Key Findings
- [Vulnerabilities] 2019 saw a steady increase in high-risk vulnerabilities and in Internet of Things (IoT) vulnerability exploits. Of server-related vulnerabilities, web vulnerabilities stole the spotlight and the Windows remote desktop vulnerability CVE-2019-0708 had a far-reaching impact.
- [Malware] Ransomware and cryptojacking malware were two most active types of malware in 2019. In this year, ransomware presented itself as an effective tool readily available for hackers to attack a wide range of targets and to make a killing. In the meantime, the trend of industrializing ransomware became increasingly obvious. As for cryptojackers, those for mining Monero were still popular. Besides, cryptojackers provided more compromise options, characterized by modular design and capable of hiding themselves.
- [Malicious traffic] 2019 witnessed a slew of conventional web attacks , most of which were launched by exploiting deserialization vulnerabilities. Remote code execution (RCE) vulnerabilities requiring no authentication were most favored by hackers. The security of thirdparty databases should be put on top of the agenda. The time to exploit website vulnerabilities was further accelerated and web masters should be more mindful of website security.
- [Malicious traffic] DDoS attackers were powered by mature techniques. Multi-vector volumetric attacks posed a greater challenge to defense operations. Of those initiating DDoS attacks, recidivists were rather dangerous, especially active IP gangs, which require continuous attention and should be effectively blocked. At the same time, IoT devices were making more presence in DDoS attacks and IoT-based malware families contributed an increasingly large proportion of attacks, calling for more efforts to be made in IoT security governance.
- [Malicious traffic] In 2019, cryptojacking was on the rise, a direct result of the booming cryptocurrency market. Monero was still the most coveted prey for attackers. Small and medium-sized enterprises doing traditional business were most frequently attacked for this purpose. Ports ranging from 3000 to 3999 were often used by cryptojackers. Another thing to note is that web-based cryptojacking remained popular. Among Alexa’s top 1 million websites, over 2000 were planted with cryptomining scripts.
- [IoT] In 2019, over 30 types of IoT vulnerability exploits were captured, most of which targeted RCE vulnerabilities. IoT devices, especially cameras and routers, were the major targets of Telnet-based weak password cracking attacks. UPnP/SSDP- and WS-Discovery-related threats were so rampant that all players on the defensive side, including security vendors, service providers, and telecom carriers, should remain vigilant of related attacks.
- [IPv6] Globally, the past years have witnessed an ever increasing adoption of IPv6. Amid this trend, IPv6-related vulnerabilities are on the rise. These vulnerabilities exist because of not only new fields and new protocols introduced to IPv6 packets but also the use of transitional techniques that have inherent security issues. In current IPv6 attacks, traffic was mostly initiated against the transport layer and application layer. Backdoors, cryptojackers, and trojans were most frequently used in these attacks. From the perspective of services attacked, webrelated services attracted the most attention from hackers.
To be continued.