2018年网络安全观察报告

关于绿盟科技 北京神州绿盟信息安全科技股份有限公司（以下简称绿盟科技），成立于2000年4月，总部位于北京。在国内外设有40多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户，提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。 基于多年的安全攻防研究，绿盟科技在检测防御类、安全评估类、安全平台类、远程安全运维服务、安全SaaS服务等领域，为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及安全运营等专业安全服务。 北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市交易，股票简称：绿盟科技，股票代码：300369。 特别声明 为避免合作伙伴及客户数据泄露，所有数据在进行分析前都已经过匿名化处理，不会在中间环节出现泄露，任何与客户有关的具体信息，均不会出现在本报告中。 目录 3.1攻击类型分布··············································································································································································· 83.2地域分布······················································································································································································· 93.3惯犯观察····················································································································································································· 10 4.漏洞观察·····························································································································································17 4.1总体态势····················································································································································································· 184.2设备类漏洞明显增加································································································································································ 19 5.恶意流量观察·····················································································································································22 5.1.1设备类漏洞从未缓解················································································································································································235.1.2服务器漏洞利用························································································································································································255.1.3应用类漏洞································································································································································································27 5.2.1 Web攻击态势···························································································································································································295.2.2 Web漏洞利用···························································································································································································30 5.3 DDoS攻击·················································································································································································· 33 5.3.1攻击态势····································································································································································································335.3.2攻击类型分析····························································································································································································36 6.恶意软件观察·····················································································································································40 6.1后门····························································································································································································· 416.2挖矿····························································································································································································· 426.3蠕虫····························································································································································································· 446.4木马远控····················································································································································································· 456.5僵尸肉鸡····················································································································································································· 46 7.1物联网家族样本分布································································································································································ 497.2物联网恶意挖矿········································································································································································ 507.3物联网攻击资源分析································································································································································ 52 1.执行摘要执行摘要 从1987年9月14日，中国向世界发出第一封电子邮件到如今，中国的互联网发展已过去整整31