China's Cybersecurity landscape from the perspective of CNCERT/CC

OUTLINE

The cybersecurity

landscape of mainland

China

Introduction about

CNCERT and responses

to cybersecurity threats

Network development

Statistics (until 2014):

Domain name : 21M

Website :34 M

netizens: 649 M

mobile netizens: 557 M

Cybersecurity landscape

Cybersecurity

Trojans and

botnets

Websites Security

Mobile Malware

Vulnerabilities

Trojans and botnets

11.1 million11.4 million

2013 2014

In 2014, a total of over 11.1 million computers were

infected with trojans or botnets in mainland China, about

2.3% less than 2013.

Massive infected computers were controlled

by overseas C&C servers

More than 10.8 million infected hosts were controlled by about 42 thousands trojan or botnet C&C servers located overseas.

The top 3 locations of the C&C

server’s IPs were the USA

(21.8% ), Hongkong(18.9%) and

Korea(8.2%).

The C&C servers in the USA

controlled more than 3.9 million

infected hosts in mainland China,

which recorded the largest

amount. It was followed by

Portugal and Finland.

USA

21.8%

HongKong

18.9%

Korea

8.2%Japan

4.1%

India

3.3%

Taiwan

3.0%

Germany

2.4%

Maxico

2.4%

France

1.9%

Russia

1.7%

OTher

32.4%

The distribution of Overseas C&C Servers’ IPs in 2014

Website security

Over 19 thousand overseas IPs

conducted remote control on over 33

thousand websites in mainland

China.

In terms of their IP locations:

USA (24.8%)

Korea(6.7%)

Hongkong(6.5%)

Websites defaced :

37 thousand

1.8 thousand government

websites

Websites planted with backdoors:

40 thousand

1.5thousand government

websites

Large amounts of phishing pages were

located overseas

99 thousand phishing webpages targeted websites in mainland China.

• About 7 thousand IPs were involved.

• 89.4% IPs of these phishing servers were located overseas.

• 1083 IPs from USA loaded more than 10 thousand phishing pages.

CNCERT received about 18 thousand reports of phishing, 31.8% of the total reports.

Hongkong

15.2%

Korea

1.8%

USA

17.7%

Taiwan

0.2%Thailand

0.5%

Other

64.5%

The distribution of overseas phishing servers

monitored by CNCERT in 2014

Mobile malware

Over 300 third party android app stores.

Mobile malware rose rapidly

In 2014, CNCERT captured more than 951 thousand mobile malwares. We found in the last several years, the mobile malware becomes time of growth.

52 67 110 208 416 1664 6249

162981

702861

951059

0

100000

200000

300000

400000

500000

600000

700000

800000

900000

1000000

2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

Statistical Trend of the mobile Malware from 2005 to 2014

More and more hacker make mobile malware

for pursuing interest.

Malicious fee deduction

55.0%

Fee consumption

15.3%

Stealing information

12.9%Rogue behavior

9.7%

Remote control

4.4%

System damage

1.3%

Trick and fraud

1.0%

Malicious spread

0.3%

Intention-based Categories of the Mobile Malware in 2014

In term of intension of the mobile malware:

Malicious fee deducting (55.0%)

fee consumption (15.3%)

stealing information (12.9%)

Vulnerabilities

• Vulnerabilities In total

9163 16.7%

• High-risky

2394 8.1%

174214

212225 241

176

203183 172

200 188 206

428429

368413

379316

493

341

885

977

637

366

7756

6448 62 61

84 57 74 68 39 47

0

200

400

600

800

1000

1200

1 2 3 4 5 6 7 8 9 10 11 12

Monthly vulnerabilities collected by CNCERT in 2014

High-risky Mid-risky Low-risky

The process of fixing vulnerabilities is too slow to avoid risk

Network administrators are too busy to handle

a lot of new

vulnerabilities.

It should be very careful to operate on

the online systems.

It takes a long time to

fix vulnerabilities.

Both accumulated and newly occurred

vulnerabilities cause serious threat to

information systems.

OUTLINE

The cybersecurity

landscape of mainland

China

Introduction about

CNCERT and responses

to cybersecurity threats

National Level CERT of China

• Non-governmental and non-profit cybersecurity technical center under MIIT (Ministry of Industry and Information Technology of the People’s Republic of China )

• Single point of contact in mainland China for national CERTs

• Key coordination team for China’s cybersecurity emergency response community

2002.9

EARLY WARNING

Received(2014):

800+information

report partners domestic

Released(2014):

264 reports

Landscape

presentationAnnual meeting

52 weekly reports in

English

1 annual report in

English

Content of report include: cybersecurity threats notification, incidents analysis, national landscape analysis, technical assistance ,etc.

Emergency Response

Accepted 56180 incidents

complaint

Handled 56072 incidents

Increase the governance

intensity of the Internet

environment and

restrain malicious

codes

Taken down 744 large scale

Botnets

protect 982,000 infected

hosts

removed 8644 malicious

apps

CNCERT has established partnership with

144 organizations

in

63countries or

regions

CNCERT International Cooperation Partnership

INTERNATIONAL COOPERATION

Many Thanks!

http://www.cncert.org.cnEmail: cncert@cert.org.cn

ME: Yunqian Zhuzyq@cert.org.cn