JSOC INSIGHT vol.14 English Edition

"JSOC INSIGHT" is an analysis report on the trend of security incidents, such as unauthorized access and malware infection, in Japan, based on daily analysis results by our JSOC security analysts. Since this report analyzes the trends in attacks, based on the data of incidents which JSOC customers actually encountered, the report will help in understanding world trends as well as actual threats that Japanese users are facing.

JSOC INSIGHT vol.14 contains below topics.

• Increasing attacks that attempt to hijack IoT devices
• Regarding code execution vulnerability (CVE-2016-6366) in Cisco products
• Regarding DoS vulnerability (CVE-2016-2776) in BIND

Contents

1. Preface
2. Executive Summary
3. Trends in Severe Incidents at the JSOC
    3.1 Trends in severe incidents
    3.2 Analysis of severe incidents
    3.3 Suspicious SSL certificates used on a target that malware communicates with
4. Topics of This Volume
    4.1 IoT device hijack attempts detected
     4.1.1 Attack overview
     4.1.2 Increasing DDoS attacks that abuse IoT devices
     4.1.3 Regarding the in-house use of IoT devices
    4.2 Regarding code execution vulnerability (CVE-2016-6366) in Cisco products
     4.2.1 Vulnerabilities overview
     4.2.2 Testing attack traffic that exploits the vulnerability
     4.2.3 Protection against attacks that exploit the vulnerability
    4.3 Regarding denial-of-service (DoS) vulnerability (CVE-2016-2776) found in BIND
     4.3.1 Vulnerability overview
     4.3.2 Testing attack traffic that exploits the vulnerability
     4.3.3 Protection against attacks that exploit the vulnerability

Appendix 1: Increasing Mirai-based IoT Device Hijacking and DDoS Attacks
Appendix 2: IDs and Passwords Hard-coded in Mirai
Conclusion