Future cyber security protection: reflection from the ups and downs of Covid-19-1
September 12, 2020
2020 is almost halfway through, it is indeed a troubled period. Covid-19 swept all over the world in just a few months. The epidemic continues to spread and repeat, and has also changed many people’s inherent perceptions, including health care, public safety, organizational mobilization, economics and politics.
The concept of computer virus is derived from biological virus. There are certain similarities between the two, such as mutation, transmission, infection mechanism, etc. Once a malicious software breaks out, the consequences caused are equally serious. A typical example is the ransomware WannaCry that took advantage of the NSA’s Eternal Blue in 2017. It infected 200,000 computers in 150 countries in just a few days, even paralyzed the production lines of manufacturers such as TSMC, broke through physical isolation and destroyed important assets of the intranet. It greatly impacted people’s inherent concept of cyber attacks and cyber warfare.
(more…)2020 H1 Cybersecurity Trends
September 11, 2020
01 Overview of the Vulnerability Trend
In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, etc.
Note: The NSFOCUS Vulnerability Database (NSVD) contains application vulnerabilities, security product vulnerabilities, operating system vulnerabilities, database vulnerabilities, and network device vulnerabilities.
(more…)Struts S2-059, S2-060 Vulnerabilities (CVE-2019-0230, CVE-2019-0233) Threat Alert
September 11, 2020
Overview
On August 13, 2020, Beijing time, Struts issued a new security bulletin to announce the fix of two vulnerabilities. S2-059 (CVE-2019-0230) is a possible remote code execution vulnerability, and S2-060 (CVE-2019-0233) is a denial-of-service vulnerability.
The two vulnerabilities were fixed in Struts 2.5.22 released in November 2019. Users are advised to upgrade as soon as possible.
Bulletin link: https://struts.apache.org/announce.html#a20200813
(more…)2019 Cybersecurity Insights -20
September 9, 2020
According to the analysis of geographic distribution of IPv6 attack sources, China had the largest proportion of attack sources (86.76%), followed by the USA (3.97%) and Romania (0.77%).
(more…)Update New Nginx Threat Backdoor Alert
September 8, 2020
Overview
This is an update advisory. For details, please see “Verification Method”-“Local Verification”.
On July 16, 2020, Beijing time, a competitor published an article stating that it captured a new Nginx backdoor recently which could bypass antivirus software. By the time this advisory is released, the backdoor had not been detected by any antivirus software on VT.
According to analysis, the Nginx backdoor modified the ngx_http_header_filter function in the HTTP header in the original Nginx, and the backdoor constructor has a special method to handle the cookies field. Once a request contains the string “lkfakjf”, the backdoor will connect to the server address assigned by the attacker.
(more…)Botnet Trend Report 2019-9
September 7, 2020
Overview
In 2019, banking Trojans frequently launched attacks via the multilevel free technology, posing a severe threat to enterprises and public sectors. Spam was still the main propagation method. Attackers collected a great number of email addresses against which they launched phishing attacks. In 2019,
NSFOCUS Security Labs captured and tracked such banking Trojans as Emotet, TrickBot, LokiBot, Gozi, and QakBot.
WebSphere Remote Code Execution Vulnerability (CVE-2020-4534) Threat Alert
September 4, 2020
1. Vulnerability Description
On July 31, 2020, Beijing time, IBM released a security bulletin which addressed a remote code execution vulnerability (CVE-2020-4534) in WebSphere Application Server (WAS). The vulnerability is caused by improper handling of UNC paths. An authenticated local attacker could exploit the vulnerability to execute arbitrary code. The vulnerability has a CVSS score of 7.8.
(more…)2019 Cybersecurity Insights -19
September 2, 2020
Since the Promoting Scale Deployment of Internet Protocol Version 6 (IPv6) (“Plan”) 1 was published in November 2017, IPv6 deployments in China are on the rise. By June 2019, the number of active IPv6 users had reached 130 million, and 1.207 billion telecom users had been assigned an IPv6 address. At the same time, IPv6 traffic in China in the past year steadily grew. The number of address resources ranked first in the world (47,282 IP address blocks (/32)) by May 2019. Telecom enterprises have made positive efforts to improve network infrastructure. All recursive domain name systems (DNS) of the three telecom magnates support IPv6 domain name resolution. Content delivery network (CDN) enterprises have conducted IPv6 deployments nationwide and have got the capability of accelerating distribution of IPv6 addresses. The transformation of backbone networks, LTE networks, and metropolitan area networks (MANs) has been almost completed2 . With the rapid development of the IPv6 technology, more attention should be paid to security threats in the IPv6 environment. This section describes the threat situation from the perspectives of vulnerabilities and traffic.
(more…)What You Should Know about OpenVPN Reflection Attacks
September 1, 2020
Executive Summary
OpenVPN is an application layer VPN implementation based on the OpenSSL library and serves over port 1194. In September 2019, OpenVPN was found to be vulnerable to UDP reflection attacks. This document analyzes threat exposure of the entire network, common attack means, and the bandwidth amplification factor (BAF) of reflection attacks via the entire network survey data from NSFOCUS Threat Intelligence (NTI) and threat data captured by NSFOCUS Threat Capture System.
(more…)2020 Mid-Year DDoS Attack Landscape Report-4
September 1, 2020
At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by the
time this report was written. According to IP gang intelligence from the NSFOCUS Threat Intelligence (“NTI”), large quantities of source IP addresses involved in the attack were controlled by the IP gang IPGang01 we have continuously monitored. We will elaborate on it in the following “attack gangs” chapter.
