Cyber Security Cloud, Inc. (Headquarters: Shibuya-ku, Tokyo, CEO: Akira Ohno, hereinafter referred to as "Cyber Security Cloud") has compiled a list of countermeasures for the New Year holiday season based on the cyber-attack situation observed by its Cloud-based WAF "Shadankun."
By publishing this report, we hope to raise awareness of cybersecurity among companies.

■Table of contents:
1. Introduction
②Cyberattacks during long holidays
②Measures before the holidays
3. Post-holiday measures
④ Conclusion (Summary)

■Introduction:
During long holidays (year-end/New Year's, Golden Week, summer holidays), system administrators and external vendor staff are absent for long periods of time, which means that if damage from a cyber attack occurs, it may be prolonged, unlike normal times. This press release uses data from Cloud-based WAF "Shadankun" to warn of the situation during long holidays.

-Survey period: Friday, December 1, 2017 to Wednesday, January 31, 2018
- Survey target: User accounts using "Shadankun "
-Investigation method: Analysis of attack logs observed by "Shadankun"

■ Cyber attacks during long holidays

① Dec. 1, 2017 - Jan. 31, 2018 Trends in the number of attacks detected (by country of origin)

The attack detection situation during the New Year holidays from 2017 to 2018 is as shown in the figure above.
After detecting nearly 350,000 attacks on December 1st, we can see that the number of detections remained below 200,000 for most of December. The number of detected attacks began to increase towards the latter half of December. The increase began on December 28th, 2017, peaked on January 1st, 2018, and has been gradually decreasing ever since. The typical New Year's holiday in Japan is from December 29th, 2017 to January 3rd, 2018, and it can be said that attacks were targeted during this period as well as the few days before and after.
This shows that there is a high possibility of being affected by cyber attacks during the New Year period.

The top five countries with the most attacks detected during the above period were the United States (US), Japan (JP), China (CN), Germany (DE), and France (FR). However, it can be seen that only during the period from December 29, 2017 to January 4, 2018, a large number of attacks were detected from Italy (IT).

② Trends in the number of attacks detected from December 1, 2017 to January 31, 2018 (by type of attack)

By attack type, attacks categorized as "Blacklisted user agents" accounted for about half of the number of attacks detected per day. "Web attacks," which were detected at relatively low daily rates in other periods, increased between December 28, 2017 and January 5, 2018.

These facts show that it is important to take measures against cyber attacks during long holidays such as the New Year holidays.
To prevent the worst-case scenario, be sure to take the following precautions:

<Attack summary>
1. Blacklisted user agent
This is a bot attack that uses vulnerability scanning tools.
Examples of such scan tools include "ZmEu", "Nikto", and "Morfeus".

2.Web Attack
Web attacks are similar to DoS attacks or involve OS command injection.

3.Web Scan
Web scanning is a predictive attack that involves searching for targets for attack or randomly conducting simple attacks to look for vulnerabilities.

4. Brute Force Attack
A brute force attack is a brute force attack that uses all possible methods to crack a code or find a password.

5. SQL Injection
SQL injection is an attack that takes advantage of a vulnerability in a web application to execute SQL statements that are not expected by the application, thereby manipulating the DB improperly.
​

6. Cross-site scripting
Cross-site scripting is a method of attacking a vulnerable website by using a script created by an attacker.
This is an attack that requires the viewer to carry out the attack.

7. Directory Traversal
Directory traversal is an attack that allows unauthorized access to files on a web server.

8.Other
Attacks that exploit vulnerabilities in various operating systems, middleware, etc. are considered "other."
This also includes things that are usually considered outside the scope of a WAF.
This is an attack that does not go through a website or web application.

■Pre-vacation measures:
①Confirmation of emergency contact system and contact details
Considering the unlikely event of an emergency, confirm the emergency contact system and response procedures. This includes not only your own company but also collaboration with external companies, including outsourced companies.
To prevent situations where a person in charge is traveling overseas and cannot be contacted during their vacation, it is necessary to clarify the whereabouts of each member during their vacation. Also, to ensure a smooth response in the event of a serious incident or a vulnerability being discovered in the system being used, it is important to establish a contact flow and authority to decide who has authority. Also, make sure to confirm that there have been no changes to emergency contact information.
② Turn off the power of devices you are not using
It is recommended that you turn off all devices that you will not be using during your long vacation.
Especially with servers, it's too late to do anything once something has happened, so try to turn off anything that can be turned off.
3. Obtain backup data for important data
Back up your data in case of an unforeseen event.

④ Make sure that the latest security patches are applied to the server's OS and software.
Make sure that not only your servers but also the devices used by your employees are up to date.

■Post-vacation measures:
As a precaution after the holidays, even if no visible incidents such as service outages or tampering have occurred, we recommend checking system logs, access logs, etc. to see if there has been any suspicious access to the server, just in case. Because cyber attacks are not visible, do not simply assume that the situation is no different from normal, but be sure to check.

■ Conclusion (Summary):
The number of cyber attacks does not decrease even during long holidays, so attacks are expected to continue in 2019.
If you notice anything out of the ordinary, no matter how small, you should immediately contact the person in charge and check the situation.
Taking into account the fact that staff will be thinned, it is important to establish a system that allows you to communicate and respond in the same way as usual, and to check after the holidays to make sure there are no problems.

■ About "Shadankun "
https://www.shadan-kun.com/

"Shadankun" is Cloud-based WAF web security service that visualizes and blocks cyber attacks on websites.
It has been adopted by a wide range of companies, from government agencies and financial institutions to large corporations and venture businesses, regardless of industry or size, and in the approximately three and a half years since the service was launched in December 2013, it has recorded the highest cumulative number of companies and websites using it in Japan*1.

*The name and logo of Shadankun are registered trademarks or trademarks of Cyber Security Cloud, Inc. in Japan.
*1 Source: Market research on "Cloud-based WAF services" (as of August 25, 2017) <ESP Research Institute> (survey conducted in August 2017)

■About Cyber Security Cloud, Inc.
Company name: Cyber Security Cloud, Inc.
Address: VORT Ebisu Maxim 3rd Floor, 3-9-19 Higashi, Shibuya-ku, Tokyo 150-0011
Representative: Akira Ohno, Representative Director
Established: August 2010
URL: https://www.cscloud.co.jp/

Cyber Security Cloud is committed to the philosophy of "creating a cyberspace that is safe and secure for people all over the world." Based on this philosophy, the company develops, operates, maintains, and sells web security services.
In the field of web security, which previously required technical personnel, we have been highly praised for being one of the first to move to the cloud, enabling "faster, easier, and safer" web security measures and dramatically reducing operational burdens. In October 2018, we were ranked 10th in the Deloitte Touche Tohmatsu Limited 2018 Japan Technology Fast 50, a ranking of industry growth rates based on revenue (sales), with a growth rate of 495.72% based on revenue (sales) over the past three fiscal years. We will continue to develop services that all companies can use safely and securely, and contribute to the advancement of the information revolution.