IP Reputation Analysis Report – August 2017

IP Reputation Analysis Report – August 2017

outubro 3, 2017 | NSFOCUS

Executive Overview

There was a 34.06% increase in number of IP addresses globally in the NSFOCUS IP Reputation databases this month compared to both the beginning of the year and post WannaCry and Petya (33.17% through July). Globally the number of Botnets did not change significantly. However, the overall percentage of Botnets compared to other IP Reputation categories has shown a downward trend as the new IP addresses being added are predominately ransomware.

There is a spike this month in IP addresses considered in the general DDoS category but will likely be recategorized to more specific categories (botnets, malware, etc.) as additional data is collected. Although widely reported recently that China has the largest number of reported malicious IPs in the world, that should not come as a surprise to anyone. Statistically, China having the second largest allocation of IP addresses (337,889,856) in the world, even a small percentage of infected IPs would be in the millions. A more appropriate metric would be to report IP reputation as a percentage of total IP address space allocated. Using this methodology, the territory U.S. Minor Outlying Islands has the worst IP Reputation with 66.67% or two thirds (2/3) of their IP addresses considered malicious or suspicious.

The U.S. Minor Outlying Islands has maintained this position since May likely due to ransomware infections. The country with the largest reputation match percentage is Vietnam with 16.73%. The Top 10 Percentage Match list is almost the same as July except for the country of São Tomé and Príncipe moving up to #7. That forced the Marshall Islands out of the Top 10 this month. This month there are 36 ASNs globally that have a match percentage of greater than 90%. Thirty-one (31)ASNs have a 100% match. That is one 100% match less than July as AS27176 in the United Statesreduced its reputation match to 97.78% this month.

Most infected IPs in these ASNs are categorized as Other so likely ransomware infections.São Tomé and Príncipe’s entry into the Top 10 Percentage Match list is likely due to Android mobile devices in ASN AS328191 being hit by WireX malware this month.

Please click on the following link below to download your free report:

IP Reputation Report – Aug 2017