Regional Threat Perspectives: United States
The table in Figure 4 shows the top 50 ASNs attacking US systems from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks, the majority of which were ISPs. Interestingly, there are more ASNs on this list from India then any other country, followed by Russia. Three of the seven Russian ASNs are mobile phone service providers.
| ASN | ASN Organization | Country | Industry |
| 45899 | VNPT Corp | Vietnam | Hosting |
| 17974 | PT Telekomunikasi Indonesia | Indonesia | ISP |
| 4134 | Chinanet | China | ISP |
| 7552 | Viettel Corporation | Vietnam | ISP |
| 3462 | Data Communication Business Group | Taiwan | ISP |
| 9121 | Turk Telekom | Turkey | ISP |
| 8048 | CANTV Servicios, Venezuela | Venezuela | ISP |
| 18403 | The Corporation for Financing & Promoting Tech… | Vietnam | ISP |
| 23650 | Chinanet (Jiangsu Province Backbone) | China | ISP |
| 4837 | China Unicom (China169 Backbone) | China | ISP |
| 9829 | National Internet Backbone | India | ISP |
| 8452 | TE Data | Norway | ISP |
| 8151 | Uninet S.A. de C.V. | Mexico | ISP |
| 12389 | PJSC Rostelecom | Russia | ISP |
| 9498 | BHARTI Airtel Ltd. | India | Hosting |
| 9299 | Philippine Long Distance Telephone Company | Philippines | ISP |
| 18881 | TELEFÔNICA BRASIL S.A | Brazil | ISP |
| 23969 | TOT Public Company Limited | Thailand | ISP |
| 4230 | CLARO S.A. | Brazil | ISP |
| 55577 | Atria Convergence Technologies pvt ltd | India | ISP |
| 45758 | Triple T Internet/Triple T Broadband | Thailand | ISP |
| 17451 | BIZNET NETWORKS | Indonesia | Hosting |
| 8402 | VimpelCom | Netherlands | ISP |
| 24309 | Atria Convergence Technologies Pvt. Ltd. Broad… | India | ISP |
| 7738 | Telemar Norte Leste S.A. | Brazil | ISP |
| 45820 | Tata Teleservices ISP AS | India | ISP |
| 4755 | TATA Communications formerly VSNL is Leading ISP | India | ISP |
| 9198 | JSC Kazakhtelecom | Kazakhstan | ISP |
| 25019 | Saudi Telecom Company JSC | Saudi Arabia | ISP |
| 24757 | Ethiopian Telecommunication Corporation | Ethiopia | ISP |
| 24560 | Bharti Airtel Ltd., Telemedia Services | India | Hosting |
| 131090 | CAT TELECOM Public Company Ltd | Thailand | ISP |
| 12880 | Information Technology Company (ITC) | Iran | ISP |
| 4812 | China Telecom (Group) | China | ISP |
| 3269 | Telecom Italia | Italy | ISP |
| 5384 | Emirates Telecommunications Corporation | UAE | ISP |
| 45458 | SBN-ISP/AWN-ISP and SBN-NIX/AWN-NIX | Thailand | ISP (Mobile) |
| 6429 | Telmex Chile Internet S.A. | Chile | ISP |
| 3216 | PVimpelCom | Netherlands | ISP |
| 8732 | OJSC Comcor | Russia | ISP |
| 16735 | ALGAR TELECOM S/A | Brazil | ISP |
| 34984 | Tellcom Iletisim Hizmetleri A.s. | Turkey | ISP |
| 24955 | OJSC Ufanet | Russia | ISP |
| 25513 | OJS Moscow city telephone network | Russia | ISP (Mobile) |
| 12714 | Net By Net Holding LLC | Russia | ISP |
| 17762 | Tata Teleservices Maharashtra Ltd | India | ISP |
| 14259 | Gtd Internet S.A. | Chile | Hosting |
| 3549 | Level 3 Communications, Inc. | United States | ISP |
| 31163 | PJSC MegaFon | Russia | ISP (Mobile) |
| 8359 | MTS PJSC | Russia | ISP (Mobile) |
Figure 4: Top 50 ASNs attacking US systems
The following four Chinese and one Taiwan network were in the top 50 attacking ASNs list across all regions from December 1, 2018 to March 1, 2019.
| ASN | ASOrg | Country | Industry |
| 4812 | China Telecom (Group) | China | ISP |
| 4837 | China Unicom (China169 Backbone) | China | ISP |
| 4134 | Chinanet | China | ISP |
| 23650 | Chinanet (Jiangsu Province Backbone) | China | ISP |
| 3462 | Data Communication Business Group | Taiwan | ISP |
Figure 5: Networks consistently attacking all regions of the world December 1, 2018 to March 1, 2019
The US shared 10 top attacking ASNs with Europe, and 8 top attacking ASNs with both Europe and Australia in the same time period. The US did not share any top attacking ASNs with Canada in the same time period except for the Chinese and Taiwan networks listed in Figure 5 above that attacked all regions. The following 27 networks uniquely targeted systems in the US. A quarter of them are Russian ISPs, several of which only offer mobile services.
| ASN | ASOrg | Country | Industry |
| 16735 | ALGAR TELECOM S/A | Brazil | ISP |
| 24560 | Bharti Airtel Ltd., Telemedia Services | India | Hosting |
| 17451 | BIZNET NETWORKS | Indonesia | Hosting |
| 131090 | CAT TELECOM Public Company Ltd | Thailand | ISP |
| 5384 | Emirates Telecommunications Corporation | UAE | ISP |
| 24757 | Ethiopian Telecommunication Corporation | Ethopia | ISP |
| 14259 | Gtd Internet S.A. | Chile | Hosting |
| 9198 | JSC Kazakhtelecom | Kazakhstan | ISP |
| 3549 | Level 3 Communications, Inc. | United States | ISP |
| 8359 | MTS PJSC | Russia | ISP (Mobile) |
| 12714 | Net By Net Holding LLC | Russia | ISP |
| 25513 | OJS Moscow city telephone network | Russia | ISP (Mobile) |
| 8732 | OJSC Comcor | Russia | ISP |
| 24955 | OJSC Ufanet | Russia | ISP |
| 31163 | PJSC MegaFon | Russia | ISP (Mobile) |
| 3216 | PVimpelCom | Netherlands | ISP |
| 25019 | Saudi Telecom Company JSC | Saudia Arabia | ISP |
| 45458 | SBN-ISP/AWN-ISP and SBN-NIX/AWN-NIX | Thailand | ISP (Mobile) |
| 4755 | TATA Communications formerly VSNL is Leading ISP | India | ISP |
| 45820 | Tata Teleservices ISP AS | India | ISP |
| 17762 | Tata Teleservices Maharashtra Ltd | India | ISP |
| 3269 | Telecom Italia | Italy | ISP |
| 7738 | Telemar Norte Leste S.A. | Brazil | ISP |
| 34984 | Tellcom Iletisim Hizmetleri A.s. | Turkey | ISP |
| 6429 | Telmex Chile Internet S.A. | Chile | ISP |
| 45758 | Triple T Internet/Triple T Broadband | Thailand | ISP |
| 8402 | VimpelCom | Netherlands | ISP |
Figure 6: Networks targeting US systems not seen targeting other regions
Top Attacking IP Addresses
Unlike the consistency seen between networks attacking US, Canadian, European, and Australian systems, there is not consistency in the IP addresses used in those networks to attack. Only one IP address on the top 50 attacking IP addresses for the US was seen in other regional top attacking IP address lists. That address, 58.242.83.26, was seen attacking Australia in the same period and resolves to the Chinese ISP China Unicom.
Using the same networks to attack, but not the same IP addresses, can indicate that attackers are targeting specific networks they know they can successfully launch attacks from. The same Chinese networks have been consistently top attackers for decades to the point where attacks from China are accepted as the norm, and they do little to disguise them. Collectively, more attacks came from Vietnamese IP’s then any other country during this 90 day period, however there is only 1 Vietnamese IP on the top 50 list. Russia, the 3rd largest source of attacks against the US in this same time period has no IP addresses on the top 50 list. Attacks coming from Vietnam and Russia were spread out across, at a minimum, hundreds of IP addresses, launching a smaller number of attacks per address (and therefore not showing up on the top attacking IP addresses list). This is typically a deliberate effort by attackers to fly under the radar, and one that requires a considerable amount of resourcing.
The chart in Figure 7 shows the top 50 IP addresses attacking destinations in the US from December 1, 2018 through March 1, 2019 by count.
Source link
lol
The table in Figure 4 shows the top 50 ASNs attacking US systems from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks, the majority of which were ISPs. Interestingly, there are more ASNs on this list from India then any other country, followed by Russia. Three of…