Heuristic Security Weekly Weather Report for WE 9/21/2019

Welcome to this week’s Heuristic Security Internet Weather Report. In this week’s report, attacks originating from the Seychelles continue to escalate, again taking the top spot on my attacker’s list. In addition, more information on why Telnet is such a popular attack target.

Weekly Attack Analysis

The first table, Weekly Attacks and Attackers, summarizes the number of attacks from the top 10 countries originating these attacks, and the number of unique attacking IPs per country. In this week’s summary, attacks continue to rise, now totaling 51,838, up 10% compared to last week. In large part, this is driven by a massive increase in attacks originating from the Seychelles, another 31% increase compared to last week. Attacks from the US, Russia and China were relatively stable. The number of attacking sources was also stable at 124 originating countries.

The second table, Weekly Attack Targets, summarizes and sorts the attacks by most frequently targeted port and protocol. This week Telnet (port 23) still on the top by far, TCP port 55555 at #2, SSH (port 22) at #4. UDP port 3320 popped into the Top 5 at #3. I could not find any particular vulnerabilities associated with this port – have to see if it persists.

Continuing the analysis on why Telnet is such a popular target, is the Attack Landscape H1 2019 report from F-Secure. Again, this highlights insecure IoT devices as the root cause for this trend.

Finally, the third chart, Weekly Attacker Trend Report, is a trend chart on changes in attack frequency for the top 5 attacking countries over time. Last week’s sharp rise in attacks continues, with attacks from the Seychelles again topping the list.

Recommendations

So what does this all mean? One, that attacks are pervasive, constant and diverse in origin and target. If you expose it, expect it to be attacked. And if whatever you expose has any vulnerabilities (and what doesn’t these days), expect that they will be exploited as an entree into your network to steal information, steal resources (cryptojacking), extort money (ransomware) or perhaps all of the above.

So what should you do? My recommendations are:

  1. Scan your public IPs to see what ports you may have exposed. Two free tools you can use are the Shields Up! scanner from Gibson Research, as well as the informative Shodan tool. Of course, don’t scan an IP address you do not own.
  2. If you discover open ports, unless you have a legitimate business reason for them to be there (for example 443 for your website), close them in your firewall after confirming what internal system they are forwarding to! If you are scanning your consumer IP, it may be that your router is configured to allow UPnP, which means that your IoT devices (your baby cams, alarm systems, internet-connected toaster, etc.), may be reconfiguring your firewall to open ports for themselves (convenient for them, dangerous for you). Disable UPnP in your router unless you like to live dangerously!
  3. Also, if you have the acumen and a commercial firewall, implement egress filtering in your firewall, in addition to ingress filtering. The SANS Institute Information Security Reading Room has a great paper on Egress Filtering. I highly recommend reading it and implementing it’s recommendations on your firewall – assuming you have the skills and technology to do so. Most consumer routers will not have this functionality.
  4. Finally, make sure your systems are patched! Behind every open port exposed on your firewall is likely to be a service that is unpatched and vulnerable to an exploit of one kind or another. The constant stream of alerts for vulnerabilities and patches just goes to show how vital it is to keep your systems up to date.
  5. If you would like to do further research on IPs that are shown in this report (or from your own network’s firewalls), two resources I recommend are the Wikipedia List of TCP and UDP port numbers and the Internet Storm Center as good starting points.

About this Report

This report does not attempt to discuss the state of attacks and attackers across the entire internet, rather it discusses what I see on my company’s firewalls from my vantage in Colorado and discusses what I believe are general trends and recommended preventative measures based on this information.

Since so many of the attacks today are driven by automated bots scanning the internet for open ports (what I call an attack), I think that the trends I observe locally can be broadly extrapolated to consumer and small business networks across the US. However, as always, the best indication of what is impacting your company’s systems are the results you get by monitoring your own networks. To the extent that you see significantly different results for your network, that may be indicative of a targeted attack on your business (or perhaps on mine?).

About Me

I am an expert in addressing the information security and privacy challenges of complex and fast-paced organizations as both a CISO and adviser to management and the board, in roles ranging from security architect, to risk management, to virtual or permanent CISO. Contact me to discuss how I can help you and your organization achieve your security, risk and privacy objectives.

Please feel free to share or distribute this report. If you have questions on its contents, please feel free to contact me to discuss. And, if you would like to subscribe to have these weekly updates emailed directly to you each Monday, you can do so by signing up on the heuristicsecurity.com website.

107 thoughts on “Heuristic Security Weekly Weather Report for WE 9/21/2019

  1. all the time i used to read smaller articles or reviews that also clear their motive, and that is also happening with this piece of writing which I am reading at this
    time.

  2. Hello there! Do you know if they make any plugins to protect against hackers?
    I’m kinda paranoid about losing everything I’ve worked hard on. Any tips?

  3. Howdy would you mind letting me know which webhost you’re using?

    I’ve loaded your blog in 3 different web browsers and
    I must say this blog loads a lot faster then most. Can you recommend a good
    hosting provider at a honest price? Thanks a lot, I
    appreciate it!

  4. Howdy! Someone in my Myspace group shared this website with us so I came
    to look it over. I’m definitely enjoying the information. I’m book-marking and will be tweeting
    this to my followers! Wonderful blog and fantastic style and design.

  5. Hi, i think that i saw you visited my site so i came to
    go back the prefer?.I am trying to find things to improve my site!I guess
    its good enough to use a few of your concepts!!

  6. Hi there, just became alert to your blog through Google,
    and found that it’s really informative. I’m gonna watch
    out for brussels. I’ll appreciate if you continue this
    in future. Lots of people will be benefited from your writing.
    Cheers!

  7. That is very attention-grabbing, You are a very professional blogger.
    I have joined your feed and look forward to in quest of more of your fantastic
    post. Also, I have shared your website in my social networks

  8. I do consider all of the ideas you’ve presented in your post.
    They’re really convincing and will definitely work. Still,
    the posts are too brief for beginners. Could you please prolong
    them a little from subsequent time? Thanks for the post.

  9. Great post. I was checking continuously this blog and I’m impressed!
    Very useful info particularly the last part 🙂 I care for
    such information much. I was looking for this certain info for a very long time.

    Thank you and good luck.

  10. Hello there I am so glad I found your weblog,
    I really found you by error, while I was searching on Yahoo for something else, Anyways
    I am here now and would just like to say thanks a
    lot for a incredible post and a all round exciting blog (I also love the theme/design), I don’t have time to read it all at the moment but I have
    saved it and also included your RSS feeds, so when I have time I will be back to read a great deal more, Please do keep up the superb work.

  11. I am not sure where you are getting your information, but great topic.

    I needs to spend some time learning more or understanding more.
    Thanks for excellent info I was looking for this information for my mission.

  12. I’m more than happy to find this page. I wanted to thank you for
    ones time for this particularly fantastic read!!

    I definitely appreciated every little bit of it and
    I have you book-marked to check out new information on your blog.

  13. Oh my goodness! Awesome article dude! Many thanks,
    However I am experiencing problems with your RSS.
    I don’t know why I cannot subscribe to it. Is there anybody getting similar RSS problems?
    Anyone who knows the answer can you kindly respond? Thanks!!

  14. Hello, Neat post. There is a problem together with your website in web explorer, would
    check this? IE nonetheless is the marketplace leader and a large component to other folks will leave out your excellent writing because of this problem.

  15. Excellent article. Keep writing such kind of info on your site.
    Im really impressed by your site.
    Hello there, You’ve performed an excellent job.
    I’ll certainly digg it and individually recommend
    to my friends. I’m confident they will be benefited from this website.

  16. Attractive component to content. I just stumbled upon your website
    and in accession capital to assert that I acquire in fact loved account your
    blog posts. Anyway I will be subscribing in your augment and even I achievement
    you get entry to constantly rapidly.

  17. I like the helpful information you provide to your articles.
    I will bookmark your blog and test again here regularly.
    I’m slightly sure I will be told lots of new stuff right right here!
    Best of luck for the following!

  18. Hi! I’m at work surfing around your blog from my new apple
    iphone! Just wanted to say I love reading your blog
    and look forward to all your posts! Carry
    on the outstanding work!

  19. Just wish to say your article is as astonishing. The clarity
    to your submit is just excellent and that
    i can suppose you are an expert on this subject. Well
    with your permission let me to take hold of your feed to keep up to date with imminent post.
    Thank you a million and please carry on the enjoyable
    work.

  20. My brother recommended I would possibly like this blog. He was once totally right.
    This put up truly made my day. You can not consider simply how a lot time I
    had spent for this info! Thanks!

  21. It’s a shame you don’t have a donate button! I’d most certainly donate to this brilliant
    blog! I suppose for now i’ll settle for bookmarking and adding your RSS feed to my Google account.

    I look forward to brand new updates and will talk about this website with my Facebook group.
    Chat soon!

  22. AduQ dan BandarQ yang mana semua permainan itu dimainkan dengan menggunakan kartu domino.
    Kali ini saya akan membahas cara bermain Bandar Q online karena masih banyak yang
    masih bingung dengan aturan dan cara bermain dari Bandar Q ini.

    Permainan Bandar Q merupakan permainan Domino yang tak kalah populer dari Domino QQ.
    Coba saja kalian berkunjung ke salah satu situs judi online yang menyediakan permainan domino pasti kalian tidak akan sulit untuk menemuka permainan Bandar Q ini karena memang permainan ini cukup populer dimainkan oleh
    para bettor.

  23. certainly like your web-site but you need
    to take a look at the spelling on several of your posts.
    Several of them are rife with spelling issues and I to find it very bothersome to tell the truth then again I’ll definitely come back again.

  24. Generally I don’t read post on blogs, however I would like to say that this write-up
    very compelled me to take a look at and do so! Your writing style
    has been amazed me. Thank you, quite nice article.

  25. Howdy! Do you know if they make any plugins to assist with SEO?
    I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good gains.
    If you know of any please share. Thank you!

  26. I would like to thank you for the efforts you’ve put in penning this site.
    I really hope to see the same high-grade blog posts
    by you in the future as well. In fact, your creative writing abilities has inspired me
    to get my very own blog now 😉

  27. Hello There. I found your weblog the use of msn. This is a very
    well written article. I’ll make sure to bookmark it and come back to read more of your helpful info.

    Thank you for the post. I will definitely return.

  28. I absolutely love your site.. Excellent colors & theme.
    Did you build this site yourself? Please reply back as I’m wanting to create my very
    own blog and would love to know where you got this from
    or exactly what the theme is called. Many thanks!

  29. Interesting blog! Is your theme custom made or did you download
    it from somewhere? A design like yours with a few simple tweeks would really make
    my blog stand out. Please let me know where you got your theme.
    Thanks a lot

  30. I like the valuable info you provide in your articles.
    I will bookmark your blog and check again here frequently.

    I am quite certain I will learn a lot of new stuff right
    here! Good luck for the next!

  31. I am really impressed with your writing skills as well as with the
    layout on your blog. Is this a paid theme or did you modify it yourself?
    Anyway keep up the nice quality writing, it is rare to
    see a great blog like this one today.

  32. It’s in fact very difficult in this full of activity life to listen news on TV,
    so I just use the web for that reason, and get the newest news.

  33. Wonderful goods from you, man. I’ve understand your stuff previous to and you are just extremely wonderful.
    I actually like what you have acquired here, certainly like what you’re saying and the way in which you say it.
    You make it entertaining and you still care for to keep it wise.
    I cant wait to read much more from you. This is really a great website.

  34. I am really enjoying the theme/design of your
    website. Do you ever run into any browser compatibility problems?
    A handful of my blog visitors have complained about my website not operating correctly in Explorer
    but looks great in Firefox. Do you have any suggestions to help fix this problem?

  35. Outstanding post however I was wondering if
    you could write a litte more on this subject?

    I’d be very thankful if you could elaborate a little bit more.
    Thank you!

  36. Aw, this was an exceptionally good post. Finding the time and actual effort to make a good article…
    but what can I say… I hesitate a whole lot and never manage to get nearly anything done.

  37. Hi there very cool website!! Man .. Beautiful ..
    Amazing .. I will bookmark your site and take the feeds also?
    I’m happy to find so many useful information right here within the post,
    we want develop extra strategies in this regard, thanks for
    sharing. . . . . .

  38. Hmm it seems like your website ate my first comment
    (it was extremely long) so I guess I’ll just sum it up what I had written and
    say, I’m thoroughly enjoying your blog. I
    too am an aspiring blog blogger but I’m still new to
    the whole thing. Do you have any suggestions for first-time
    blog writers? I’d genuinely appreciate it.

  39. It’s actually very difficult in this busy life to listen news on TV, so I simply
    use internet for that purpose, and get the most up-to-date
    news.

  40. Your style is really unique in comparison to other folks I have read stuff from.

    Many thanks for posting when you’ve got the opportunity, Guess I’ll just bookmark this web site.

  41. When I originally commented I clicked the “Notify me when new comments are added” checkbox and
    now each time a comment is added I get several emails with the same comment.

    Is there any way you can remove me from that service? Thanks
    a lot!

  42. This design is steller! You most certainly know how to keep
    a reader entertained. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Wonderful job.
    I really enjoyed what you had to say, and more than that, how
    you presented it. Too cool!

  43. That is a good tip particularly to those fresh to the blogosphere.

    Simple but very accurate info… Many thanks for sharing this one.

    A must read post!

  44. Hello, I think your blog might be having browser compatibility issues.
    When I look at your blog site in Ie, it looks fine but when opening in Internet Explorer, it
    has some overlapping. I just wanted to give you a quick heads up!
    Other then that, great blog!

  45. Write more, thats all I have to say. Literally, it seems as
    though you relied on the video to make your point.
    You definitely know what youre talking about, why throw
    away your intelligence on just posting videos to your blog when you could
    be giving us something informative to read?

  46. Hey There. I discovered your blog the usage of msn. That is an extremely neatly written article.

    I will be sure to bookmark it and return to read extra of
    your helpful info. Thank you for the post. I will definitely comeback.

  47. I’m not positive the place you are getting your info, but great topic.

    I needs to spend a while studying much more or figuring out more.
    Thank you for wonderful info I used to be on the lookout for
    this information for my mission.

  48. Wow, fantastic blog format! How lengthy have you ever
    been running a blog for? you make running a blog look easy.
    The entire glance of your website is magnificent, as
    smartly as the content material!

  49. Hey are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started
    and set up my own. Do you need any coding knowledge to make your own blog?
    Any help would be greatly appreciated!

  50. Hi there! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to
    rank for some targeted keywords but I’m not seeing
    very good gains. If you know of any please share. Thanks!

  51. Great web site you’ve got here.. It’s difficult to find
    excellent writing like yours nowadays. I seriously appreciate people like you!
    Take care!!

  52. Wow that was unusual. I just wrote an very long comment but after
    I clicked submit my comment didn’t show up.
    Grrrr… well I’m not writing all that over again. Anyhow, just wanted
    to say great blog!

  53. Thank you for another fantastic article. The place else
    may just anyone get that type of info in such an ideal method of writing?
    I have a presentation subsequent week, and I’m on the search for
    such info.

  54. I’m not sure where you’re getting your information, but good topic.
    I needs to spend some time learning much more or understanding more.
    Thanks for fantastic information I was looking for this information for my mission.

  55. Attractive section of content. I just stumbled upon your web site and in accession capital
    to assert that I acquire in fact loved account your
    blog posts. Anyway I will be subscribing in your augment or even I
    achievement you get right of entry to constantly fast.

Leave a Reply

Your email address will not be published.

%d bloggers like this: