How Global Cyberthreats Changed Over 2021 | F5 Labs
- by nlqip
Although the attack scan traffic into the United States is in line with the proportion of the assigned IP addresses, most of the other countries are not. The extreme outlier that stands out is Malaysia, rising to second place in Q3 2021.
Examining Attacks on Malaysia from China
Since this is so unusual, we examined attacks on Malaysia for July through September of 2021. The top three attacked ports in Malaysia were 3306 (79.53%), 5900 (14.31%), and 22 (3.83%). Nothing too out of bounds there, although it seems 3306 (MySQL) is seven times more targeted in Malaysia than it is globally (11.3%).
Inbound scans to Malaysia originated from China (20.52%), the United States (15.90%), Lithuania (9.21%), Germany (9.16%), and Russia (8.41%). Lithuania seems like an outlier here, but it actually is not out of line with the rest of the global attack traffic for the same period, which we will discuss shortly.
The actual outlier is China, which scanned Malaysia at nearly twice the level as it did on average across the Internet (11.2%). It looks like most of that traffic (20.83%) is coming from ASN 37963, which is assigned to Alibaba China. This is also out of proportion at nearly sixfold over the global average from that ASN (3.6%).
This could be just a particular discovery campaign by a cyber attacker using Alibaba scanners, or a statistical anomaly, or it could indicate a political change. We do not have enough data to determine anything beyond what we’ve reported here.
Who Is Scanning the Internet?
Let’s turn our attention to who is doing the scanning. Since we just dropped hints about Lithuania as a known outlier, let’s look at the top countries that originated scans to the lures. As with before, we’ll compare the beginning half of 2021 (January through June) and the third quarter (July through September). Figure 5 breaks down the top sources of scans.
Source link
lol
Although the attack scan traffic into the United States is in line with the proportion of the assigned IP addresses, most of the other countries are not. The extreme outlier that stands out is Malaysia, rising to second place in Q3 2021. Examining Attacks on Malaysia from China Since this is so unusual, we examined…
Recent Posts
- Leveraging Wazuh for Zero Trust security
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks