USA & China Named As Top Cyber-Attack Sources

NSFOCUS has  released its H1 Cybersecurity Insights report, which analyzed traffic from January to July this year across more than 27 million attack sources the first half of 2018.

The standout issues are a big jump in crypto mining, the persistence of DDoS attacks and the predominace of repeated 'recidivist' attacks emating from China, the USA and Russia. 

 

Crypo Mining

Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all detected crypto mining activities detected by NSFOCUS.

Recidivist Attackers

Among more than 27 million attack sources detected in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.

The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists.”

Government agencies, energy, education, and finance sectors are most favored targets, suffering 90 percent of recidivist attacks, due to the large volume of business, extensive distribution, and more sensitive data.

IoT impact on Attack Types

During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly.

Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.

DDoS Traffic

DDoS attack traffic drops sharply when the government exercises security governance during substantial events both physical and cyber. In the first half of 2018, the amount of DDoS traffic seen in the network environments in China is somewhat suppressed due to the government’s traffic governance for major events.

61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.

“Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals,” said Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS.

“We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”

HelpNetSecurity

You Might Also Read: 

Crypto-Mining Hits 42% Of Organisations Worlwide:

The Rise of AI Driven DDoS Attacks:

 

« Finland Is Worried About Russian Cyberwar Techniques
Younger Generation Better At Separating News From Opinion »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

Venafi

Venafi

Venafi secures and protects your keys and certificates so they can’t be used by criminals to hide in encrypted traffic, spoof websites, deploy malware, and steal data.

Panda Security

Panda Security

Panda Security provides advanced anti-virus and threat protection solutions for home users and business networks.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

Peraton

Peraton

Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Force Majeure

Force Majeure

Force Majeure specializes in cybersecurity, incident response, and digital forensics, with experience spanning more than a decade.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Punk Security

Punk Security

Punk Security are specialists in integrating security into DevOps pipelines, enabling rapid and secure development.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.