Loginsoft Research Team has been monitoring several exploits from the dedicated servers that were deployed globally for the purpose of threat discovery. The team analyzes and enriches this data to identify behavior, methods and intent of the Threat actors. The following observations can be summarized from the analyzed data.
- Popular Exploits
- Popular Targets
- Demographic origin of the threats
This blog provides the key findings on the most impactful and evolving threats identified by our team. The Threat Intelligence data used for this analysis was generated from the first Quarter (Q1) 2021. We ensured that no sensitive information was disclosed or recorded during our scans to confirm the vulnerability.
What are the top 10 popular exploits identified?
We observed multiple exploitation attempts during our scans. While CVE-2018-10562(21.87%) is most vulnerable to attacks, CVE-2015-2051(16.47%) is second most vulnerable to attacks followed by CVE-2014-8361(15.14%) and others.
Following Pie chart illustrates the statistical analysis of the most popular exploits attempted.
Top 10 popular exploits identified
Given below are our observations on the percentage of attacks on the network endpoint devices by threat actors:
- MV Power digital video recorders (29.56%) – Top most choice
- Dasan GPON home routers (10.52%) – Second choice
- Netgear DGN1000 1.1.00.48 (10.25%) – Third choice
- Remaining are the others
Following Pie chart presents the top 10 popular choices for targets by attackers.
Top 10 popular choices for targets by the attacker
Loginsoft Key Findings:
Below is a list of exploited key findings.
|No||Top 10 CVEs||Top 10 Targets Platforms||Top 10 User Agents|
|1||CVE-2018-10562 (21.87%)||MV Power Digital Video Recorders (29.56%)||Hello, World (43.9%)|
|2||CVE-2015- 2051 (16.47%)||Dasan GPON Home Routers (10.52%)||Hello, World (21.39%)|
|3||CVE-2014- 8361 (15.14%)||Netgear DGN1000 1.1.00.48 (10.25%)||Hello-World (5.56%)|
|4||CVE-2016-6277 (11.34%)||Eir D1000 Modems (9.13%)||Mozilla/4.0
(Compatible, SIE 6.0; Windows NT 5.1) (5.27%)
|5||CVE-2016-10372 (11.07%)||D-Link DIR-645 (7.5%)||Go-http-client/1.1 (4.7%)|
|6||CVE-2015-1427 (6.85%)||Realtek SDK (7.29%)||Python Requests/2.20.0 (3.95%)|
|7||CVE-2013-7471 (6.69%)||NETGEAR R6250 (5.08%)||XTC (3.18%)|
|8||CVE-2020-8515 (1.98%)||D-Link Services (3.23%)||Python Requests/2.3.0 CPython/2.7.18 Windows /10 (0.72%)|
|9||CVE-2020-5722 (1.94%)||Linksys E-Series (3.06%)||Python Requests/2.25.1 (0.72%)|
|10||CVE-2017-17215 (1.64%)||Vacron NVR devices (3.06%)||Python Requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1127.e17.x86_84 (0.69%)|
|11||Others (5.02%)||Others (11.33%)||Others (9.94%)|
What are the top 10 most commonly observed user agents?
Our Research team also found that Go-http-client and Python Requests, among others, were often the user agents used in the attacks.
Following Pie chart presents the top 10 most commonly observed user-agents.
Top 10 most commonly observed user agents
During our analysis, our team identified the Origination of Threats from different regions across the globe. Please note that these regions do not indicate the physical location of the threat actors; instead, they indicate the location of the hosting servers used by threat actors around the world.
Following is the information on threat origination across the regions:
|Regions Covered||Origination of Threats (%)|
For over 15 years, leading companies in Telecom, Cybersecurity, Healthcare, Finance, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.
Let’s start a conversation.