Research & Reports

IP Reputation Report-08192019

August 22, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 19, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Curacao is in the second place. The country China (CN) is […]

Botnet Trend Report-10

August 21, 2019 | Mina Hao

4.2 BillGates: Best Cross-Platform Family In February 2014, a new botnet family was reported by the Russian website, habr5 and named BillGates because of its bill and gates modules. Subsequently the research group, MalwareMustDie reported that botnet family was operated by a Chinese hacker group, closely related with other known families such as ChinaZ and […]

Botnet Trend Report-9

August 16, 2019 | Mina Hao

This chapter explores further into active botnet families detected in 2018. We concentrate on four distinct families and tools focusing our analysis on their behavior changes, sample version changes, sample variants, and average age of C&C servers, to better understand the dynamic lifecycle of botnet families throughout 2018.

IP Reputation Report-08122019

August 15, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 11, 2019.

Botnet Trend Report-8

August 9, 2019 | Mina Hao

3.5 Delivery and Propagation  3.5.1 Behavior Seen  Studying 25 million intrusion logs extracted from NSFOCUS managed services customers in 2018, we found that approximately 14 million logs recorded intrusions using weak password cracking mainly against Telnet, RDP, and SSH services. From other logs, a large portion of intrusions seen were vulnerability-based intrusions, with 54 vulnerabilities […]

IP Reputation Report-08052019

August 8, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 04, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Curacao is in the second place. The country China (CN) is […]

Botnet Trend Report-7

August 2, 2019 | Mina Hao

3.4 DDoS Attacks 3.4.1 Behavior Seen Effective attack instructions are botnet attack instructions that control a task other that starting and stopping.  Effective attack instructions captured in 2018 included DDoS, Local Area Network (LAN) scanning, and vulnerability exploits among other types of attacks. There were 440,000 DDoS attack instructions issued from botnet families, constituting most […]

IP Reputation Report-07292019

August 1, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 28, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Curacao changes from fourth to second. The country China (CN) is […]

IP Reputation Report-07222019

July 25, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 21, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Suriname is in the second place. The country China (CN) is […]

Botnet Trend Report-6

July 24, 2019 | Mina Hao

3.3.2 Analysis Most Botnets Deployed on VPSs for Economic Reasons Low-cost virtual private servers, which have little security oversight, have become the main target for hosting command & control servers. When setting up C&C servers, botnet groups will attempt to take over any available system. Having evolved past traditional on-premises servers, botnet groups now target […]