USA & China Named As Top Cyber-Attack Sources

Uploaded on 2018-11-09 in INTELLIGENCE--International, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--USA, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

NSFOCUS has  released its H1 Cybersecurity Insights report, which analyzed traffic from January to July this year across more than 27 million attack sources the first half of 2018.

The standout issues are a big jump in crypto mining, the persistence of DDoS attacks and the predominace of repeated 'recidivist' attacks emating from China, the USA and Russia. 

 

Crypo Mining

Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all detected crypto mining activities detected by NSFOCUS.

Recidivist Attackers

Among more than 27 million attack sources detected in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.

The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists.”

Government agencies, energy, education, and finance sectors are most favored targets, suffering 90 percent of recidivist attacks, due to the large volume of business, extensive distribution, and more sensitive data.

IoT impact on Attack Types

During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly.

Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.

DDoS Traffic

DDoS attack traffic drops sharply when the government exercises security governance during substantial events both physical and cyber. In the first half of 2018, the amount of DDoS traffic seen in the network environments in China is somewhat suppressed due to the government’s traffic governance for major events.

61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.

“Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals,” said Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS.

“We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”

HelpNetSecurity

You Might Also Read: 

Crypto-Mining Hits 42% Of Organisations Worlwide:

The Rise of AI Driven DDoS Attacks:

 

« Finland Is Worried About Russian Cyberwar Techniques
Younger Generation Better At Separating News From Opinion »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

Cymune

Cymune

At Cymune we help businesses to fight against cybercrime, protect patented data and diminish security risks.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Cyberscore

Cyberscore

CyberScore specialize in digital security assessments that preventively make digital environments safer against malicious attacks from inside and outside.