IP Reputation Report-07122020
1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 12, 2020.
Cryptomining Traffic Based on all sorts of security alert data from NSFOCUS Managed Security Service (MSS), we made a quantitative analysis of cryptomining activities and hosts in enterprises in 2019 and found that the cryptomining topicality is positively correlated with the cryptomining market trend.
As more and more Internet business is switched to the encrypted HTTPS from the plaintext HTTP, distributed denial of service (DDoS) attacks against HTTPS are also on the rise, including attacks targeting the SSL/TLS handshake and HTTPS services. Protecting against HTTPS-targeted DDoS attacks has always been a hard nut to crack within the industry. This […]
Executive Summary With the rapid advancement of computer technologies and more and more network devices joining the Internet, the global Internet has expanded at an unbelievably high speed. However, efforts made in enhancing cybersecurity are lagging far behind the growth of the Internet, leaving an ever-growing gap in between. Many cybercrime groups and individuals are […]
Second Largest Gang by the Number of Attack Sources The second largest gang in terms of the number of attack sources generated the largest traffic. This gang had 23,000 recidivists and favored volumetric SYN flood attacks. According to historical attack records, 99.54% of recidivists had resorted to this kind of attack. This gang stayed active […]
In 2019, 7% of recidivists1 were responsible for 78% of DDoS attacks. Obviously, recidivists are too menacing to overlook. Several groups of DDoS recidivists often work together to initiate attacks. Such groups are collectively referred to as an “IP gang”. In 2019, a total of 60 DDoS gangs were detected, including 15 ones that contained […]
In 2019, most frequently seen attacks were UDP floods, SYN floods, and ACK floods, which together accounted for 82% of all DDoS attacks. By contrast, reflection attacks took up only 10%. Compared with 2018, reflection attacks rose slightly in number, but remained small in proportion.
Overview On June 23, NSFOCUS reported that Apache Dubbo contained a remote code execution vulnerability (CVE-2020-1948) resulting from deserialization. Apache Dubbo is a high-performance Java RPC framework. The vulnerability exists in Hessian, a default deserialization tool used by Apache Dubbo. An attacker may exploit it by sending malicious RPC requests which usually contain unidentifiable service […]
Key Findings: Maturity: The technical maturity of attackers keeps growing, opening more possibilities than DDoS attacks for attackers to garner profits. Combination: Of all DDoS attacks in 2019, 12.5% employed multiple vectors. This percentage was even higher among super-sized attacks (> 300 Gbps) to reach more than one-third. These factors have posed a greater challenge […]