USA & China Named As Top Cyber-Attack Sources

Uploaded on 2018-11-09 in INTELLIGENCE--International, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--USA, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

NSFOCUS has  released its H1 Cybersecurity Insights report, which analyzed traffic from January to July this year across more than 27 million attack sources the first half of 2018.

The standout issues are a big jump in crypto mining, the persistence of DDoS attacks and the predominace of repeated 'recidivist' attacks emating from China, the USA and Russia. 

 

Crypo Mining

Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all detected crypto mining activities detected by NSFOCUS.

Recidivist Attackers

Among more than 27 million attack sources detected in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.

The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists.”

Government agencies, energy, education, and finance sectors are most favored targets, suffering 90 percent of recidivist attacks, due to the large volume of business, extensive distribution, and more sensitive data.

IoT impact on Attack Types

During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly.

Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.

DDoS Traffic

DDoS attack traffic drops sharply when the government exercises security governance during substantial events both physical and cyber. In the first half of 2018, the amount of DDoS traffic seen in the network environments in China is somewhat suppressed due to the government’s traffic governance for major events.

61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.

“Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals,” said Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS.

“We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”

HelpNetSecurity

You Might Also Read: 

Crypto-Mining Hits 42% Of Organisations Worlwide:

The Rise of AI Driven DDoS Attacks:

 

« Finland Is Worried About Russian Cyberwar Techniques
Younger Generation Better At Separating News From Opinion »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Lacuna Talent

Lacuna Talent

Lacuna Talent delivers the combined power of Via Resource, the international Cyber Security recruiter, and Lacuna Talent, the Specialist AI/Data recruiter.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Cysmo Cyber Risk

Cysmo Cyber Risk

Cysmo is an innovative cyber risk assessment platform specifically designed for the needs of the German insurance industry.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.