\u0259r:<\/p>\n\n\n\n