14 DAY TRIAL // Based on information collected from honeypots deployed in public cloud infrastructures across the globe, a company observed that most of the machines frequently targeting the US are located in China, the US, India, and Russia.
Details from Alert Logic, a company providing Security-as-a-Service solutions in the cloud, show that in 32% of the cyber-attacks directed at the United States the computer systems used were located in China.
Coming in second place was the US itself, as 21% of the machines used for the attacks were identified in its territory. However, this does not mean that the attackers were in the US, only that they used systems in this country.
According to an infographic provided by the company, which combines information gathered from April 1, 2013 through September 30, 2013, and relies on data from 2,200 Alert Logic customers, 17% of the machines involved in cyber incidents affecting US customers were from India, and only 9% were located in Russia.
Alert Logic’s attack map also reveals that computers in countries like Korea (6%), Romania (6%), Vietnam (4%) and Brazil (2%) have also contributed to the overall number of attacks, but in a lesser amount.
In the case of Europe, most of the attacks (40%) originated from systems in Russia, followed by China and North and South America.
As far as Asia is concerned, the US appears to have hosted most of the computers directing cyber-attacks against the region, with 63%.
The type of malware used in all three regions, as per the data collected by Alert Logic, is Conficker-A, being identified in 91% of the cases in the US, 77% in Europe and 62% in Asia.
The company informs that exploits for the Microsoft Directory Service (MS-DS), running on port 445, were the most prevalent for all three regions.
However, the incidents were perpetrated through other vectors, HTTP being prominent for the US in 21% of the cases, followed by MySQL (13%).
In Europe, HTTP, MySQL Server, MySQL, RPC (remote procedure call) and FTP were all used in 13% of the cases, while MS-DS accounted for 35% of the attacks.
Most of the attacks in Asia leveraged MS-DS vulnerabilities, being used in 85% of the incidents, according to Alert Logic.
Honeypots are decoy systems made vulnerable on purpose in order to catch information about the methods used by attackers to penetrate the system, as well as to collect details on the origin of nefarious activities.
“While honeypots are not typically the target of highly sophisticated attacks, they are subject to many undefined attacks, and provide a window into the types of threats being launched against the cloud,” says Alert Logic.