Threat_Intelligence_Report

Trends



  • China is on top of the list with 511 unique attackers (26.08%)
  • Command and execution was the top exploit event of the week with 55% of occurrences



Top Attacker by Country


CountryNo. of AttackersPercentage
China51126.08%
United States41321.08%
Brazil1547.86%
France1206.13%
Russian Federation974.95%
India773.93%
Netherlands753.83%
Republic of Korea673.42%
United Kingdom532.71%
Germany462.35%
Ukraine432.19%
Vietnam412.09%
Australia371.89%
Taiwan371.89%
Italy341.74%
Indonesia331.68%
Hong Kong281.43%
Poland241.23%
Singapore221.12%


Top Cyber Attackers by Country November 12-18 2018




Threat Geolocation


Cyber Security Threat Geolocations November 12-18 2018



Top Attacking Hosts


HostOccurrences
80.201.137.5754
45.6.188.245
60.191.38.7741
206.189.201.14929
94.102.49.12324
159.65.152.22814
198.20.87.987
193.201.224.1583




Top Alarms


AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE117
Database Attack - Stored Procedure - Attack59
Bruteforce Authentication - SSH47
Attack Tool Detected - Attack44
Bruteforce Authentication - Windows Login13
WebServer Attack - Attack7


Comparison from Previous Report


AlarmNo. of Occurrences
Database Attack - Stored Procedure - Attack2516
Attack Tool Detected - Attack1267
WebServer Attack - Attack1163
OTX Indicators of Compromise - PULSE125
Bruteforce Authentication - SSH33
WebServer Attack - XSS5
Bruteforce Authentication - Windows Login1




Exploit Event Types and Top Event NIDS


Top Event NIDS and Exploits November 12-18 2018



Red Piranha - Open Threat Exchange


Pulses SubscribedIndicatorsLast UpdatedNumber of AlarmsNumber of Events
6,014889,2072018-11-21 12:30:586,42811,080




Vulnerabilities


Asterisk Open Source Remote Buffer Overflow Vulnerability
2018-11-16
securityfocus.com/bid/105934

Linux Kernel CVE-2018-18955 Local Privilege Escalation Vulnerability
2018-11-16
securityfocus.com/bid/105941

ZTE ZXHN H168N CVE-2018-7358 Authorization Bypass Vulnerability
2018-11-15
securityfocus.com/bid/105963

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability
2018-11-15
securityfocus.com/bid/105933

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-14
securityfocus.com/bid/103144

Amazon PayFort payfort-php-SDK Multiple Cross Site Scripting Vulnerabilities
2018-11-14
securityfocus.com/bid/105930

Siemens SIMATIC Panels Multiple Security Vulnerabilities
2018-11-14
securityfocus.com/bid/105922

Top Attacker Hosts November 12-18 2018
Details