JSOC INSIGHT vol.11 English Edition

"JSOC INSIGHT" is an analysis report on the trend of security incidents, such as unauthorized access and malware infection, in Japan, based on daily analysis results by our JSOC security analysts. Since this report analyzes the trends in attacks, based on the data of incidents which JSOC customers actually encountered, the report will help in understanding world trends as well as actual threats that Japanese users are facing.

JSOC INSIGHT vol.11 contains below topics.

• Unauthorized Web server manipulations by WebShells
• Increasing ransomware-infected traffic
• Joomla! vulnerabilities reported one after another

Contents

1. Preface
2. Executive Summary
3. Trends in Severe Incidents at the JSOC
    3.1 Trends in severe incidents
    3.2 Analysis of severe incidents
    3.3 Attack traffic detected numerous times
     3.3.1 iOS application contamination with XcodeGhost
     3.3.2 Attack traffic originating from a specific network range allocated to France
   
4. Topics of This Volume
    4.1 Unauthorized Web server manipulations by WebShells
     4.1.1 Detection status of attack traffic that attempts unauthorized file upload, and target vulnerabilities
     4.1.2 WebShell capabilities and an overview of how they work
     4.1.3 Preventions against unauthorized file upload attempts and recommendations regarding the early detection of such attempts
    4.2 Ransomware-infected traffic
     4.2.1 Ransomware-infected traffic incidents
     4.2.2 Ransomware infection routes
     4.2.3 Countermeasures against ransomware
    4.3 Joomla! vulnerabilities
     4.3.1 SQL injection vulnerabilities in Joomla!
     4.3.2 Overview of code execution vulnerability in Joomla!
5. Conclusion