Cyber Security Cloud, Inc. (Headquarters: Shibuya-ku, Tokyo; CEO: Akira Ohno; hereinafter referred to as "Cyber Security Cloud") is pleased to announce the release of its "2016 Cyber Attack White Paper," which summarizes the current state of cyber attacks in fiscal year 2016.
The "2016 Cyber Attack White Paper" is a research report that aggregates, analyzes, and calculates attack logs observed by "Shadankun" Cloud-based WAF security service that blocks all attacks on websites and web servers. By publishing this report, we hope to raise awareness of cybersecurity among companies in various industries.

■ Overview of the 2016 Cyber Attack White Paper
-Survey period: Friday, January 1, 2016 to Saturday, December 31, 2016
-Investigation method: Analysis of attack logs observed by "Shadankun "
-Number of surveys (valid samples): 1,652 sites

■Attack situation throughout 2016
In 2016 as a whole, attacks on companies that have implemented "Shadankun" consisted of "web scans" that search for attackable web pages, "web attacks" that randomly try known vulnerabilities, and "brute force" attacks such as password list attacks, accounting for approximately 90% of attacks. There was a lot of activity that appeared to be random scanning activities using tools.
Additionally, December saw the highest number of attacks in 2016, at 2,870,132.

Looking at the timeline, the main types of attacks changed around March and April, which is thought to be related to changes in lifestyles in Japan. When using new services, caution is needed to avoid neglecting previously used services, and improper handover due to changes in personnel.

■ Attack status by country
The graph below shows the source IP addresses of attacks detected in 2016, broken down by country. China came in first among the top 10 source countries for attacks using "Shadankun" services.
The rankings and percentages for each country were: 1st: China (40%), 2nd: United States (26%), 3rd: Japan (9%), 4th: Ukraine (5%), 5th: South Korea (5%), 6th: Russia (4%), 7th: Vietnam (3%), 8th: Hong Kong (3%), 9th: India (3%), and 10th: France (2%).

Looking at the timeline, we can see that there were many attacks from Russia in January and February, and seasonal peaks in the United States, Japan, and South Korea, while there are consistently many attacks from China.

■ Attack Overview
1. SQL Injection
SQL injection exploits vulnerabilities in web applications,
This is an attack that manipulates the database illegally by executing unauthorized SQL statements.

2. Brute Force Attack
A brute force attack is a brute force attack that uses all possible methods to crack a code or find a password.

3. Web Attack
Web attacks are similar to DoS attacks or involve OS command injection.

4. Web Scan
Web scanning is a predictive attack that involves searching for targets for attack or simple random attacks to look for vulnerabilities.

5. Cross-site scripting
Cross-site scripting is a method of attacking a vulnerable website by using a script created by an attacker.
This is an attack that requires the viewer to carry out the attack.

6. Directory Traversal
Directory traversal is an attack that allows unauthorized access to files on a web server.

7. Other
Attacks that exploit vulnerabilities in various operating systems, middleware, etc. are considered "other."
This also includes things that are usually considered outside the scope of a WAF.
This is an attack that does not go through a website or web application.

Yoji Watanabe CTO, Cyber Security Cloud, Inc.

■ Expert comments (summary)
As in previous years, 2016 saw reports of vulnerabilities in plugins for CMSs such as WordPress, Movable Type, and Joomla, as well as serious vulnerabilities in application frameworks such as Apache Struts.
In fact, many attacks targeting these vulnerabilities have been discovered. There are many attacks that identify and target these vulnerabilities, and in some cases they can cause significant damage. However, in many cases, attacks are carried out as a preparatory scan to find servers that can be used as stepping stones. Therefore, it is extremely dangerous to make an incorrect risk assessment from the perspective that no one will access your company's website and there is no benefit to attacking it.
Additionally, given the increase in brute force attacks in March and April, points to watch out for include easily cracked passwords for new users, hijacking of dormant accounts, and a decline in monitoring levels due to system administrator transfers.
By country, China was ranked first in the top 10 sources of attacks, but attacks from Japan are also increasing. Restricting overseas IP addresses is not enough to ensure safety, and fundamental countermeasures must be considered.