绿盟科技天枢实验室推荐 2018 网络安全观察 i g u th 5 b m o .c 绿盟威胁情报中心（NTI） © 绿盟科技 关于绿盟科技 北京神州绿盟信息安全科技股份有限公司（以下简称绿盟科技），成立于 2000 年 4 月，总 部位于北京。在国内外设有 40 多个分支机构，为政府、运营商、金融、能源、互联网以及教育、 医疗等行业用户，提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。 基于多年的安全攻防研究，绿盟科技在检测防御类、安全评估类、安全平台类、远程安全运 维服务、安全 SaaS 服务等领域，为客户提供入侵检测 / 防护、抗拒绝服务攻击、远程安全评估 以及 Web 安全防护等产品以及安全运营等专业安全服务。 北京神州绿盟信息安全科技股份有限公司于 2014 年 1 月 29 日起在深圳证券交易所创业板上 市交易，股票简称：绿盟科技，股票代码：300369。 u th i g 特别声明 5 b 为避免合作伙伴及客户数据泄露，所有数据在进行分析前都已经过匿名化处理，不会在中 间环节出现泄露，任何与客户有关的具体信息，均不会出现在本报告中。 m o .c 2018 网络安全观察 目录 1. 执行摘要 ·······························································································································································2 2. 重要观点 ·······························································································································································5 3. 态势总览 ·······························································································································································7 3.1 攻击类型分布··············································································································································································· 8 3.2 地域分布······················································································································································································· 9 m o .c 3.3 惯犯观察····················································································································································································· 10 4. 漏洞观察 ·····························································································································································17 4.1 总体态势····················································································································································································· 18 4.2 设备类漏洞明显增加 ································································································································································ 19 5 b 5. 恶意流量观察 ·····················································································································································22 5.1 漏洞利用····················································································································································································· 23 u th 5.1.1 设备类漏洞从未缓解················································································································································································23 5.1.2 服务器漏洞利用 ························································································································································································25 i g 5.1.3 应用类漏洞 ································································································································································································27 5.2 Web 攻击 ···················································································································································································· 29 5.2.1 Web 攻击态势 ···························································································································································································29 5.2.2 Web 漏洞利用 ···························································································································································································30 5.3 DDoS 攻击 ·················································································································································································· 33 5.3.1 攻击态势 ····································································································································································································33 5.3.2 攻击类型分析 ····························································································································································································36 6. 恶意软件观察 ································································································································