USA & China Named As Top Cyber-Attack Sources

NSFOCUS has  released its H1 Cybersecurity Insights report, which analyzed traffic from January to July this year across more than 27 million attack sources the first half of 2018.

The standout issues are a big jump in crypto mining, the persistence of DDoS attacks and the predominace of repeated 'recidivist' attacks emating from China, the USA and Russia. 

 

Crypo Mining

Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all detected crypto mining activities detected by NSFOCUS.

Recidivist Attackers

Among more than 27 million attack sources detected in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.

The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists.”

Government agencies, energy, education, and finance sectors are most favored targets, suffering 90 percent of recidivist attacks, due to the large volume of business, extensive distribution, and more sensitive data.

IoT impact on Attack Types

During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly.

Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.

DDoS Traffic

DDoS attack traffic drops sharply when the government exercises security governance during substantial events both physical and cyber. In the first half of 2018, the amount of DDoS traffic seen in the network environments in China is somewhat suppressed due to the government’s traffic governance for major events.

61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.

“Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals,” said Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS.

“We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”

HelpNetSecurity

You Might Also Read: 

Crypto-Mining Hits 42% Of Organisations Worlwide:

The Rise of AI Driven DDoS Attacks:

 

« Finland Is Worried About Russian Cyberwar Techniques
Younger Generation Better At Separating News From Opinion »

Perimeter 81

Directory of Suppliers

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO is an IT security specialist with a focus in three areas - technology management, managed security services, security consulting and auditing.

SAI Global

SAI Global

SAI Global provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector