sign in sign up
<<
Home , China Unicom

PRESENTED BY: What is it and why is it important? •

• •

• • •

• •

• • Security trends influenced by technology and geo-political events • • • • • • •

• • •

• •

• • • •

• •

• • • • Attacks By Port Comparison (January 1st - June 30th 2018)

MILLIONS OF ATTACKS

Port 22 Port 80 BILLIONS Port 23 OF IoT DEVICES

January Feburary March April May June Attacks Against Ports Used by IoT Devices (Jan 1st – June 30th 2018)

Port 23 Port 5060 Port 8080 Port 7547 Port 8291 Port 2323 Port 2222 Port 8081 Port 9200 Port 8090 Port 52869 Port 37777 Port 37215 Port 2332 Port 2223 January Feburary March April May June

Protocol Service Port IoT Device Types Protocol Service Port IoT Device Types TCP Telnet 23 ALL TCP HTTP_Alt 8080 SOHO routers, smart sprinklers, ICS TCP, UDP Rockwell 2222 ICS TCP HTTP_Alt 8081 DVRs TCP, UDP Rockwell 2223 ICS TCP HTTP_Alt 8090 WebCams TCP Telnet 2323 ALL TCP Applications 8291 SOHO routers TCP Applications 2332 Gaming consoles UDP WSP 9200 WAPs TCP, UDP SIP 5060 VoIP phones, video conferencing TCP, UDP UPnP 37215 SOHO Routers TCP, UDP Secure SIP 5061 VoIP phones, video conferencing TCP Applications 37777 DVRs TCP TR069 7547 SOHO routers, gateways, CCTV TCP UPnP 52869 chipsets IoT v5 Digital Only! 8/20/2018

Q3 and Q4 2016 Q1 and Q2 2017 Q3 and Q4 2017 Hosting Hosting 14% 16% Hosting Hosting Telecom Telecom / 24% 44% Telecom / / ISP Unknown ISP ISP 24% 56% Telecom / ISP 60% 70% 84%

Online Unknown Online Gaming Gambling (2%) Pos IP IP Owner Country ASN New? 1 116.31.116.21 ChinaNet Guangdong Province Network AS134764 IoT v1,2,3 2 58.218.198.160 ChinaNet China AS4134 IoT v1,2,3 3 58.218.198.162 ChinaNet China AS4134 IoT v1,2,3 4 193.201.224.109 PE Tetyana Mysyk Ukraine AS25092 New 5 58.218.198.161 ChinaNet China AS4134 IoT v1,2,3 6 218.65.30.156 ChinaNet China AS4134 IoT v1,2,3 7 58.218.198.156 ChinaNet China AS4134 IoT v1,2,3 Top 50 8 113.195.145.52 China Unicom China169 Backbone China AS4837 IoT v1,2,3 9 116.31.116.7 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,3 10 58.218.198.155 ChinaNet China AS4134 IoT v1,2,3 11 58.218.198.145 ChinaNet China AS4134 IoT v1,2,3 12 116.31.116.41 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,3 Attacking IPs 13 116.31.116.17 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,3 14 182.100.67.252 ChinaNet China AS4134 IoT v1,2,3 15 58.218.198.169 ChinaNet China AS4134 IoT v1,2,3 16 113.195.145.21 China Unicom China169 Backbone China AS4837 IoT v1,2,3 17 91.195.103.188 Global Layer B.V. Czech Republic AS57172 New 18 116.31.116.18 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,3 19 193.201.224.232 PE Tetyana Mysyk Ukraine AS25092 New st 20 91.195.103.189 Global Layer B.V. Czech Republic AS57172 New • July 1 – Dec 31 2017 21 58.242.83.9 China Unicom China169 Backbone China AS4837 IoT v1 22 91.197.232.109 Planet Telecom Ltd. UK AS43715 New 23 123.249.24.199 ChinaNet China AS4134 IoT v1,2,3 • 36/50 China 24 61.177.172.60 ChinaNet China AS4134 IoT v1,2,3 25 116.31.116.33 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,3 26 116.31.116.27 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,3 • 74% of IPs seen 27 58.242.83.8 China Unicom China169 Backbone China AS4837 IoT v1, 28 195.22.127.83 Sprint S.A. Poland AS197226 New attacking prior 29 58.218.198.148 ChinaNet China AS4134 IoT v1,2,3 30 58.218.198.165 ChinaNet China AS4134 IoT v1,2,3 31 61.177.172.66 ChinaNet China AS4134 IoT v1,2,3 32 107.0.106.213 Cable Communications U.S. AS7922 IoT v1 • 66% of IPs have been 33 59.45.175.4 ChinaNet China AS4134 IoT v1,2,3 34 58.57.65.113 ChinaNet China AS4134 IoT v1,2,3 consistently attacking for 35 217.9.237.9 Blizoo Media and Broadband Bulgaria AS13124 New 36 58.218.198.175 ChinaNet China AS4134 IoT v1,2,3 2 years! 37 91.197.232.107 Planet Telecom Ltd. UK AS43715 New 38 190.214.22.242 CORPORACION NACIONAL DE TELECOMUNICACIONES Ecuador AS28006 New 39 58.218.198.150 ChinaNet China AS4134 IoT v1,2,3 40 58.218.198.170 ChinaNet China AS4134 IoT v1,2,3 41 51.254.34.30 OVH SAS France AS16276 IoT v2 42 123.249.24.160 ChinaNet China AS4134 IoT v1,2,3 43 58.218.198.172 ChinaNet China AS4134 IoT v1,2,3 44 58.218.198.141 ChinaNet China AS4134 IoT v1,2,3 45 46.37.24.118 Aruba S.p.A. Italy AS31034 New 46 58.57.65.114 ChinaNet China AS4134 IoT v1,2,3 47 203.91.121.73 DRAGONLAB China AS24575 New 48 155.133.16.246 TralNet Pawel Cichocki Poland AS200642 New 49 58.218.198.158 ChinaNet China AS4134 IoT v1,2,3 50 184.106.219.63 Rackspace Hosting U.S. AS19994 New Pos IP IP Owner Industry Country ASN 1 185.140.242.49 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 2 185.140.242.96 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 3 185.140.242.81 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 4 185.140.243.12 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 5 185.140.100.233 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 6 185.140.102.190 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 7 185.140.243.95 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 Top 50 8 185.140.100.120 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 9 185.140.101.69 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 10 167.99.83.206 DigitalOcean, LLC Hosting UK AS14061 11 185.140.100.9 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 12 185.140.241.64 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 Attacking IPs 13 163.177.152.14 China Unicom Guangdong IP network Telcom / ISP China AS136959 14 218.63.110.81 ChinaNet-YN Telcom / ISP China 15 185.140.103.228 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 16 185.140.192.41 Layth Zuhair Zahid Unknown Iraq AS203257 17 185.140.243.111 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 18 185.140.192.9 Layth Zuhair Zahid Unknown Iraq AS203257 19 103.51.35.206 Sky Tele Ventures Telcom / ISP India 20 185.140.101.5 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 21 222.73.254.215 ChinaNet-SH Telcom / ISP China • Jan 1 – June 30, 2018 22 185.140.102.156 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 23 185.140.101.150 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 24 185.140.101.121 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 • ALL NEW! 25 185.55.65.59 IntegraDesign, Mariusz Barczyk Hosting Poland AS61154 26 185.140.101.75 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 27 185.55.1.6 Iskratelecom CJSC Telcom / ISP Russia AS29124 28 185.55.64.183 IntegraDesign, Mariusz Barczyk Hosting Poland AS61154 • Introduction of Iran and 29 185.140.101.96 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 30 185.140.102.164 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 Iraq IPs 31 174.141.164.8 Hotwire Communications Telcom / ISP US AS23089 32 181.20.197.168 Telefonica de Argentina Telcom / ISP Argentina 33 185.140.102.249 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 34 185.140.161.237 LANTA Ltd Telcom / ISP Russia AS41268 35 67.205.178.243 DigitalOcean, LLC Hosting US AS14061 36 185.140.194.206 Layth Zuhair Zahid Unknown Iraq AS203257 37 185.55.202.92 Orion Digital Services Ltd. Telcom / ISP Ireland AS60155 38 185.140.192.40 Layth Zuhair Zahid Unknown Iraq AS203257 39 121.23.244.192 China Unicom Telcom / ISP China 40 185.140.102.168 Daniel Wojda trading as Netservice Telcom / ISP Poland AS203272 41 167.99.1.222 DigitalOcean, LLC Hosting US AS14061 42 185.140.242.100 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS56815 43 67.205.186.38 DigitalOcean, LLC Hosting US AS14061 44 185.140.215.116 Durcatel CB Telcom / ISP Spain AS60807 45 222.161.223.54 China Unicom-JL Telcom / ISP China 46 188.187.188.76 ER-Telecom Telcom / ISP Russia AS41786 47 50.5.135.150 Fuse Telcom / ISP US AS6181 48 188.166.151.126 DigitalOcean, LLC Hosting UK AS14061 49 185.12.179.208 Aruba Cloud Network Hosting Germany 50 212.31.113.119 Cyprus Authority Telcom / ISP Cypress AS6866 Username Password Username Password Username Password Username Password support support 10101 10101 root root tomcat tomcat root root dbadmin admin support support PlcmSpIp PlcmSpIp admin admin123 butter xuelp123 admin admin123 sshd sshd ubnt ubnt ftpuser asteriskftp ubnt ubnt monitor monitor usuario usuario PlcmSpIp PlcmSpIp service service butter xuelp123 service service tomcat tomcat usuario usuario mysql mysql pi raspberry hadoop hadoop pi raspberry hadoop hadoop user user mysql mysql user user user1 user1 ~87% guest guest vagrant vagrant test test cisco cisco test test jenkins jenkins guest guest vagrant vagrant supervisor supervisor www www oracle oracle 101 101 git git a a operator operator ts3 ts3 Username = Password 0 0 apache apache supervisor supervisor apache apache ftp ftp minecraft minecraft ftp ftp telnet telnet operator operator testuser testuser git git jenkins jenkins oracle oracle ts3 ts3 ubuntu ubuntu Management TestingR2 “Equifax breach in osmc osmc backup backup nagios nagios www www Argentina” ubuntu ubuntu vnc vnc postgres postgres zabbix zabbix default 1 deploy deploy uucp backup backup monitor monitor odoo odoo Admin admin anonymous any@ postgres postgres user1 user1 ftpuser asteriskftp a a nagios nagios alex alex Root osmc osmc 1111 1111 zabbix zabbix 1234 tomcat tomcat api api 10101 10101 PlcmSpIp PlcmSpIp dbadmin admin This goes beyond cyber into life impact

• Re-route • Disrupt • Monitor • Disable • Listen • Mess with data • Take offline • Did you know we • Disrupt operations / have hydrogen cars? communications • • • • • • • • • •

• •

• • • • •

• • • • • • •

• •

• •