Efficiency is Key to Cybersecurity in the Post-Cloud Era
June 26, 2024
SANTA CLARA, Calif., June 26, 2024 — At the 16th Information Security Forum and 2024 RSAC Hot Topics Seminar held on June 7, 2024, Richard Zhao, Chief Operating Officer of International Business at NSFOCUS, presented the new picture of cybersecurity in the post-cloud era with his professional insights. Key Highlights Richard’s speech focused on three […]
Insights from Attack and Defense Drills: Strategies and Resilience
September 11, 2023
Recently, NSFOCUS SOC team summarized the findings from attack and defense drills in the first half of 2023. In these smokeless battles, the attackers advanced with aggressive strategies, while the defenders relied on comprehensive defense systems, taking measures from protecting, monitoring to tracing, and resisting every attempt to breach their defenses. Vulnerability and Asset Impact […]
An Insight into RSAC 2023: Lateral Movement in Kubernetes
June 8, 2023
At the RSA Conference 2023, Yossi Weizman, Senior Security Researcher at Microsoft Defender for Cloud, shared with us the lateral movement of the Kubernetes (aka K8s) cluster and its impact on the cloud environment. Based on Yossi’s speech and NSFOCUS researchers’ understanding, this paper describes the use of lateral movement from the perspective of attack, […]
An Insight into RSAC 2023: 6 Keywords of RSAC 2023
June 7, 2023
Keyword 1: Stronger Together Alone we can do so little; together we can do so much.” – Helen Keller The theme of this year’s conference is “Stronger Together”. What does “Stronger” mean? What is the specific scope to be “Together”? “Stronger” refers to the ability of the business itself to resist security risks. Although defensive […]
An Insight into RSAC 2023: Cooperation is the Key to Strengthening Cybersecurity
May 30, 2023
“Stronger Together” is the theme of the RSA Conference this year. Under the trend that the cyber security industry not only deeply participates in international competition to ensure technological advancement, but also continues to strengthen independent innovation ability, this theme reflects the development vitality and unique confrontation characteristics of this industry and is in line […]
NSFOCUS 2022 Cybersecurity Insights: A Summary
May 10, 2023
NSFOCUS is a leading provider of enterprise-level network security solutions and services. NSFOCUS has released the annual cybersecurity insights report in April, which analyzed the overall trends, threats, and challenges in the cyber landscape. The full NSFOCUS Cybersecurity Insights for 2022 report is available here. Here are some of the key findings from the report: […]
Top 7 Cybersecurity Predictions in 2023
April 13, 2023
With the rapid development of cyberspace technology, network security is a topic that cannot be ignored while people maintain interoperability. Through the analysis of emergency response events recorded by NSFOCUS, we have summarized the development trends of network threats and would like to share the top seven predictions we discovered to look ahead to the […]
2019 Cybersecurity Insights -20
September 9, 2020
According to the analysis of geographic distribution of IPv6 attack sources, China had the largest proportion of attack sources (86.76%), followed by the USA (3.97%) and Romania (0.77%).
(more…)2019 Cybersecurity Insights -19
September 2, 2020
Since the Promoting Scale Deployment of Internet Protocol Version 6 (IPv6) (“Plan”) 1 was published in November 2017, IPv6 deployments in China are on the rise. By June 2019, the number of active IPv6 users had reached 130 million, and 1.207 billion telecom users had been assigned an IPv6 address. At the same time, IPv6 traffic in China in the past year steadily grew. The number of address resources ranked first in the world (47,282 IP address blocks (/32)) by May 2019. Telecom enterprises have made positive efforts to improve network infrastructure. All recursive domain name systems (DNS) of the three telecom magnates support IPv6 domain name resolution. Content delivery network (CDN) enterprises have conducted IPv6 deployments nationwide and have got the capability of accelerating distribution of IPv6 addresses. The transformation of backbone networks, LTE networks, and metropolitan area networks (MANs) has been almost completed2 . With the rapid development of the IPv6 technology, more attention should be paid to security threats in the IPv6 environment. This section describes the threat situation from the perspectives of vulnerabilities and traffic.
(more…)2019 Cybersecurity Insights -17
August 21, 2020
Threats Against WS-Discovery
WSD is a multicast discovery protocol to locate services on a local area network (LAN). However, due to device vendors’ design flaw in the implementation, when a normal IP address sends a service discovery packet, devices will also respond to the request. If exposed on the Internet, these devices will be possibly exploited for DDoS reflection attacks. In February 2019, security researchers 1 from Baidu published an article 2 about WSD reflection attacks. This is the first report we have read about such attacks. In a post 3 , ZDNet mentioned that WSD reflection attacks were first reported in May, and in August, many organizations began to use this protocol to launch DDoS attacks. According to Akamai, one of its customers in the gaming industry suffered a WSD reflection attack weighing in at 35 Gbps at peak bandwidth.
Around the world, about 910,000 IP addresses (80% (730,000) were video surveillance devices) provided the WSD service and were thus at risk of being exploited to launch DDoS attacks.
(more…)