Analysis: Recent Threats From Chinese, Russian Hackers No Surprise
The Wall Street Journal's report
The geographic source of the attacks, though, should not be a surprise to those following security trends and breaches.
In the Test Center's own security test network, which simulates critical services such as IIS, SMTP and SQL, we have repeatedly over the past year found similar attacks from those regions to be more of a trend than random occurrences. While hacking attempts have hit our test network from all over the world, and from within the U.S., the majority of attacks have come from Russia and China, from satellite nations or other locations in those geographies.
For example, in November, our test threat network logged repeated relay attempts through SMTP default port 25. A trace back to the IP addresses showed they originated in Taiwan.
In the same time span, we determined that a persistent attack against the IIS service was coming out of Latvia, a former Soviet country. SQL UDP worm attacks were also relentless, originating from China.
We also noted activity against ports reserved for remote access. This activity also traced back to IP addresses in China. From IP addresses coming out of Beijing, the threat network logged repeated attempts to take advantage of a Symantec Anti-Virus exploit.
Speaking of Beijing, we also noted increased security attacks against our test network, during the Olympics, which were held there last summer.
Lots of activity was noted, as mentioned, from Eastern Europe and former Soviet satellite countries. Brazen SQL hacking attempts using the default admin "sa" account originated from Belarus. These attempts apparently were made using a random password generator; some of the passwords the attacker attempted to use were "megan," "burn" and "intrepid."
Not only threats, but a bulk of the spam coming into the test network came from addresses that traced to Russia and China.
Experts continue to theorize that increasing amounts of organized hacks are for either financial or geopolitical reasons. Our analysis, however, is mostly technical in nature.
The bottom line: The trend has been for threats to increase, rather than decrease, and hackers seeking easy ways to disrupt U.S. infrastructure may wind up creating collateral damage even for small businesses with small networks. Solution providers should use the headlines as a jumping-off point for new discussions with customers about their own security and security planning.