Trends
- China is on top of the list with 511 unique attackers (26.08%)
- Command and execution was the top exploit event of the week with 55% of occurrences
Top Attacker by Country
| Country | No. of Attackers | Percentage |
|---|---|---|
| China | 511 | 26.08% |
| United States | 413 | 21.08% |
| Brazil | 154 | 7.86% |
| France | 120 | 6.13% |
| Russian Federation | 97 | 4.95% |
| India | 77 | 3.93% |
| Netherlands | 75 | 3.83% |
| Republic of Korea | 67 | 3.42% |
| United Kingdom | 53 | 2.71% |
| Germany | 46 | 2.35% |
| Ukraine | 43 | 2.19% |
| Vietnam | 41 | 2.09% |
| Australia | 37 | 1.89% |
| Taiwan | 37 | 1.89% |
| Italy | 34 | 1.74% |
| Indonesia | 33 | 1.68% |
| Hong Kong | 28 | 1.43% |
| Poland | 24 | 1.23% |
| Singapore | 22 | 1.12% |
Threat Geolocation
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 80.201.137.57 | 54 |
| 45.6.188.2 | 45 |
| 60.191.38.77 | 41 |
| 206.189.201.149 | 29 |
| 94.102.49.123 | 24 |
| 159.65.152.228 | 14 |
| 198.20.87.98 | 7 |
| 193.201.224.158 | 3 |
Top Alarms
| Alarm | No. of Occurrences |
|---|---|
| OTX Indicators of Compromise - PULSE | 117 |
| Database Attack - Stored Procedure - Attack | 59 |
| Bruteforce Authentication - SSH | 47 |
| Attack Tool Detected - Attack | 44 |
| Bruteforce Authentication - Windows Login | 13 |
| WebServer Attack - Attack | 7 |
Comparison from Previous Report
| Alarm | No. of Occurrences |
|---|---|
| Database Attack - Stored Procedure - Attack | 2516 |
| Attack Tool Detected - Attack | 1267 |
| WebServer Attack - Attack | 1163 |
| OTX Indicators of Compromise - PULSE | 125 |
| Bruteforce Authentication - SSH | 33 |
| WebServer Attack - XSS | 5 |
| Bruteforce Authentication - Windows Login | 1 |
Exploit Event Types and Top Event NIDS
Red Piranha - Open Threat Exchange
| Pulses Subscribed | Indicators | Last Updated | Number of Alarms | Number of Events |
|---|---|---|---|---|
| 6,014 | 889,207 | 2018-11-21 12:30:58 | 6,428 | 11,080 |
Vulnerabilities
Asterisk Open Source Remote Buffer Overflow Vulnerability
2018-11-16
securityfocus.com/bid/105934
Linux Kernel CVE-2018-18955 Local Privilege Escalation Vulnerability
2018-11-16
securityfocus.com/bid/105941
ZTE ZXHN H168N CVE-2018-7358 Authorization Bypass Vulnerability
2018-11-15
securityfocus.com/bid/105963
Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability
2018-11-15
securityfocus.com/bid/105933
Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-14
securityfocus.com/bid/103144
Amazon PayFort payfort-php-SDK Multiple Cross Site Scripting Vulnerabilities
2018-11-14
securityfocus.com/bid/105930
Siemens SIMATIC Panels Multiple Security Vulnerabilities
2018-11-14
securityfocus.com/bid/105922
Details
Category