2020年网络安全态势洞察报告.pdf
0 2020 2020 Cyber Security Situation Insight Report. 3 1 . 4 2 . 7 2.1 . 7 2.1.1 . 8 2.1.2 . 9 2.1.3 . 10 2.2 . 11 2.3 . 16 2.4 . 19 3 . 21 3.1 . 21 3.2 . 23 3.3 . 26 3.3.1 MS17-010 Windows SMB . 26 3.3.2 CVE-2017-11882 CVE-2017-0199 . 27 3.3.3 0day CVE-2019-17062 CVE-2020-0674 . 28 3.4 2020 . 29 4 . 31 4.1 . 31 4.2 . 32 4.2.1 . 32 4.2.2 . 32 4.2.3 . 33 4.3 . 34 4.3.1 . 34 4.3.2 . 35 4.3.3 . 365 . 38 5.1 . 38 5.2 . 41 5.2.1 . 42 5.3 . 45 5.4 . 46 6 . 48 6.1 APT . 48 6.2 APT . 51 6.2.1 . 51 6.2.2 . 54 6.2.3 . 56 6.2.4 . 59 6.3 APT . 60 7 . 62 . 663 2020 COVID-19 APT APT1 1 2020 2020 9 2 CVE 2020 CNVD 19964 24% ExploitDB CVE 3 84% SEO43% 41% SEO 4 53% 5 Emotet TrickBot Gootkit IcedID/Bokbot Qakbot TrickBot Ryuk TrickBot Cobalt Strike PowerShell Empire PowerTrick Terraloader Ursnif Valak Qakbot 6 APTAPT APT APT sleep_mask cobaltstrike covenant Empire3.02 C&C / 2.1 COVID-19 2020 30% COVID- 19 6% 2020 20192.1.1 / C&C 6 / 7 58830.64% 26.98% 16.762.1.2 /2.2 2019 2020 6 2019 9 10 2020 Cybersecurity Ventures 2021 200 2015 57 1 1 Emotet TrickbotCoveware 2019 2020 5 2 2 Anchain.ai 2020 3 3 ransomware-conundrum-75eb5ea04c7c2020 TOP5 Crysis GlobeImposter Sodinokibi Phobos Cerber RDP RaaS VegaLocker MedusaLocker2.3 2020 2020 20% 50 1 NDay Linux 2 Web3 PowerGhost Coinminer powershell powershell PE WMI+powershell Internet Redis SSH SQL Server RDP WannaMine 2019 / Xmrig XmrMiner BitcoinMiner PowerGhostBluehero 0day 7 SMBv3 CVE-2020-0796 2019 2 Nexus Repository Manager RCE 2019 9 20 PHPStudy Bulehero 20202.4 11 2 URL 3 4 IPS 5 IPS RDP 2 1 2 PowerShell Office 3 4 5 63 2020 3.1 1 2020 24% 2020 CNVD 19964 24% 4 2020 2011 3 4 2 0day 2020 0day 0day NSA CIA 2020 APT 0day IOS 3 Nday Excel4.0Nday Bluehero 0day 2020 7 SMBv3 CVE- 2020-0796 RunMiner Weblogic CVE-2017-10271 5 Avaddon Excel4.0 3.2 10 CNVD 10 2020 CNVD 19964 2011 3 17539 91% 6 5 6 58% Web 10% 62020 200072020 Oracle IBM 3.3 3.3.1 MS17-010 Windows SMB EternalBlue 2017 WannaCry CVE-2017-0144 CVE-2017-0145 CVE-2017-0147 Microsoft MS17-010MS17-010 WannaMine PowerGhost Satan MS17-010 2020 MS17-010 CVE-2017-0147 CVE-2017-0144 CVE-2017-0145 86 3.3.2 CVE-2017-11882 CVE-2017-0199 Office 2017 2020 2017 NDay CVE-2017-11882Moniker CVE-2017-0199 RTF DarkhotelAPT Ramsay USB Microsoft Office CVE-2017-0199 CVE-2017-11882 7 3.3.3 0day CVE-2019-17062 CVE-2020- 0674 70day 0day CVE-2019-17062(Firefox ) CVE-2020-0674 Microsoft Internet Explorer JScript gh0st CVE-2019-17062 CVE-2020-0674 0day 2020 APT UAF CVE-2020-6819 CVE-2020-6820 DarkHotel CVE-2019-1367 IE Chrome CVE-2020-6418 3.4 2020 20204 4.1 2003 Web 2020 2020 6 CSRF 29% 24% 17% 2020 178828 41546 23% 1/5 43% 414.2 4.2.1 2020 178828 12 1374100 844482 61% 2020 6 4.2.2 CSRF 29% 24% 17CSRF 4.2.3 4-3 22% 144.3 4.3.1 2020 4-4 1 12 178828 41546 23% 1/5 2020 11 88124.3.24.3.3 43% 41% 60% SEO Search Engine Optimization SEO SEO SEO5 5.1 1 VERIZON 72% 8 8 23 COVID-19 4IBM 9 5.2 Tor Freenet ZeroNet BTC XMR 910 56.55% 53% 5.2.12020 10 1.5 13.4 84.5165.36% 82.785.3 / /API / token 0day61% 10 5.4 1 2 10 3 46 (Advanced Persistent Threat Attack) APT APT 120+ 2020 APT 2021 APT 6.1 APT COVID-19 APT 2020 COVID-19 VPN APT 2020 APTSolarWinders APT 120+ APT 2020 APT 1 COVID-19 2020 APT2 APT 3 APT 2020 DeathStalker CostaRictoAPT 6.2 APT 6.2.1 Lazarus DarkHotel APT Lazarus 2020 7 MATA (Loader) (Dispatcher) (Plugins) Windows Linux MacOSCOVID-19 2020 9 Bookcode 10 wAgent DarkHotel APTAPT-C-06 SIG25(NSA) Dubnium Fallout Team Shadow Crane ATK 52 T-APT-02 0day 1day 2020 IE 0day CVE-2020-1380 DakrHotel Ramsay EXE txt doc xls Kimsuky Mystery Baby Baby Coin Smoke Screen BabySahrk 2012 Konni hwp PE APT-C-012018 2020 126 163 APT-C-12 Sapphire Mshroom Blue Mushroom NuclearCrisis AWS S3 2020 C# Light RAT ownCloud 6.2.2 APT OceanLotus 2020 OceanLotus APTlnk Denis 200006.2.3 APT 2020 BITTER Confucius SideWinder 4 APT 4 4 Bitter APT-C-08 T- APT-17 2020 COVID-19 2020 2020APT-C-09 PatchWork angOver VICEROY TIGER The Dropping Elephan BITTER 2020 Confucius 2013 APT 2020APK SideWinder T-APT-04 2020 CVE-2019-2215 6google play 6.2.4 APT 2020 Gamaredon APT28 APT29 WellMess WellMess Gamaredon APT 2013 APT28 Fancy Bear T-APT-12 APT28, Pawn Storm, Sofacy Group, Sednit STRONTIUM APT 2004 2007 APT29 APT29 2008 YTTRIUM The Dukes Cozy Duke CozyBear Office Monkeys 2020 CISA (NCSC) (CSE) APT29 WellMess WellMess WellMess 2020 6.3 APT 1 APT APT 2 0day APT IE Firefox Exchange APT APT APT 0day APT 0day3 VPN VPN 2020 VPN 2020 NSA APT VMware APT 4 Windows Linux MAC OS APT 2020 APT BITTER OceanLotus Patchwork SideWinder Donot 5G APT Lazarus MATA7 1 Markets and Markets 2026 2019 88 382 23.3 2 5G 5G 5G 5G 5G3 IT SECaaS API IDC 74.6% SECaaS SECaaS IT SECaaS 4ZTA 5 MarketsandMarkets 2021 350 2025 750 DDoS PoC 2020 IoT6 Ripple20 12 Amnesia-33 IoT 6 XDR Gartner XDR XDR SaaS XDR EDR XDR XDR EDR XDR XDR XDR SOAR security-and-risk-trends-for-2020 products/pdf/Qi-An-Xin/Qianxin-1-1XXWAXWM.pdf security-and-risk-trends-for-2020 espionage-outsourced look-at-a-mercenary-apt-group-that-spies-on-small-and-medium-businesses attacks/ blog.google/technology/safety-security/threat-analysis-group/identifying- vulnerabilities-and-protecting-you-phishing/ pdf us-cert.cisa.gov/ncas/alerts/aa20-301a paper.seebug/1384/ activities-disguised-as-korean-android-chat-application/ government-targeted-in-spear-phishing-attacks/ blog.alyac.co.kr/2932 blog.alyac.co.kr/3014 us-cert.cisa.gov/ncas/alerts/aa20-227a airgapped-networks/ espionage-operations-through-fake-websites/ miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/ bangladesh-and-vietnam/ fit.hcmus.edu.vn/vn/Default.aspx?tabid=292&id=13095 pdf attacks/ Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt- group/ attack-target-cn/ media.defense.gov/2020/Jul/16/2002457639/-1/- 1/0/NCSC_APT29_ADVISORY-QUAD-OFFICIAL-20200709-1810.PDF supply-chain opening-windows-linux-reverse-shells/ korea/ leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html attack-southeast-asia
