As we look back now, it is amazing to remember all the things we achieved together and all the threats BitNinja saved us from since the start of the year.
Here’s a five minute summary of what we have been up to in 2018.
Hacker-free new year to everyone! See you in 2019!
First of all, we’d like to say thank you for your engagement and support all around the year. You inspire us to achieve the best security solution available, to develop our community and to deepen our knowledge of every aspect of cybersecurity.
Thanks for being such great partners and reaching these amazing milestones with BitNinja:
2018 started with two critical CPU vulnerabilities. Desktops, laptops, smartphones, tablets, cloud devices, servers… All of them got endangered by Meltdown and Spectre. Another punch at server owners' face was Drupalgeddon#3, where we had to act quick and patch it in 48 hours. And threats just kept coming over the year...
There's no question that BitNinja left its mark on the cybersecurity industry this year, too. How do we know that?
1,555,552,253 stopped attacks worldwide must have been a pain in the... eye of the hackers. The dispersion was something we had counted on, having the majority of the attacks at Q3 and Q4, as we predicted in our Black Friday attack note.
The attack trends weren’t really surprising - they showed huge similarity with the former years’ statistics.
Our Port Honeypot module was the busiest, as usual, capturing millions of port scans and sweeps over the year. Most of the time, this is the very first phase of automated web attacks, so it's no wonder it won the first prize.
As our honeypot modules stopped all these attacks proactively and grey/blacklisted the attackers quickly, other modules, like the WAF, Log Analysis and DoS Detection had much less to do.
The list of the heavily scanned ports hasn’t changed much since we last tracked them. Telnet is still on top of the list, and the only one ruining its position was port 119 jumping by place #29 to #6.
But it’s worth taking a look at the most common attack types of 2018 - captured by BitNinja - as well.
Watch out WordPress hosters! 5 attack types of the Top10 list are used to hack into the servers through WordPress. Here you can see the shortlist for the graph above:
|
1. |
BNVL-2018-0009 |
WordPress Brute-force Login Attempt |
|
2. |
BNVL-2018-0003 |
|
|
3. |
BNVL-2018-0050 |
Backdoor checking |
|
4. |
BNVL-2018-0012 |
|
|
5. |
BNVL-2018-0007 |
Automated WordPress Registration |
|
6. |
BNVL-2018-0014 |
|
|
7. |
BNVL-2018-0051 |
Backdoor testing |
|
8. |
BNVL-2018-0008 |
Redirect Vulnerability in WordPress's WP Login Plugin (wp-login.php) (CVE-2014-2229) |
|
9. |
BNVL-2018-0034 |
D-Link router DSL-2750B firmware 1.01 to 1.03 - remote command execution no auth required |
|
10. |
BNVL-2018-0015 |
Joomla! Automated registration attempt |
Malware infections were still a hit, here you can see the quarantined malware infections by BitNinja through the weeks.
Our WAF 2.0 module - debuted this year - and you guys started to use it slowly but steadily. We’ve tested and tailored the rulesets during the last months so you can get the best value out of its protection. It has already captured 7,806,72 web attacks!
Looking at the analytics, the most frequently triggered rules are related to:
Remote File Inclusion (RFI) - A common attack that remotely uploads malicious scripts to an application's server and results in information theft and compromised websites. Read more about RFI in our previous article.
The most active botnet of the year was the HelloPeppa, emerging over the summer:
Considering the top-attacking countries, China - no surprise - is No1. Nonetheless, many infected servers tried to attack our defense network from Brazil, the USA, Russia, Vietnam, and India, too. We’ll continue working on making the Internet a safer place and increasing the number of BitNinja-protected servers in those countries as well. 😉
We’re dedicated to develop the best security for your servers and keep your business successful, without security issues.
What’s waiting for you in 2019?
Just to mention some - an upgraded Malware Detection module, a brand new Dashboard to help your daily job, a false positive terminator to keep FP rates low, new feature against phishing sites, and new integrations for your convenience.
Stay tuned for more big reveals in 2019!
