U.S. and China Lead Top Sources of Command and Control Traffic; 48 Percent of Top 25 Hostile Non-U.S. IP Addresses are “Bruteforce” Repeat Offenders
Solutionary, an NTT Group security company (NYSE: NTT) and the next-generation managed security services provider (MSSP), today announced the results of its Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2015. Solutionary SERT performed a broad analysis of the threat landscape, which unearthed several key findings. A year after the initial flurry of Shellshock activity, Solutionary identified several campaigns targeting the bash vulnerability during the latest quarter — more than 600,000 events from 138 countries. The identified campaigns include Hidden C, China Z, Lucky Socks and the QNAP worm, designed typically to set up larger botnets under the control of the attacker and establish backdoors to systems to allow access to contents or further compromise. Among other highlights, Solutionary analysis found that the United States and China were the leading sources of command and control traffic, with 21 and 20 percent of the share. Additional research found that 48 percent of the top 25 hostile non-U.S. IP addresses are “Bruteforce” repeat offenders.
Key Findings Include:
- Shellshock Still Alive and Well
Shellshock was targeted more at education (38 percent) than at technology (17 percent), healthcare (six percent), finance (five percent) and manufacturing (five percent) combined. Overall, 600,000 events of Shellshock activity were discovered in 138 countries, originating from more than 25,000 IPs and 2,027 different service providers.
- U.S. Edges Out China for Share of Command and Control Traffic
The U.S. and China led all countries in malicious command and control traffic, with 21 percent and 20 percent respectively.
- Bruteforce Activity Dominating the Field
From the top 25 hostile non-U.S. repeat IP addresses, “Bruteforcers” accounted for 48 percent of all malevolent activity. Solutionary saw a relatively large amount of SSH brute force attempts that targeted SSH usernames and passwords, often on systems that did not have “maximums” set. Successful brute forcing in this case could allow assailants to copy files, create directories, download content from remote sites and more.
- Malware Analysis
The largest single source of malware threats, representing almost 46 percent of all malware, originated from the U.S. China and Ukraine followed with 26 percent and 12 percent, respectively, and Japan leapt up 14 places to fifth on the list.
- New Non-U.S. Attacks, China Still on Top
Of the top 25 hostile non-U.S. repeat IP addresses, China accounted for 32 percent of total foreign attacks, followed by Germany (12 percent) and Hungary, France and Ukraine with eight percent, each.
Readers will find several sections in the report that provide timely, actionable information they can use to help protect against today’s most malicious attack tactics and vectors.
About Solutionary
Solutionary, an NTT Group security company (NYSE: NTT), is the next generation managed security services provider (MSSP), focused on delivering managed security services, security consulting services and global threat intelligence. Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data. Solutionary clients are able to optimize current security programs, make informed security decisions, achieve regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard® service platform uses multiple detection technologies and advanced analytics to protect against advanced threats. The Solutionary Security Engineering Research Team (SERT) researches the global threat landscape, providing actionable threat intelligence, enhanced threat detection and mitigating controls. Experienced, certified Solutionary security experts act as an extension of clients’ internal teams, providing industry-leading client service to global enterprise and mid-market clients in a wide range of industries, including financial services, healthcare, retail and government. Services are delivered 24/7 through multiple state-of-the-art Security Operations Centers (SOCs).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.