Based on CNCERT monitoring data and reporting data from member units, this report analyzes the overall situation of various security threats faced by the Internet in my country, and discusses important early warning information and typical security incidents.
In August 2021, the overall evaluation of the Internet network security status was good. The main data are as follows:
?The number of terminals infected with Trojans or botnet malicious programs in China is more than 1.44 million;
?The number of tampered websites in China was 8,552, of which 27 were tampered with government websites; the number of websites with backdoors implanted in China was 2,503, of which 11 were government websites; the number of counterfeit pages against domestic websites was 86;
?The National Information Security Vulnerability Sharing Platform (CNVD) collected and sorted out 2,216 information system security vulnerabilities. Among them, there are 551 high-risk vulnerabilities, 1,648 vulnerabilities that can be exploited for remote attacks, and 1,311 zero-day vulnerabilities.
Network virus monitoring data analysis
1 Trojan botnet monitoring data analysis
In August 2021, hosts corresponding to more than 1.44 million IP addresses in China were controlled by Trojans or bots, an increase of 42.5% compared with the previous month. The top three in terms of the number of infections by region are Shandong, Guangdong and Henan.
The total number of Trojan or botnet control server IPs is 31,536. Among them, there are 23,975 IP addresses of domestic Trojan or bot program control servers, and the top three in terms of regional distribution are Jiangsu Province, Anhui Province and Liaoning Province. There are 7,561 IP addresses of overseas Trojan or bot program control servers, mainly located in the United States, Hong Kong and Japan. Among them, the control server located in the United States controls 513,294 domestic host IPs, ranking first in the number of domestic host IPs, followed by IP addresses located in Hong Kong, China and Germany, controlling 338,620 and 201,357 domestic host IPs respectively.
2 Analysis of Mobile Internet Malware Program Monitoring Data
In August 2021, CNCERT focused on the analysis of currently popular typical mobile malicious programs, and found 95 samples of extortion and extortion malicious programs and 63 samples of information stealing malicious programs.
In August 2021, CNCERT notified app stores, personal websites, advertising platforms, cloud platforms and other communication channels to remove 454 mobile Internet malicious programs. These mobile Internet malicious programs are counted according to their behavior attributes, and most of them are rogue behaviors.
Website Security Data Analysis
1 The domestic website has been tampered with
In August 2021, the number of domestic tampered websites was 8,552, and the top three domestically tampered websites in terms of regional distribution were Beijing, Shandong Province and Zhejiang Province. According to the statistics of website types, the most tampered number is. COM domain name websites, most of which are commercial websites; tampered with. There are 27 GOV domain name websites, accounting for 0.3% of the domestic websites that have been tampered with.
2 Domestic websites are implanted with backdoors
In August 2021, the number of websites with backdoors implanted in China was 2,503, and the top three websites with backdoors implanted in China were Beijing, Guangdong and Zhejiang provinces in terms of regional distribution. According to the statistics of website types, the number of backdoors implanted is the largest. COM domain name website; implanted backdoor. There are 11 GOV domain name websites, accounting for 0.4% of the domestically implanted backdoor websites.
In August 2021, 1,395 overseas IP addresses remotely controlled 2,395 domestic websites through implanted backdoors. Among them, overseas IP addresses are mainly located in the United States, Hong Kong, China and South Africa. Judging from the number of domestic websites controlled by overseas IP addresses through implanted backdoors, IP addresses from the United States have implanted backdoor programs into 848 domestic websites, ranking first in number; followed by IP addresses from the Netherlands and Germany, which respectively send backdoors to 848 domestic websites. 764 and 520 websites had backdoors implanted.
3 Domestic websites are counterfeited
In August 2021, CNCERT detected a total of 86 counterfeit pages targeting domestic websites, involving 55 domain names and 24 IP addresses, all of which were located overseas, mainly in Hong Kong, China and Japan.
Vulnerability data analysis
In August 2021, CNVD collected 2,216 information system security vulnerabilities. Among them, there are 551 high-risk vulnerabilities, 1,648 vulnerabilities that can be exploited for remote attacks, and 1,311 zero-day vulnerabilities. Affected hardware and software system manufacturers include Cisco, Google, IBM, Microsoft, Apple, Oracle, etc.
Vulnerabilities can be classified into applications, WEB applications, operating systems, network devices (switches, routers and other network-side devices), security products (such as firewalls, intrusion detection systems, etc.), databases and smart devices (things, etc.) Internet-connected end devices) vulnerabilities. Among the vulnerabilities collected by CNVD this month, the top three are WEB application vulnerabilities, application vulnerabilities, and network device vulnerabilities.
Reception and handling of cyber security incidents
1 event reception
In August 2021, CNCERT received 9,750 cybersecurity incidents reported at home and abroad via email, hotline, website submission, fax, etc. type incidents), of which 62 incidents were reported from abroad.
Of the 9,750 incident reports, the top three security incidents were vulnerabilities, malicious programs, and phishing incidents.
2 Incident handling situation
For the network security incidents reported by e-mail, hotline, fax, etc. at home and abroad, as well as the network security incidents discovered by self-monitoring, CNCERT selects important incidents daily based on the influence scope and survivability of the incidents, the nature of the users involved and other factors. Coordinate processing.
In August 2021, CNCERT and provincial centers jointly coordinated and handled 10,232 security incidents. Among them, the number of loopholes, malicious programs and phishing incidents is relatively large.
The Links: LTA150XH-L06 G170ETN02.1 MODULESTOCK.COM