TRENDS
- 6% Decrease in Attacks from China
- SSHD authentication failed - Top Security Event this week,
TOP ATTACKER COUNTRIES
| Country |
Attackers |
Percentage |
| China |
488 |
24.40% |
| United States of America |
394 |
19.70% |
| Vietnam |
159 |
8.00% |
| Korea |
135 |
6.80% |
| France |
115 |
5.80% |
| Brazil |
87 |
4.40% |
| Russia |
85 |
4.30% |
| Germany |
79 |
4.00% |
| United Kingdom |
73 |
3.70% |
| India |
69 |
3.50% |
| Italy |
46 |
2.30% |
| Netherlands |
39 |
2.00% |
| Japan |
31 |
1.60% |
| Thailand |
30 |
1.50% |
| Indonesia |
30 |
1.50% |
| Taiwan |
29 |
1.50% |
| Ukraine |
29 |
1.50% |
| Unknown |
27 |
1.40% |
| Singapore |
26 |
1.30% |
| Egypt |
26 |
1.30% |
THREAT GEOLOCATION
TOP ATTACKING HOSTS
| Host |
Occurrences |
| 61.177.172.152 |
304 |
| 5.101.40.10 |
121 |
| 61.177.172.133 |
120 |
| 37.139.139.176 |
77 |
| 58.242.83.27 |
76 |
| 218.65.30.126 |
74 |
| 100.1.1.1 |
74 |
| 61.177.172.137 |
52 |
| 103.99.0.200 |
38 |
TOP 5 ATTACKING NETWORKS
| AS4134 |
CHINANET Zhejiang province network |
| AS57043 |
United Protection (UK) Security LIMITED |
| AS57866 |
Fusix Networks B.V. |
| AS4837 |
China Unicom AnHui province network |
| AS135905 |
VPSONLINE Ltd |
TOP ALARMS
| Alarm |
No. of Occurrences |
| Delivery & Attack - Bruteforce Authentication - SSH |
2040 |
| Environmental Awareness - OTX Indicators of Compromise - PULSE |
1010 |
| Delivery & Attack - WebServer Attack - SQL Injection - Attack Pattern Detection |
20 |
| Delivery & Attack - Bruteforce Authentication - Linux/Unix |
631 |
| Exploitation & Installation - WebServer Attack - XSS |
15 |
Comparison to Previous Report
| Alarm |
No. of Occurrences |
| Delivery & Attack - Bruteforce Authentication - SSH |
280 |
| Environmental Awareness - OTX Indicators of Compromise - PULSE |
212 |
| Delivery & Attack - WebServer Attack - SQL Injection - Attack Pattern Detection |
4 |
| Delivery & Attack - Bruteforce Authentication - Linux/Unix |
195 |
| Exploitation & Installation - WebServer Attack - XSS |
6 |
Top Events
| 1. |
SSHD Authentication Failed |
| 2. |
Syslog Entry |
| 3. |
User Login Failed |
| 4. |
User Missed the password more than one time |
| 5. |
Attempt to login using a non-existent user. |
| 6. |
Unexpected Error while resolving domain |
| 7. |
Reverse lookup error (Bad ISP or attack) |
