TRENDS
- 121% Increase in OTC Indicators of Compromise (IOCs)
TOP ATTACKER COUNTRIES
| Country |
Attackers |
Percentage |
| China |
288 |
19.7% |
| United States of America |
269 |
18.4% |
| Vietnam |
166 |
11.4% |
| Korea |
127 |
8.7% |
| Brazil |
84 |
5.8% |
| Russia |
77 |
5.3% |
| France |
58 |
4% |
| India |
53 |
4% |
| United Kingdom |
40 |
2.7% |
| Unknown |
34 |
2.3% |
| Germany |
34 |
2.3% |
| Taiwan |
32 |
2.2% |
| Egypt |
29 |
2% |
| Ukraine |
25 |
1.7% |
| Netherlands |
25 |
1.7% |
| Canada |
25 |
1.7% |
| Turkey |
25 |
1.7% |
| Argentina |
24 |
1.6% |
| Australia |
24 |
1.6% |
| Ecuador |
22 |
1.5% |
THREAT GEOLOCATION
TOP ATTACKING HOSTS
| Host |
Occurrences |
| 60.191.38.77 |
36 |
| 5.101.40.10 |
20 |
| 177.22.85.4 |
17 |
| 61.177.172.133 |
15 |
| 103.99.0.200 |
11 |
| 119.95.210.41 |
10 |
| 58.67.199.142 |
8 |
| 141.212.122.128 |
8 |
| 159.89.33.22 |
8 |
TOP 5 ATTACKING NETWORKS
| AS4134 |
CHINANET Zhejiang province network |
| AS57043 |
United Protection (UK) Security LIMITED |
| AS52892 |
COPREL TELECOM LTDA |
| AS4134 |
CHINANET Jiangsu Province Network |
| AS135905 |
VPSONLINE Ltd |
TOP ALARMS
| Alarm |
No. of Occurrences |
| Delivery & Attack - Bruteforce Authentication - SSH |
310 |
| Environmental Awareness - OTX Indicators of Compromise - PULSE |
106 |
| Delivery & Attack - WebServer Attack - SQL Injection - Attack Pattern Detection |
4 |
| Delivery & Attack - Bruteforce Authentication - Linux/Unix |
12 |
| Exploitation & Installation - WebServer Attack - XSS |
3 |
Comparison to Previous Report
| Alarm |
No. of Occurrences |
| Delivery & Attack - Bruteforce Authentication - SSH |
309 |
| Environmental Awareness - OTX Indicators of Compromise - PULSE |
26 |
| Delivery & Attack - WebServer Attack - SQL Injection - Attack Pattern Detection |
5 |
| Delivery & Attack - Bruteforce Authentication - Linux/Unix |
1 |
| Exploitation & Installation - WebServer Attack - XSS |
3 |
ALARMS
 |
Multiple Failed Logins in Short time |
|
SSH Insecure Connection Attempt (Scan) |
|
Failed Password |
|
Invalid User |
| Note: |
As per previous reports these all appear to be completely random scanning bots |
|
WebServer Attack - SQL Injection Attempt |
|
WebServer Attack - XSS |
