CERT China claims Japan and US lead in attacks on Chinese internet sites

Army men on a laptop courtesy of ShutterstockThe People’s Daily Online reported Monday that the number of foreign attacks against Chinese internet infrastructure “remain severe.” China’s CERT stated that a total of 47,000 foreign IP addresses were involved in attacks against 8.9 million Chinese computers last year.

They claim that most of these attacks originate from Japan, the United States and the Republic of Korea (South Korea).

While these numbers do in fact sound large, I wouldn’t necessarily jump to the conclusion that China is being targeted by Japanese and US cybercriminals.

I am not suggesting that they are lying, but rather it is likely that these attacks are perpetrated by compromised computers that are controlled by worms attempting to randomly connect to other vulnerable systems.

Additionally, the number of machines being attacked is actually very small when compared to other nations on a per capita basis. China has an estimated 500 million internet users compared with the United States (2nd place) with only 200 million.

At SophosLabs we detect more than 20,000 new infected URLs, not to mention receiving more than 100,000 new malicious code samples every single day. Compare this to 1,116 Chinese websites “tampered with by overseas-based hackers” last year.

Zhou YonglinZhou Yonglin, an information security official with the Internet Society of China, commented, “China has become the world’s largest victim of cyber attacks.” The gentleman doth protest too much, methinks.

Cyberattacks are a serious problem, and it is unfortunate that the Great Firewall of China isn’t doing as good a job of keeping things out as it is in keeping them in.

The bright side, if the numbers are accurate, seems to be that Chinese internet users and websites are far less likely to be attacked than those in other countries.

Looking at China CERT’s most recent weekly report, approximately 90% of infections in China are from the Conficker worm, which was first discovered in November 2008.

Microsoft statistics show a large number of Chinese PC users are using pirated copies of Windows. Many users who use unlicensed copies of Windows are afraid to apply security updates fearing they will somehow be reported.

This is likely a large proportion of the remaining Conficker infected machines, currently estimated at 2.8 million PCs.

Not that anyone in China will read this… NakedSecurity.Sophos.com appears to be blocked by the Great Firewall.

Army men on a laptop image courtesy of Shutterstock.