Blog

2019 Cybersecurity Insights -10

July 10, 2020 | Mina Hao

Second Largest Gang by the Number of Attack Sources The second largest gang in terms of the number of attack sources generated the largest traffic. This gang had 23,000 recidivists and favored volumetric SYN flood attacks. According to historical attack records, 99.54% of recidivists had resorted to this kind of attack. This gang stayed active […]

IP Reputation Report-07052020

July 9, 2020 | Mina Hao

1.Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 5, 2020.

2019 Cybersecurity Insights -9

July 8, 2020 | Mina Hao

In 2019, 7% of recidivists1 were responsible for 78% of DDoS attacks. Obviously, recidivists are too menacing to overlook. Several groups of DDoS recidivists often work together to initiate attacks. Such groups are collectively referred to as an “IP gang”. In 2019, a total of 60 DDoS gangs were detected, including 15 ones that contained […]

2019 Cybersecurity Insights -8

July 7, 2020 | Mina Hao

In 2019, most frequently seen attacks were UDP floods, SYN floods, and ACK floods, which together accounted for 82% of all DDoS attacks. By contrast, reflection attacks took up only 10%. Compared with 2018, reflection attacks rose slightly in number, but remained small in proportion.

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948) Patch Bypass Threat Alert

July 6, 2020 | Mina Hao

Overview On June 23, NSFOCUS reported that Apache Dubbo contained a remote code execution vulnerability (CVE-2020-1948) resulting from deserialization. Apache Dubbo is a high-performance Java RPC framework. The vulnerability exists in Hessian, a default deserialization tool used by Apache Dubbo. An attacker may exploit it by sending malicious RPC requests which usually contain unidentifiable service […]

2019 Cybersecurity Insights -7

July 3, 2020 | Mina Hao

Key Findings: Maturity: The technical maturity of attackers keeps growing, opening more possibilities than DDoS attacks for attackers to garner profits. Combination: Of all DDoS attacks in 2019, 12.5% employed multiple vectors. This percentage was even higher among super-sized attacks (> 300 Gbps) to reach more than one-third. These factors have posed a greater challenge […]

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948) Threat Alert

July 2, 2020 | Mina Hao

Overview Recently, Apache Dubbo was reported to contain a remote code execution vulnerability (CVE-2020-1948) resulting from deserialization. Apache Dubbo is a high-performance Java RPC framework. The vulnerability exists in hessian, a default deserialization tool used by Apache Dubbo. An attacker may trigger it by sending malicious RPC requests which usually contain unidentifiable service or method […]

IP Reputation Report-06282020

July 1, 2020 | Mina Hao

1、Top 10 countries in attack counts:

2019 Cybersecurity Insights -6

June 30, 2020 | Mina Hao

Deserialization vulnerabilities are still frequently exploited for web attacks and special attention should be paid to the security of mainstream frameworks. This section describes web vulnerabilities that had an extensive impact in 2019: WebLogic In 2017, Oracle released an official patch that fixed the XMLDecoder vulnerability (CVE-2017-10352) in WebLogic Server. This patch was evaded twice […]

2019 Cybersecurity Insights -5

June 29, 2020 | Mina Hao

Web Attack Trend Websites, which enterprises or individuals use to provide services for users, are usually the first choice of hackers during attacks. Web attacks in 2019 clung to traditional patterns and methods, including server information disclosure, resource leeching, cross-origin resource sharing (CORS), SQL injection, and cookie poisoning, which together accounted for 89% of web […]