TRENDS
- The number of unique attackers from the United States decreased to 25%, although it is still our Top Attacker this week.
- The top alarm was: AlienVault HIDS: IDS event with 563,120 occurrences.
TOP ATTACKER COUNTRIES
| Country | No. of Attackers | Percentage |
|---|---|---|
| United States | 873 | 24.90% |
| China | 848 | 24.20% |
| Russian Federation | 278 | 7.90% |
| France | 183 | 5.20% |
| Brazil | 153 | 4.40% |
| India | 147 | 4.20% |
| Vietnam | 124 | 3.50% |
| Republic of Korea | 121 | 3.50% |
| Netherlands | 102 | 2.90% |
| United Kingdom | 100 | 2.90% |
| Germany | 90 | 2.60% |
| Indonesia | 70 | 2.00% |
| Canada | 69 | 2.00% |
| Italy | 66 | 1.90% |
| Singapore | 50 | 1.40% |
| Taiwan | 49 | 1.40% |
| Australia | 48 | 1.40% |
| Ukraine | 45 | 1.30% |
| Thailand | 43 | 1.20% |
| Hong Kong | 40 | 1.10% |
THREAT GEOLOCATION
TOP ATTACKING HOSTS
TOP ALARMS
| Alarm | No. of Occurrences |
|---|---|
| AlienVault HIDS: IDS event | 563120 |
| Environmental Awareness - OTX Indicators of Compromise - PULSE | 193 |
| Delivery & Attack - Bruteforce Authentication - SSH | 64 |
| Delivery & Attack - WebServer Attack - Attack | 32 |
Comparison to the Previous Report
| Alarm | No. of Occurrences |
|---|---|
| AlienVault HIDS: Web Server 400 error code | 117619 |
| Reconnaissance & Probing - Attack Tool detected - Attack | 16208 |
| AlienVault NIDS: "ET SCAN NMAP -sS window 1024" | 1542 |
| Environmental Awareness - OTX Indicators of Compromise - PULSE | 1507 |
| Delivery & Attack - WebServer Attack - Attack | 468 |
| Delivery & Attack - Bruteforce Authentication - SSH | 327 |
| Reconnaissance & Probing - Database Attack - Stored Procedure Access - Attack | 79 |
| Delivery & Attack - Bruteforce Authentication - Linux/Unix | 18 |
| Exploitation & Installation - WebServer Attack - XSS | 1 |
Details
Category