USA, China and Russia Top Cyberattack Sources: Report

The USA, China and Russia have been identified as the top cyberattack sources, as per a recent report.

The 2018 H1 Cybersecurity Insights Report released by NSFOCUS, which analyses traffic from January 1, 2018 to June 30, 2018, has come out with this and such other notable findings.

NSFOCUS, which specializes in holistic hybrid security solutions, released its H1 Cybersecurity Insights report on October 18. The report highlights observations based on attack data pertaining to the first half of 2018, collected and analyzed by the NSFOCUS Threat Intelligence center, “…a security research organization created by NSFOCUS for implementing an intelligent security 2.0 strategy and improving the cybersecurity ecosystem.” The key findings from the report include Crypto Miners, Recidivist Attackers, IoT Impact on Attack Types and DDoS Traffic.

As for crypto miners, the report finds that there has been a sharp increase in the number of crypto mining activities since the end of March and that WannaMine, which accounted for more than 40 percent of all detected crypto mining activities, was the most active crypto miner.

An NSFOCUS press release dated October 18, 2018 briefs the findings of the report; as regards recidivist attackers, it states, “Among more than 27 million attack sources detected by NSFOCUS in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.”

The press release further states, “The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists”.”

90 percent of recidivist attacks target government agencies, and the energy, education, and finance sectors. This is obviously because of the large volume of business, the extensive distribution, and the more sensitive data involved.

Discussing IoT Impact on Attack Types, the NSFOCUS press release says, “During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly…Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.”

As per the findings of the report, there is a sharp drop in the volume of DDoS attacks whenever governments exercise security governance, which is mostly done during notable events, both physical and cyber. It’s pointed out that DDoS traffic seen in the network environments in China during the first half of 2018 was rather suppressed, obviously owing to the governance from the side of the government, in connection with major events. The press release details, “61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.”

Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS is quoted as saying, “Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals. We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”