CERT China claims Japan and US lead in attacks on Chinese internet sites

Filed Under: Featured, Malware, Vulnerability

Army men on a laptop courtesy of ShutterstockThe People's Daily Online reported Monday that the number of foreign attacks against Chinese internet infrastructure "remain severe." China's CERT stated that a total of 47,000 foreign IP addresses were involved in attacks against 8.9 million Chinese computers last year.

They claim that most of these attacks originate from Japan, the United States and the Republic of Korea (South Korea).

While these numbers do in fact sound large, I wouldn't necessarily jump to the conclusion that China is being targeted by Japanese and US cybercriminals.

I am not suggesting that they are lying, but rather it is likely that these attacks are perpetrated by compromised computers that are controlled by worms attempting to randomly connect to other vulnerable systems.

Additionally, the number of machines being attacked is actually very small when compared to other nations on a per capita basis. China has an estimated 500 million internet users compared with the United States (2nd place) with only 200 million.

At SophosLabs we detect more than 20,000 new infected URLs, not to mention receiving more than 100,000 new malicious code samples every single day. Compare this to 1,116 Chinese websites "tampered with by overseas-based hackers" last year.

Zhou YonglinZhou Yonglin, an information security official with the Internet Society of China, commented, "China has become the world's largest victim of cyber attacks." The gentleman doth protest too much, methinks.

Cyberattacks are a serious problem, and it is unfortunate that the Great Firewall of China isn't doing as good a job of keeping things out as it is in keeping them in.

The bright side, if the numbers are accurate, seems to be that Chinese internet users and websites are far less likely to be attacked than those in other countries.

Looking at China CERT's most recent weekly report, approximately 90% of infections in China are from the Conficker worm, which was first discovered in November 2008.

Microsoft statistics show a large number of Chinese PC users are using pirated copies of Windows. Many users who use unlicensed copies of Windows are afraid to apply security updates fearing they will somehow be reported.

This is likely a large proportion of the remaining Conficker infected machines, currently estimated at 2.8 million PCs.

Not that anyone in China will read this... NakedSecurity.Sophos.com appears to be blocked by the Great Firewall.

Army men on a laptop image courtesy of Shutterstock.

, ,

You might like

5 Responses to CERT China claims Japan and US lead in attacks on Chinese internet sites

  1. Lex · 859 days ago

    I would just treat it as reverse traffic.

  2. China complaining about cyber-attacks is hilarious to me.

    • Michael · 858 days ago

      And I'd also find the US and Australia complaining about 'cyber' attacks hilarious, since I've seen quite a few such attacks apparently coming from those countries in the last month. I blame the countries.

    • Jacob Lane · 232 days ago

      Lol, I get like 5 - 100 attempts a day from chinese ip addresses trying to guess my ssh server password/username

  3. jasperledd · 853 days ago

    the more people you have surfing the net. the more victims you can have, its more about ratio then numbers in my opinion. i would be curious to know the ratio of china's attacks vs other countries.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.