Threat Intelligence Report - 1st March to 7th March 2021
Trends
Linux Foundation Announces New Open Source Software Signing Service
The SolarWinds hack has come and is not gone yet. However, on a positive note, it is leaving in its wake several remedial and preventative measures being implemented to avoid such attacks in future. One pertinent issue raised by SolarWinds was how to secure the software supply chain.
Linux Foundation, Red Hat, Google and Purdue University address this issue by creating the Sigstore
Project.
The Sigstore project entails creating a secure public log bank in which developers and software
providers of open-source code deposit cryptographically signed software. Sigstore allows for
identifying software through the verified reproducible builds, a system where an entity guarantees the authenticity of software by consistently getting the same results when it is subjected to the same input.
This will allow for software tracking and, ultimately, identification if used in any cybercriminal attacks. Sigstore is a tremendous attempt at standardising the software signing practice which GitHub has tried to implement.
|
|
|
Top Attackers By Country
| China |
130218 |
60.78% |
| United States |
41530 |
19.38% |
| Russia |
10760 |
5.02% |
| Romania |
6805 |
3.17% |
| India |
5309 |
2.47% |
| France |
3884 |
1.81% |
| Hong Kong |
2728 |
1.27% |
| Vietnam |
2279 |
1.06% |
| Thailand |
2232 |
1.04% |
| Pakistan |
2066 |
0.96% |
| Germany |
1614 |
0.75% |
| Seychelles |
1416 |
0.66% |
| Denmark |
1371 |
0.63% |
| Czech Republic |
1034 |
0.48% |
| Taiwan |
977 |
0.45% |
|
|
|
Top Attackers By Country
|
 |
 China United States Russia Romania India Others
|
|
|
|
|
|
|
|
Top Attacking Hosts
| 61.177.173.3 |
20149 |
| 125.78.206.142 |
18740 |
| 61.177.173.26 |
13414 |
| 211.137.10.125 |
8384 |
| 80.94.93.11 |
6330 |
| 218.92.0.202 |
5784 |
| 195.54.161.152 |
5125 |
| 14.152.36.106 |
4913 |
| 39.34.175.148 |
2066 |
| 120.155.30.220 |
1313 |
| 61.177.173.13 |
1192 |
| 104.119.96.34 |
1167 |
| 69.162.124.234 |
1158 |
| 61.177.172.104 |
1141 |
| 94.137.136.45 |
1071 |
| 89.248.165.166 |
987 |
| 103.145.22.49 |
977 |
| 218.92.0.211 |
977 |
|
Top Attackers
 |
|
|
|
Top Network Attackers
| 4134 |
China |
CHINANET-BACKBONE No.31,Jin-rong Street, CN |
| 56044 |
China |
CMNET-AS-LIAONING China Mobile communications corporation, CN |
| 47890 |
Netherlands |
UNMANAGED-DEDICATED-SERVERS, GB |
| 49505 |
Russia |
SELECTEL, RU |
| 134764 |
China |
CT-FOSHAN-IDC CHINANET Guangdong province network, CN |
| 132165 |
Pakistan |
CONNECT-AS-AP Connect Communications, PK |
| 16625 |
United States |
AKAMAI-AS, US |
| 46475 |
United States |
LIMESTONENETWORKS, US |
| 208310 |
Denmark |
CF, DK |
| 202425 |
Netherlands |
INT-NETWORK, SC |
| 139471 |
Taiwan |
HWACENT-AS-AP HWA CENT TELECOMMUNICATIONS LIMITED, TW |
|
|
|
|
Top Phishing Campaigns
| Other |
1555 |
| Allegro |
14 |
| Facebook |
103 |
| Amazon.com |
37 |
| PayPal |
16 |
| Special |
5 |
| Vodafone |
1 |
| Scotiabank |
1 |
| Instagram |
25 |
| VKontakte |
1 |
| Blockchain |
1 |
| Comcast |
1 |
| Adobe |
1 |
| Google |
3 |
| Microsoft |
3 |
| Orange |
1 |
| WeTransfer |
2 |
| Skype |
1 |
| Halifax |
4 |
| Apple |
2 |
| Rakuten |
1 |
| RuneScape |
1 |
|
|
|
|
