Key Findings [Vulnerabilities] 2019 saw a steady increase in high-risk vulnerabilities and in Internet of Things (IoT) vulnerability exploits. Of server-related vulnerabilities, web vulnerabilities stole the spotlight and the Windows remote desktop vulnerability CVE-2019-0708 had a far-reaching impact. [Malware] Ransomware and cryptojacking malware were two most active types of malware in 2019. In this year, […]

Executive Summary

2019 witnessed more intense challenges in global political and economic orders. Restricted by various conventions, agreements, and protocols, traditional military means are now the last resort. In this context, attacks on the financial sector and on the cyberspace become the first choices for rival countries to try on their modern military strategies. Predictably, these attacks will probably become regular approaches in the future. By the time when the 2018 Cybersecurity Insights was released, the following trends had taken shape regarding cybersecurity: The window between the discovery of a vulnerability and the effective exploitation of this vulnerability was shortened; the DDoS attack size steadily grew; emerging threats like those from the Internet of Things (IoT) rose sharply; such malware as backdoors, cryptojackers, worms, trojans, and botnets were still active. When it comes to information disclosure, the AcFun website was hacked, leading to a leak of nearly 10 million pieces of user data; India’s Aadhaar (India’s national ID database) number leak affected 1.1 billion citizens. Information disclosure events have hit record highs for six years in a row since 2013. The four enterprises, namely Facebook, Equifax, British Airways, and Marriott International, together were fined approximately USD 9 billion for privacy and information leaks, more than the aggregate market value of the cybersecurity industry in China in that year.

Analysis of IoT Attack Sources

From NSFOCUS’s IoT threat intelligence, we can associate DDoS attack events with IoT devices. Further analysis of IoT devices compared to source IP addresses of DDoS attacks found that 3.14% of DDoS attackers are IoT devices. Though this proportion is relatively small, the number of DDoS source IP addresses is so staggering large that DDoS attacks based on IoT devices is a very significant threat. (more…)

6.3 Worm In the 2018 H1 Cybersecurity Insights , we pointed out that most worm viruses were discovered more than five years ago. This indicates how capable these viruses are of propagating and evolving and how difficult it is to remove them completely from the network. According to data throughout the year, this was still […]

Backdoor, cryptominer, worm, trojan, and zombie115 made the list of active most malware in 2018. Strains of backdoors malware are still extremely active because they are too stealthy to be easily detected. As the virtual currency market continues to shrink, cryptomining is less popular than before, but still very active, coming second behind backdoors.

(more…)

5.3.2 Attack Type Distribution

In 2018, the most frequent attacks seen814 were SYN flood, UDP flood, ACK flood, HTTP flood and HTTPS flood attacks, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attackers contributed to no more than 3% of attacks. Compared with 2017, the year 2018 witnessed a 80% decrease in the number of reflection attacks, but a 73% increase in other attacks. This is because of effective governance measures taken against reflectors. (more…)

5.3 DDoS Attacks

5.3.1 Attack Trend

In 2018, we observed 148,000 DDoS attacks (down 28.4% from 2017), which generated a total of 643,100 TB of attack traffic, about the same volume as observed in 2017. This trend suggests that
while the number of DDoS attacks is lower, the size of the attack are growing. Large and medium-size attacks are on the rise.

(more…)

5.2 Web Attacks 5.2.1 Trend of Web Attacks Of all attacks targeting web servers in 2018, 89% of them still employed common methods such as server information disclosure, resource leech, SQL injection, and cross-site scripting. Hackers are using an increasing number of web server or plug-in vulnerabilities. In 2018, vulnerability based web attacks accounted for […]

Insights into Malicious Traffic

5.1 Vulnerability Exploitation

Here we classify vulnerabilities into

• server vulnerabilities
• desktop application vulnerabilities
• device vulnerabilities

(more…)

4.2 Significant Increase in Device Vulnerabilities

In the past few years, vulnerabilities associated with network devices have grown rapidly. This is because more network enabled devices of more diverse types are connecting to the network. The threat increases as device vendors do not take security seriously and are remiss in providing timely firmware updates. Thus, the discovery of more vulnerabilities is not that difficult. (more…)