New Report from NSFOCUS Analyzes 27 Million Attacks in H1 Cybersecurity Insights Report

SANTA CLARA, Calif.--(BUSINESS WIRE)--NSFOCUS, a leader in holistic hybrid security solutions, today released its H1 Cybersecurity Insights report, which highlights the observations of the NSFOCUS Threat Intelligence center, a security research organization created by NSFOCUS for implementing an intelligent security 2.0 strategy and improving the cybersecurity ecosystem. NSFOCUS analyzed traffic from January 1, 2018 to June 30, 2018.

Key findings from the H1 Cybersecurity Insights report include:

Crypto Miners

• Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018.
• Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all detected crypto mining activities detected by NSFOCUS.

Recidivist Attackers

• Among more than 27 million attack sources detected by NSFOCUS in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.
• The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists.”
• Government agencies, energy, education, and finance sectors are most favored targets, suffering 90 percent of recidivist attacks, due to the large volume of business, extensive distribution, and more sensitive data.

IoT Impact on Attack Types

• During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly.
• Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.

DDoS Traffic

• DDoS attack traffic drops sharply when the government exercises security governance during substantial events both physical and cyber. In the first half of 2018, the amount of DDoS traffic seen in the network environments in China is somewhat suppressed due to the government's traffic governance for major events.
• 61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.

“Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals,” said Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS. “We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”

To download a copy of the H1 Cybersecurity Insights report, please visit https://nsfocusglobal.com/2018-h1-cybersecurity-insights/.

About NSFOCUS, Inc.

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, a member of the Microsoft Active Protections Program (MAPP), StopBadware.org, and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

Visit the website: www.nsfocusglobal.com
Read the blog: http://nsfocusglobal.com/category/blog/
Follow on Twitter: https://twitter.com/NSFOCUS_Intl
Follow on LinkedIn: https://www.linkedin.com/company/nsfocus
Follow on Facebook: https://www.facebook.com/nsfocus/

NSFOCUS; NSFOCUS, INC. and NSFOCUS Anti-DDoS System (ADS) are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.