USA & China Named As Top Cyber-Attack Sources

Uploaded on 2018-11-09 in INTELLIGENCE--International, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--USA, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

NSFOCUS has  released its H1 Cybersecurity Insights report, which analyzed traffic from January to July this year across more than 27 million attack sources the first half of 2018.

The standout issues are a big jump in crypto mining, the persistence of DDoS attacks and the predominace of repeated 'recidivist' attacks emating from China, the USA and Russia. 

 

Crypo Mining

Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all detected crypto mining activities detected by NSFOCUS.

Recidivist Attackers

Among more than 27 million attack sources detected in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.

The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists.”

Government agencies, energy, education, and finance sectors are most favored targets, suffering 90 percent of recidivist attacks, due to the large volume of business, extensive distribution, and more sensitive data.

IoT impact on Attack Types

During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly.

Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.

DDoS Traffic

DDoS attack traffic drops sharply when the government exercises security governance during substantial events both physical and cyber. In the first half of 2018, the amount of DDoS traffic seen in the network environments in China is somewhat suppressed due to the government’s traffic governance for major events.

61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.

“Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals,” said Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS.

“We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”

HelpNetSecurity

You Might Also Read: 

Crypto-Mining Hits 42% Of Organisations Worlwide:

The Rise of AI Driven DDoS Attacks:

 

« Finland Is Worried About Russian Cyberwar Techniques
Younger Generation Better At Separating News From Opinion »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Mixed Mode

Mixed Mode

Mixed Mode is a specialist in embedded and software engineering for applications including IoT and secure embedded systems.

Odyssey

Odyssey

Odyssey is an ISO 27001 certified, Cyber -Security, Infrastructure and Risk Management Solutions integrator and a Managed Security Services Provider.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Crygma

Crygma

CRYGMA Quantum-Resistant Cryptographic Machines, the new standard in data encryption.

OneZero Solutions

OneZero Solutions

OneZero specialize in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.