Cybersecurity Insights

Cybersecurity Insights-14

January 23, 2020

Analysis of IoT Attack Sources

From NSFOCUS’s IoT threat intelligence, we can associate DDoS attack events with IoT devices. Further analysis of IoT devices compared to source IP addresses of DDoS attacks found that 3.14% of DDoS attackers are IoT devices. Though this proportion is relatively small, the number of DDoS source IP addresses is so staggering large that DDoS attacks based on IoT devices is a very significant threat. (more…)

Cybersecurity Insights-12

January 9, 2020

6.3 Worm In the 2018 H1 Cybersecurity Insights , we pointed out that most worm viruses were discovered more than five years ago. This indicates how capable these viruses are of propagating and evolving and how difficult it is to remove them completely from the network. According to data throughout the year, this was still […]

Cybersecurity Insights-11

January 1, 2020

Backdoor, cryptominer, worm, trojan, and zombie115 made the list of active most malware in 2018. Strains of backdoors malware are still extremely active because they are too stealthy to be easily detected. As the virtual currency market continues to shrink, cryptomining is less popular than before, but still very active, coming second behind backdoors.


Cybersecurity Insights-10

December 25, 2019

5.3.2 Attack Type Distribution

In 2018, the most frequent attacks seen814 were SYN flood, UDP flood, ACK flood, HTTP flood and HTTPS flood attacks, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attackers contributed to no more than 3% of attacks. Compared with 2017, the year 2018 witnessed a 80% decrease in the number of reflection attacks, but a 73% increase in other attacks. This is because of effective governance measures taken against reflectors. (more…)

Cybersecurity Insights-9

December 18, 2019

5.3 DDoS Attacks

5.3.1 Attack Trend

In 2018, we observed 148,000 DDoS attacks (down 28.4% from 2017), which generated a total of 643,100 TB of attack traffic, about the same volume as observed in 2017. This trend suggests that
while the number of DDoS attacks is lower, the size of the attack are growing. Large and medium-size attacks are on the rise.


Cybersecurity Insights-8

December 11, 2019

5.2 Web Attacks 5.2.1 Trend of Web Attacks Of all attacks targeting web servers in 2018, 89% of them still employed common methods such as server information disclosure, resource leech, SQL injection, and cross-site scripting. Hackers are using an increasing number of web server or plug-in vulnerabilities. In 2018, vulnerability based web attacks accounted for […]

Cybersecurity Insights-7

December 4, 2019

Insights into Malicious Traffic

5.1 Vulnerability Exploitation

Here we classify vulnerabilities into

  • server vulnerabilities
  • desktop application vulnerabilities
  • device vulnerabilities


Cybersecurity Insights-6

November 27, 2019

4.2 Significant Increase in Device Vulnerabilities

In the past few years, vulnerabilities associated with network devices have grown rapidly. This is because more network enabled devices of more diverse types are connecting to the network. The threat increases as device vendors do not take security seriously and are remiss in providing timely firmware updates. Thus, the discovery of more vulnerabilities is not that difficult. (more…)

Cybersecurity Insights-5

November 20, 2019

Insights into Vulnerabilities 4.1 Overall Trend The National Vulnerability Database had recorded 15,800 CVE vulnerabilities for 2018, including 4096 high-risk ones. Compared with 2017, the total number of vulnerabilities found in 2018 increased 8.2%, while the number of high-risk ones dropped by 4.8%. Although the number of vulnerabilities increased steadily, they did so slowly, possibly […]

Cybersecurity Insights-4

November 13, 2019

3.3 Recidivists

“Recidivists” here refer to attack sources found to repeatedly engage in malicious activities. In the 2018 H1 Cybersecurity Insights, we pointed out that 25% of recidivists were responsible for 40% of attack events24. Considering the quantity and level of threat, these attackers should not be underestimated. By the end of 2018, the number of attack sources detected totaled around 43 million, up from 27 million at the end of June 2018. Of all these attack sources, recidivists accounted for 17% and were responsible for 35% of events. While those percentages were down slightly from mid-year, the actual threat was higher due to the sheer volume of attackers seen.