JSOC INSIGHT vol.8 English Edition

"JSOC INSIGHT" is an analysis report on the trend of security incidents, such as unauthorized access and malware infection, in Japan, based on daily analysis results by our JSOC security analysts. Since this report analyzes the trends in attacks, based on the data of incidents which JSOC customers actually encountered, the report will help in understanding world trends as well as actual threats that Japanese users are facing.

JSOC INSIGHT vol.8 contains below topics.

• New attacks that exploit JBoss Application Server vulnerabilities
• Attacks that exploit a code execution vulnerability (Zero day) in phpMoAdmin
• Downloader traffic that leads to malware infection

Contents

Introduction

Section 1: Summary of Trends from January to March 2015

1. Summary of trends from January to March 2015
2. Trends of Severe Incident in JSOC
    2.1 Trends in severe incidents
    2.2 Analysis of severe incidents
    2.3 Attacking traffic from the Internet that has been detected many times
3. Topics of This Volume
    3.1 Code execution vulnerability in the JBoss Application Server
    3.2 Code execution vulnerability in phpMoAdmin
    3.3 Downloader traffic that causes malware infection

Section 2: Fiscal Year 2014 Trend Summary

1. FY2014 summary
2. Trends of severe incidents related to attacks from the Internet
    2.1 Trend summary
    2.2 Attacks (Heartbleed) that exploit a vulnerability in the OpenSSL Heartbeat extension
    2.3 Attacks (Shellshock) that exploit a code execution vulnerability in GNU bash
    2.4 Suspicious file upload attempts
3. Trend of severe intra-network incidents

In Closing