Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
China's Cybersecurity landscape from the perspective of CNCERT/CC
OUTLINE
The cybersecurity
landscape of mainland
China
Introduction about
CNCERT and responses
to cybersecurity threats
Network development
Statistics (until 2014):
Domain name : 21M
Website :34 M
netizens: 649 M
mobile netizens: 557 M
Cybersecurity landscape
Cybersecurity
Trojans and
botnets
Websites Security
Mobile Malware
Vulnerabilities
Trojans and botnets
11.1 million11.4 million
2013 2014
In 2014, a total of over 11.1 million computers were
infected with trojans or botnets in mainland China, about
2.3% less than 2013.
Massive infected computers were controlled
by overseas C&C servers
More than 10.8 million infected hosts were controlled by about 42 thousands trojan or botnet C&C servers located overseas.
The top 3 locations of the C&C
server’s IPs were the USA
(21.8% ), Hongkong(18.9%) and
Korea(8.2%).
The C&C servers in the USA
controlled more than 3.9 million
infected hosts in mainland China,
which recorded the largest
amount. It was followed by
Portugal and Finland.
USA
21.8%
HongKong
18.9%
Korea
8.2%Japan
4.1%
India
3.3%
Taiwan
3.0%
Germany
2.4%
Maxico
2.4%
France
1.9%
Russia
1.7%
OTher
32.4%
The distribution of Overseas C&C Servers’ IPs in 2014
Website security
Over 19 thousand overseas IPs
conducted remote control on over 33
thousand websites in mainland
China.
In terms of their IP locations:
USA (24.8%)
Korea(6.7%)
Hongkong(6.5%)
Websites defaced :
37 thousand
1.8 thousand government
websites
Websites planted with backdoors:
40 thousand
1.5thousand government
websites
Large amounts of phishing pages were
located overseas
99 thousand phishing webpages targeted websites in mainland China.
• About 7 thousand IPs were involved.
• 89.4% IPs of these phishing servers were located overseas.
• 1083 IPs from USA loaded more than 10 thousand phishing pages.
CNCERT received about 18 thousand reports of phishing, 31.8% of the total reports.
Hongkong
15.2%
Korea
1.8%
USA
17.7%
Taiwan
0.2%Thailand
0.5%
Other
64.5%
The distribution of overseas phishing servers
monitored by CNCERT in 2014
Mobile malware
Over 300 third party android app stores.
Mobile malware rose rapidly
In 2014, CNCERT captured more than 951 thousand mobile malwares. We found in the last several years, the mobile malware becomes time of growth.
52 67 110 208 416 1664 6249
162981
702861
951059
0
100000
200000
300000
400000
500000
600000
700000
800000
900000
1000000
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Statistical Trend of the mobile Malware from 2005 to 2014
More and more hacker make mobile malware
for pursuing interest.
Malicious fee deduction
55.0%
Fee consumption
15.3%
Stealing information
12.9%Rogue behavior
9.7%
Remote control
4.4%
System damage
1.3%
Trick and fraud
1.0%
Malicious spread
0.3%
Intention-based Categories of the Mobile Malware in 2014
In term of intension of the mobile malware:
Malicious fee deducting (55.0%)
fee consumption (15.3%)
stealing information (12.9%)
Vulnerabilities
• Vulnerabilities In total
9163 16.7%
• High-risky
2394 8.1%
174214
212225 241
176
203183 172
200 188 206
428429
368413
379316
493
341
885
977
637
366
7756
6448 62 61
84 57 74 68 39 47
0
200
400
600
800
1000
1200
1 2 3 4 5 6 7 8 9 10 11 12
Monthly vulnerabilities collected by CNCERT in 2014
High-risky Mid-risky Low-risky
The process of fixing vulnerabilities is too slow to avoid risk
Network administrators are too busy to handle
a lot of new
vulnerabilities.
It should be very careful to operate on
the online systems.
It takes a long time to
fix vulnerabilities.
Both accumulated and newly occurred
vulnerabilities cause serious threat to
information systems.
OUTLINE
The cybersecurity
landscape of mainland
China
Introduction about
CNCERT and responses
to cybersecurity threats
National Level CERT of China
• Non-governmental and non-profit cybersecurity technical center under MIIT (Ministry of Industry and Information Technology of the People’s Republic of China )
• Single point of contact in mainland China for national CERTs
• Key coordination team for China’s cybersecurity emergency response community
2002.9
EARLY WARNING
Received(2014):
800+information
report partners domestic
Released(2014):
264 reports
Landscape
presentationAnnual meeting
52 weekly reports in
English
1 annual report in
English
Content of report include: cybersecurity threats notification, incidents analysis, national landscape analysis, technical assistance ,etc.
Emergency Response
Accepted 56180 incidents
complaint
Handled 56072 incidents
Increase the governance
intensity of the Internet
environment and
restrain malicious
codes
Taken down 744 large scale
Botnets
protect 982,000 infected
hosts
removed 8644 malicious
apps
CNCERT has established partnership with
144 organizations
in
63countries or
regions
CNCERT International Cooperation Partnership
INTERNATIONAL COOPERATION