JSOC INSIGHT vol.22 English Edition

"JSOC INSIGHT" is an analysis report on the trend of security incidents, such as unauthorized access and malware infection, in Japan, based on daily analysis results by our JSOC security analysts. Since this report analyzes the trends in attacks, based on the data of incidents which JSOC customers actually encountered, the report will help in understanding world trends as well as actual threats that Japanese users are facing.

JSOC INSIGHT vol.22 contains below topics.

• Arbitrary code execution vulnerability in Apache Struts 2 (S2-057)
• Arbitrary code execution vulnerability in Oracle WebLogic Server
• Spike of attacks against IoT devices

Contents

1. Preface
2. Executive Summary
3. Trends in Severe Incidents at the JSOC
    3.1 Trends in severe incidents
    3.2 Types of Traffic to Pay Attention to
4. Topics of This Volume
    4.1 Arbitrary code execution vulnerability in Apache Struts 2 (S2-057)
     4.1.1 Vulnerability details
     4.1.2 JSOC-detected incident examples
     4.1.3 Countermeasures against the vulnerability
    4.2 Arbitrary code execution vulnerability in Oracle WebLogic Server
     4.2.1 Testing the Vulnerability
     4.2.2 Example of attacks detected to have exploited the vulnerability
     4.2.3 Countermeasures against the vulnerability
    4.3 Spike of attacks against IoT devices
     4.3.1 Trends of attack traffic against IoT devices
     4.3.2 Attack traffic contents detected
     4.3.3 How to respond to these types of attacks
5. Conclusion