Security 419 learned that Qi'an Information Industry Security Research Center and other internal departments jointly released the 2021 China Website Security Report (hereinafter referred to as the "Report") recently, which analyzed and studied the overall situation of domestic website security in 2021 from the dimensions of high-risk port exposure, third-party vulnerability report, website attack interception, DDoS attacks, zombie networks, etc.
High risk port exposure has attracted attention, and information leakage vulnerabilities account for up to 36%
In recent years, the website security construction of domestic large and medium-sized government and enterprise institutions has made great progress, but security risks still exist widely. According to the data in the Report, in 2021, Qianxin Global Eagle System will monitor 1.83 billion domestic website assets, covering 60 million independent Web IP addresses, and each independent Web IP address will correspond to 30.5 websites on average.
Among all monitored websites, there are about 66.446 million websites with high-risk protocol (such as SSH, SMB, MySQL, etc.) port exposure (referred to as high-risk port exposure), accounting for 3.6% of the total monitored websites. From the perspective of geographical distribution, East China has the largest number of websites with high-risk port exposure, accounting for 47.6% nationwide, followed by South China, accounting for 22.5%; North China ranked third, accounting for 11.1%.
According to the vulnerability report, the Report shows that in 2021, the Butian Vulnerability Response Platform included 146293 security vulnerabilities of various websites nationwide, involving 115243 websites. From the distribution of vulnerability causes, 99.1% of the relatively isolated event type vulnerabilities are caused by the website's own development, construction, operation and maintenance management, and only 0.9% of the common vulnerabilities in similar websites or functional modules of similar websites are caused by website development platforms, development tools or development languages.
In addition, from the perspective of the technical types of vulnerabilities, in 2021, among the website security vulnerabilities included in the Patian platform, information disclosure vulnerabilities accounted for the highest percentage, reaching 36.0%, followed by SQL injection vulnerabilities, accounting for 18.4%, and weak passwords accounting for 12.9%. From the perspective of industry distribution, IT information technology and Internet communication are the most, accounting for 35.5% of the country's total, followed by manufacturing, education and training.
Hackers can also take advantage of website security vulnerabilities to launch attacks on websites. The use of website protection means can detect and intercept such attacks. The Report shows that in 2021, Qianxin's website guards will intercept 9.51 billion attacks on various websites for 403000 websites nationwide, with an average of 26.049 million attacks per day. Among them, abnormal protocol requests account for the highest proportion, accounting for 58.1% of the total number of website guards' attacks intercepted. The types of attacks ranked top 10 in terms of interceptions, accounting for 84.7% of the total interceptions.
NTP becomes the main type of DDoS attacks, and botnets are still the parasitic cancer of the Internet
According to the DDoS attacks, the data in the Report shows that throughout 2021, Qi'an Information Technology Research Institute has monitored a total of 287000 IP addresses across the country were subjected to 842000 DDoS attacks, of which about 4.3% were DDoS attacks, and a variety of other types of attack methods were used together. Attackers use a variety of attack means according to the specific environment of the target system, which also increases the cost of response and processing of the attacked.
From the perspective of attack types, NTP is the largest, accounting for 80.4% of the total number of DDoS attacks in China throughout the year; Next are Jenkins, Memcached and SSDP. It can be seen that NTP, Jenkins, Memcached and SSDP are the main attack methods of DDoS.
In addition, the Report cites monitoring data and shows that in 2021, there will be about 530000 active botnet infected node IP addresses nationwide (de duplication statistics). Among them, there are about 72000 vulnerability attack sources and 388000 weak password burst sources.
