Shellshock Activity Still Tracked to 138 Countries in Solutionary Q2 2015 SERT Threat Report

U.S. and China Lead Top Sources of Command and Control Traffic; 48 Percent of Top 25 Hostile Non-U.S. IP Addresses Are "Bruteforce" Repeat Offenders

August 1, 2015

4 Min Read

PRESS RELEASE

OMAHA, NE--(Marketwired - Jul 29, 2015) - Solutionary, an NTT Group security company (NYSE: NTT) and the next-generation managed security services provider (MSSP), today announced the results of its Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2015. Solutionary SERT performed a broad analysis of the threat landscape, which unearthed several key findings. A year after the initial flurry of Shellshock activity, Solutionary identified several campaigns targeting the bash vulnerability during the latest quarter -- more than 600,000 events from 138 countries. The identified campaigns include Hidden C, China Z, Lucky Socks and the QNAP worm, designed typically to set up larger botnets under the control of the attacker and establish backdoors to systems to allow access to contents or further compromise. Among other highlights, Solutionary analysis found that the United States and China were the leading sources of command and control traffic, with 21 and 20 percent of the share. Additional research found that 48 percent of the top 25 hostile non-U.S. IP addresses are "Bruteforce" repeat offenders.

"The high volume of reconnaissance activity indicates a precursor of what's to come," said Rob Kraus, director of security research and strategy, Solutionary. "Cybercriminals are preying on existing vulnerabilities, including Shellshock, to plan future attacks. Despite the flurry of data breaches and targeted attacks, enterprises are failing to practice good security hygiene to mitigate and prevent similar attacks."

Key Findings Include:

  • Shellshock Still Alive and Well
    Shellshock was targeted more at education (38 percent) than at technology (17 percent), healthcare (six percent), finance (five percent) and manufacturing (five percent) combined. Overall, 600,000 events of Shellshock activity were discovered in 138 countries, originating from more than 25,000 IPs and 2,027 different service providers. 

  • U.S. Edges Out China for Share of Command and Control Traffic
    The U.S. and China led all countries in malicious command and control traffic, with 21 percent and 20 percent respectively.

  • Bruteforce Activity Dominating the Field 
    From the top 25 hostile non-U.S. repeat IP addresses, "Bruteforcers" accounted for 48 percent of all malevolent activity. Solutionary saw a relatively large amount of SSH brute force attempts that targeted SSH usernames and passwords, often on systems that did not have "maximums" set. Successful brute forcing in this case could allow assailants to copy files, create directories, download content from remote sites and more.

  • Malware Analysis
    The largest single source of malware threats, representing almost 46 percent of all malware, originated from the U.S. China and Ukraine followed with 26 percent and 12 percent, respectively, and Japan leapt up 14 places to fifth on the list. 

  • New Non-U.S. Attacks, China Still on Top
    Of the top 25 hostile non-U.S. repeat IP addresses, China accounted for 32 percent of total foreign attacks, followed by Germany (12 percent) and Hungary, France and Ukraine with eight percent, each. 

Readers will find several sections in the report that provide timely, actionable information they can use to help protect against today's most malicious attack tactics and vectors.

To access a copy of the complete report, please visit: https://www.solutionary.com/threat-intelligence/threat-reports/quarterly-threat-reports/sert-q2-2105

About Solutionary

Solutionary, an NTT Group security company (NYSE: NTT), is the next generation managed security services provider (MSSP), focused on delivering managed security services, security consulting services and global threat intelligence. Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data. Solutionary clients are able to optimize current security programs, make informed security decisions, achieve regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard® service platform uses multiple detection technologies and advanced analytics to protect against advanced threats. The Solutionary Security Engineering Research Team (SERT) researches the global threat landscape, providing actionable threat intelligence, enhanced threat detection and mitigating controls. Experienced, certified Solutionary security experts act as an extension of clients' internal teams, providing industry-leading client service to global enterprise and mid-market clients in a wide range of industries, including financial services, healthcare, retail and government. Services are delivered 24/7 through multiple state-of-the-art Security Operations Centers (SOCs).

 

 

CONTACT INFORMATION

  •  

    PR Contact
    10Fold Communications
    Travis Anderson
    Email Contact
    925.271.8227

Read more about:

2015
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights