Regional Threat Perspectives: United States

2024 Cybersecurity Predictions


The table in Figure 4 shows the top 50 ASNs attacking US systems from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks, the majority of which were ISPs. Interestingly, there are more ASNs on this list from India then any other country, followed by Russia. Three of the seven Russian ASNs are mobile phone service providers.
 

ASN ASN Organization Country Industry
45899 VNPT Corp Vietnam Hosting
17974 PT Telekomunikasi Indonesia Indonesia ISP
4134 Chinanet China ISP
7552 Viettel Corporation Vietnam ISP
3462 Data Communication Business Group Taiwan ISP
9121 Turk Telekom Turkey ISP
8048 CANTV Servicios, Venezuela Venezuela ISP
18403 The Corporation for Financing & Promoting Tech… Vietnam ISP
23650 Chinanet (Jiangsu Province Backbone) China ISP
4837 China Unicom (China169 Backbone) China ISP
9829 National Internet Backbone India ISP
8452 TE Data Norway ISP
8151 Uninet S.A. de C.V. Mexico ISP
12389 PJSC Rostelecom Russia ISP
9498 BHARTI Airtel Ltd. India Hosting
9299 Philippine Long Distance Telephone Company Philippines ISP
18881 TELEFÔNICA BRASIL S.A Brazil ISP
23969 TOT Public Company Limited Thailand ISP
4230 CLARO S.A. Brazil ISP
55577 Atria Convergence Technologies pvt ltd India ISP
45758 Triple T Internet/Triple T Broadband Thailand ISP
17451 BIZNET NETWORKS Indonesia Hosting
8402 VimpelCom Netherlands ISP
24309 Atria Convergence Technologies Pvt. Ltd. Broad… India ISP
7738 Telemar Norte Leste S.A. Brazil ISP
45820 Tata Teleservices ISP AS India ISP
4755 TATA Communications formerly VSNL is Leading ISP India ISP
9198 JSC Kazakhtelecom Kazakhstan ISP
25019 Saudi Telecom Company JSC Saudi Arabia ISP
24757 Ethiopian Telecommunication Corporation Ethiopia ISP
24560 Bharti Airtel Ltd., Telemedia Services India Hosting
131090 CAT TELECOM Public Company Ltd Thailand ISP
12880 Information Technology Company (ITC) Iran ISP
4812 China Telecom (Group) China ISP
3269 Telecom Italia Italy ISP
5384 Emirates Telecommunications Corporation UAE ISP
45458 SBN-ISP/AWN-ISP and SBN-NIX/AWN-NIX Thailand ISP (Mobile)
6429 Telmex Chile Internet S.A. Chile ISP
3216 PVimpelCom Netherlands ISP
8732 OJSC Comcor Russia ISP
16735 ALGAR TELECOM S/A Brazil ISP
34984 Tellcom Iletisim Hizmetleri A.s. Turkey ISP
24955 OJSC Ufanet Russia ISP
25513 OJS Moscow city telephone network Russia ISP (Mobile)
12714 Net By Net Holding LLC Russia ISP
17762 Tata Teleservices Maharashtra Ltd India ISP
14259 Gtd Internet S.A. Chile Hosting
3549 Level 3 Communications, Inc. United States ISP
31163 PJSC MegaFon Russia ISP (Mobile)
8359 MTS PJSC Russia ISP (Mobile)

Figure 4: Top 50 ASNs attacking US systems

The following four Chinese and one Taiwan network were in the top 50 attacking ASNs list across all regions from December 1, 2018 to March 1, 2019.
 

ASN ASOrg Country Industry
4812 China Telecom (Group) China ISP
4837 China Unicom (China169 Backbone) China ISP
4134 Chinanet China ISP
23650 Chinanet (Jiangsu Province Backbone) China ISP
3462 Data Communication Business Group Taiwan ISP

Figure 5: Networks consistently attacking all regions of the world December 1, 2018 to March 1, 2019

The US shared 10 top attacking ASNs with Europe, and 8 top attacking ASNs with both Europe and Australia in the same time period. The US did not share any top attacking ASNs with Canada in the same time period except for the Chinese and Taiwan networks listed in Figure 5 above that attacked all regions. The following 27 networks uniquely targeted systems in the US. A quarter of them are Russian ISPs, several of which only offer mobile services.
 

ASN ASOrg Country Industry
16735 ALGAR TELECOM S/A Brazil ISP
24560 Bharti Airtel Ltd., Telemedia Services India Hosting
17451 BIZNET NETWORKS Indonesia Hosting
131090 CAT TELECOM Public Company Ltd Thailand ISP
5384 Emirates Telecommunications Corporation UAE ISP
24757 Ethiopian Telecommunication Corporation Ethopia ISP
14259 Gtd Internet S.A. Chile Hosting
9198 JSC Kazakhtelecom Kazakhstan ISP
3549 Level 3 Communications, Inc. United States ISP
8359 MTS PJSC Russia ISP (Mobile)
12714 Net By Net Holding LLC Russia ISP
25513 OJS Moscow city telephone network Russia ISP (Mobile)
8732 OJSC Comcor Russia ISP
24955 OJSC Ufanet Russia ISP
31163 PJSC MegaFon Russia ISP (Mobile)
3216 PVimpelCom Netherlands ISP
25019 Saudi Telecom Company JSC Saudia Arabia ISP
45458 SBN-ISP/AWN-ISP and SBN-NIX/AWN-NIX Thailand ISP (Mobile)
4755 TATA Communications formerly VSNL is Leading ISP India ISP
45820 Tata Teleservices ISP AS India ISP
17762 Tata Teleservices Maharashtra Ltd India ISP
3269 Telecom Italia Italy ISP
7738 Telemar Norte Leste S.A. Brazil ISP
34984 Tellcom Iletisim Hizmetleri A.s. Turkey ISP
6429 Telmex Chile Internet S.A. Chile ISP
45758 Triple T Internet/Triple T Broadband Thailand ISP
8402 VimpelCom Netherlands ISP

Figure 6: Networks targeting US systems not seen targeting other regions

Top Attacking IP Addresses

Unlike the consistency seen between networks attacking US, Canadian, European, and Australian systems, there is not consistency in the IP addresses used in those networks to attack. Only one IP address on the top 50 attacking IP addresses for the US was seen in other regional top attacking IP address lists. That address, 58.242.83.26, was seen attacking Australia in the same period and resolves to the Chinese ISP China Unicom.

Using the same networks to attack, but not the same IP addresses, can indicate that attackers are targeting specific networks they know they can successfully launch attacks from. The same Chinese networks have been consistently top attackers for decades to the point where attacks from China are accepted as the norm, and they do little to disguise them. Collectively, more attacks came from Vietnamese IP’s then any other country during this 90 day period, however there is only 1 Vietnamese IP on the top 50 list. Russia, the 3rd largest source of attacks against the US in this same time period has no IP addresses on the top 50 list. Attacks coming from Vietnam and Russia were spread out across, at a minimum, hundreds of IP addresses, launching a smaller number of attacks per address (and therefore not showing up on the top attacking IP addresses list). This is typically a deliberate effort by attackers to fly under the radar, and one that requires a considerable amount of resourcing.

The chart in Figure 7 shows the top 50 IP addresses attacking destinations in the US from December 1, 2018 through March 1, 2019 by count.



Source link
lol

The table in Figure 4 shows the top 50 ASNs attacking US systems from Dec 1, 2018 to March 1, 2019 in order of highest to lowest number of attacks, the majority of which were ISPs. Interestingly, there are more ASNs on this list from India then any other country, followed by Russia. Three of…

Leave a Reply

Your email address will not be published. Required fields are marked *