JSOC INSIGHT vol.13 English Edition

"JSOC INSIGHT" is an analysis report on the trend of security incidents, such as unauthorized access and malware infection, in Japan, based on daily analysis results by our JSOC security analysts. Since this report analyzes the trends in attacks, based on the data of incidents which JSOC customers actually encountered, the report will help in understanding world trends as well as actual threats that Japanese users are facing.

JSOC INSIGHT vol.13 contains below topics.

• Spate of Apache Struts 2 vulnerability disclosures
• Rapid increase in Ursnif infection incidents
• Increase in suspicious e-mails that lead to ransomware infection

Contents

1. Preface
2. Executive Summary
3. Trends in Severe Incidents at the JSOC
    3.1 Trends in severe incidents
    3.2 Analysis of severe incidents
    3.3 Attack traffic detected numerous times
     3.3.1 DNS Changer that attempts to change a DNS server setting at a terminal infected with it
     3.3.2 Attacks from the Internet that were detected numerous times
4. Topics of This Volume
    4.1 Spate of Apache Struts 2 vulnerability disclosures
     4.1.1 Vulnerabilities overview
     4.1.2 Example of attack traffic detected that exploits a vulnerability (S2-032)
     4.1.3 S2-033 and S2-037 vulnerabilities
     4.1.4 Measures for S2-032, S2-033, and S2-037
    4.2 Rapid increase in Ursnif infection incidents
     4.2.1 Ursnif infection routes
     4.2.2 Ursnif-infected traffic
    4.3 Increase in suspicious e-mails that lead to ransomware infection
     4.3.1 State of suspicious e-mails received at the JSOC
     4.3.2 Received suspicious e-mail and examples of Locky ransomware infection
     4.3.3 Precautions against suspicious e-mails

Conclusion