Red Piranha Threat Intelligence Report - October 8-14 2018

TRENDS


  • China is on top of the list with 1077 unique attackers (26.5%)
  • The Top Alarm was Reconnaissance & Probing - Database Attack - Stored Procedure Access - Attack with 2705 occurences (39.9%).


TOP ATTACKER COUNTRIES

CountryNo. of AttackersPercentage
China107726.50%
United States97519.30%
Brazil2736.40%
Russian Federation2696.20%
France2094.90%
India1844.70%
Republic of Korea1594.00%
Vietnam1534.00%
Netherlands1203.10%
United Kingdom1072.70%
Australia1062.60%
Netherlands1542.10%
Canada892.10%
Italy882.00%
Ukraine871.90%
Taiwan831.70%
Thailand761.50%
Indonesia751.50%
Unknown721.40%
Singapore631.30%


Top Cyber Attackers by Country October 8-14 2018


THREAT GEOLOCATION

Cyber Security Threat Geolocations October 8-14 2018



TOP ATTACKING HOSTS

HostOccurrences
61.175.101.16432
93.174.93.6716
61.177.172.5713
159.100.182.2079
198.57.247.2179
62.210.185.49
58.218.92.339



TOP ALARMS


AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE105
Bruteforce Authentication - SSH90
Database Attack - Stored Process Access - Attack46
Attack Tool Detected - Attack28
WebServer Attack - Attack22


Comparison to Previous Week


AlarmNo. of Occurrences
Reconnaissance & Probing — Database Attack - Stored Procedure Access2705
Reconnaissance & Probing — Attack Tool detected1524
Delivery & Attack — WebServer Attack — Attack    1355
AlienVault HIDS: Multiple XSS (Cross Site Scripting) attempts from same source IP894


EXPLOIT EVENT TYPES AND TOP EVENTS NIDS

Top Event NIDS and Exploits October 8-14 2018


OPEN THREAT EXCHANGE

Pulses SubscribedIndicatorsLast UpdatedNumber of AlarmsNumber of Events
5,804875,1312018-10-15 00:10:475,76213,711



VULNERABILITIES

Multiple Siemens Products CVE-2017-12069 XML External Entity Injection Vulnerability
2018-10-12
securityfocus.com/bid/100559

SAP HANA CVE-2018-2465 Denial of Service Vulnerability
2018-10-12
securityfocus.com/bid/105324

Oracle October 2018 Critical Patch Update Multiple Vulnerabilities
2018-10-12
securityfocus.com/bid/105555

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
2018-10-11
securityfocus.com/bid/67898

IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability
2018-10-11
securityfocus.com/bid/105546

OpenSSL CVE-2016-0705 Denial of Service Vulnerability
2018-10-11
securityfocus.com/bid/83754

OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
2018-10-11
securityfocus.com/bid/95814

wolfSSL CVE-2017-13099 Information Disclosure Vulnerability
2018-10-10
securityfocus.com/bid/102174

IBM General Parallel File System CVE-2016-0263 Unspecified Local Privilege Escalation Vulnerability
2018-10-10
securityfocus.com/bid/90525

Samba CVE-2016-2114 Remote Security Bypass Vulnerability
2018-10-10
securityfocus.com/bid/86011

Microsoft ATL/MFC Trace Tool 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
2018-10-09
securityfocus.com/bid/42811

Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
2018-10-09
securityfocus.com/bid/105376

DB2 Universal Database CVE-2012-0710 Denial-Of-Service Vulnerability
2018-10-09
securityfocus.com/bid/78282

DB2 Universal Database CVE-2012-0711 Remote Security Vulnerability
2018-10-09
securityfocus.com/bid/77826

Top Attacker Hosts October 8-14 2018
Details
Category
Threat Intelligence