JSOC INSIGHT vol.24 English Edition

"JSOC INSIGHT" is an analysis report on the trend of security incidents, such as unauthorized access and malware infection, in Japan, based on daily analysis results by our JSOC security analysts. Since this report analyzes the trends in attacks, based on the data of incidents which JSOC customers actually encountered, the report will help in understanding world trends as well as actual threats that Japanese users are facing.

JSOC INSIGHT vol.24 contains below topics.

• Arbitrary code execution vulnerability in Drupal
• Increased attacks that targeted an ECShop vulnerability
• Increased SQL injection attacks and confirmed successful attacks

Contents

1. Preface
2. Executive Summary
3. Trends in Severe Incidents at the JSOC
    3.1 Trends in severe incidents
    3.2 Types of Traffic to Pay Attention to
4. Topics of This Volume
    4.1 Arbitrary code execution vulnerability in Drupal
     4.1.1 Testing the vulnerability
     4.1.2 How traffic is observed through the JSOC threat intelligence infrastructure
     4.1.3 Countermeasures against the vulnerability
    4.2 Increased attacks that targeted an ECShop vulnerability
     4.2.1 Vulnerability summary
     4.2.2 Changes in the number of attacks detected
     4.2.3 Attack traffic contents and attack trends
     4.2.4 Countermeasures against the vulnerability
    4.3 Increased SQL injection attacks and confirmed successful attacks
     4.3.1 Changes in the number of attacks detected
     4.3.2 Percentages by country for source IP addresses
     4.3.3 Typical severe incident found
     4.3.4 Countermeasures against SQL injection attacks
5. Fiscal Year 2018 Trend Summary
   5.1 FY2018 summary
   5.2 Severe incidents related to attacks from the Internet
   5.3 Severe incidents that occurred in intra-networks
   
6. Conclusion