Cybersecurity Insights

Insights from Attack and Defense Drills: Strategies and Resilience

September 11, 2023

Recently, NSFOCUS SOC team summarized the findings from attack and defense drills in the first half of 2023. In these smokeless battles, the attackers advanced with aggressive strategies, while the defenders relied on comprehensive defense systems, taking measures from protecting, monitoring to tracing, and resisting every attempt to breach their defenses. Vulnerability and Asset Impact […]

An Insight into RSAC 2023: Lateral Movement in Kubernetes

June 8, 2023

At the RSA Conference 2023, Yossi Weizman, Senior Security Researcher at Microsoft Defender for Cloud, shared with us the lateral movement of the Kubernetes (aka K8s) cluster and its impact on the cloud environment. Based on Yossi’s speech and NSFOCUS researchers’ understanding, this paper describes the use of lateral movement from the perspective of attack, […]

An Insight into RSAC 2023: 6 Keywords of RSAC 2023

Uma imagem que de uma tela de computador com um texto escrito segurança.

June 7, 2023

Keyword 1: Stronger Together Alone we can do so little; together we can do so much.” – Helen Keller The theme of this year’s conference is “Stronger Together”. What does “Stronger” mean? What is the specific scope to be “Together”? “Stronger” refers to the ability of the business itself to resist security risks. Although defensive […]

An Insight into RSAC 2023: Cooperation is the Key to Strengthening Cybersecurity

May 30, 2023

“Stronger Together” is the theme of the RSA Conference this year. Under the trend that the cyber security industry not only deeply participates in international competition to ensure technological advancement, but also continues to strengthen independent innovation ability, this theme reflects the development vitality and unique confrontation characteristics of this industry and is in line […]

NSFOCUS 2022 Cybersecurity Insights: A Summary

May 10, 2023

NSFOCUS is a leading provider of enterprise-level network security solutions and services. NSFOCUS has released the annual cybersecurity insights report in April, which analyzed the overall trends, threats, and challenges in the cyber landscape. The full NSFOCUS Cybersecurity Insights for 2022 report is available here. Here are some of the key findings from the report: […]

Top 7 Cybersecurity Predictions in 2023

April 13, 2023

With the rapid development of cyberspace technology, network security is a topic that cannot be ignored while people maintain interoperability. Through the analysis of emergency response events recorded by NSFOCUS, we have summarized the development trends of network threats and would like to share the top seven predictions we discovered to look ahead to the […]

2019 Cybersecurity Insights -20

September 9, 2020

According to the analysis of geographic distribution of IPv6 attack sources, China had the largest proportion of attack sources (86.76%), followed by the USA (3.97%) and Romania (0.77%).

(more…)

2019 Cybersecurity Insights -19

September 2, 2020

Since the Promoting Scale Deployment of Internet Protocol Version 6 (IPv6) (“Plan”) 1 was published in November 2017, IPv6 deployments in China are on the rise. By June 2019, the number of active IPv6 users had reached 130 million, and 1.207 billion telecom users had been assigned an IPv6 address. At the same time, IPv6 traffic in China in the past year steadily grew. The number of address resources ranked first in the world (47,282 IP address blocks (/32)) by May 2019. Telecom enterprises have made positive efforts to improve network infrastructure. All recursive domain name systems (DNS) of the three telecom magnates support IPv6 domain name resolution. Content delivery network (CDN) enterprises have conducted IPv6 deployments nationwide and have got the capability of accelerating distribution of IPv6 addresses. The transformation of backbone networks, LTE networks, and metropolitan area networks (MANs) has been almost completed2 . With the rapid development of the IPv6 technology, more attention should be paid to security threats in the IPv6 environment. This section describes the threat situation from the perspectives of vulnerabilities and traffic.

(more…)

2019 Cybersecurity Insights -17

August 21, 2020

Threats Against WS-Discovery

WSD is a multicast discovery protocol to locate services on a local area network (LAN). However, due to device vendors’ design flaw in the implementation, when a normal IP address sends a service discovery packet, devices will also respond to the request. If exposed on the Internet, these devices will be possibly exploited for DDoS reflection attacks. In February 2019, security researchers 1 from Baidu published an article 2 about WSD reflection attacks. This is the first report we have read about such attacks. In a post 3 , ZDNet mentioned that WSD reflection attacks were first reported in May, and in August, many organizations began to use this protocol to launch DDoS attacks. According to Akamai, one of its customers in the gaming industry suffered a WSD reflection attack weighing in at 35 Gbps at peak bandwidth.

Around the world, about 910,000 IP addresses (80% (730,000) were video surveillance devices) provided the WSD service and were thus at risk of being exploited to launch DDoS attacks.

(more…)

2019 Cybersecurity Insights -16

August 19, 2020

In this section, we analyzed threats against three major protocols.

Threats Against Telnet

According to data from NSFOCUS’s threat hunting system, Telnet (available on port 23), targeted by a total of 120,000 attack sources, was the IoT protocol most favored by attackers1 . Figure 7-3 shows the activity trend of Telnet attack sources from March to October in 2019. We can see that the number of Telnet-based attacks increased month by month from March to August, with August seeing the most attack sources (over 60,000) that carried out more than 50,000 weak password detection activities. In addition, June witnessed the most sample download activities (more than 40,000). Overall, attack sources were on the decline in the latter half of 2019.

(more…)

Search

Subscribe to the NSFOCUS Blog