Research & Reports

NSFOCUS 2018 Annual Report on Cybersecurity Incident Observations

September 23, 2019 | Mina Hao

1 Introduction According to the Statistical Report on China’s Internet Development[①] released by China Internet Network Information Center (CNNIC) in February 2019, China’s online population had reached 829 million, with an Internet penetration rate of 59.6%, by the end of 2018. The Internet has shown its presence in every segment of national economy, with a […]

IP Reputation Report-09152019

September 19, 2019 | Mina Hao

Top 10 countries in attack counts:

Botnet Trend Report-14

September 18, 2019 | Mina Hao

Conclusion and Recommendations In 2018, botnets continued using DDoS as their primary weapon to attack regions with ubiquitous high speed networking for direct economic gains. However, they underwent significant changes in behavioral patterns, host platforms, C&C server deployment, infection methods, attack methods, and payload types. Security service providers need to adapt their strategies to better […]

IP Reputation Report-09012019

September 12, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at September 08, 2019.   Top 10 countries in attack percentage: The Laos is in first place. The Palestine is in the second place. The country China (CN) is […]

Botnet Trend Report-13

September 11, 2019 | Mina Hao

4.4 Satan: Evolving Ransomware In late April 2018, MalwareHunterTeam reported seeing new ransomware that leveraged EternalBlue to propagate. Through analysis, we found that the ransomware was based on a new version (dubbed V2) of Satan, a ransomware family launched in 2017. The ransom demanded in this version increased from 0.1 to 0.3 Bitcoin. At the […]

IP Reputation Report-09012019

September 5, 2019 | Mina Hao

Top 10 countries in attack counts:

Botnet Trend Report-12

September 4, 2019 | Mina Hao

4.3 XMRig: Cryptomining For Fun and Profit Cryptomining by botnets has gained popularity in the past two years. Unlike other common malicious activities like DDoS, ransomware attacks, and confidential information theft, cryptomining has some unique characteristics: 1. Predictable earnings. Cryptominers are good at hiding their presence by controlling their CPU usage within 30%–40%. Based on […]

IP Reputation Report-08252019

August 29, 2019 | Mina Hao

Top 10 countries in attack counts:

Botnet Trend Report-11

August 28, 2019 | Mina Hao

4.2.2 Analysis  During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of which were in two Central American countries. The following map shows the distribution of BillGates targets in China that NSFOCUS was able to directly monitor. BillGates ignored common ports, such as 22, […]

Banking Trojan Banjori Analysis Report

August 23, 2019 | Mina Hao

1 Sample Introduction Banjori is a banking trojan that has been active since it was first spotted in 2013. It identifies personal online banking users in France, Germany, and the USA as major targets. After infecting a user, the trojan injects a malicious payload into the user’s active processes and collect the user’s information. Banking […]