From May 1-July 21, 2020, Unit 42 researchers captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends. The majority of attacks we observed were classified as high severity (56.7%), and nearly one quarter (23%) were classified as critical. The most common vulnerabilities exploited were CVE-2012-2311 and CVE-2012-1823, both command injection vulnerabilities in PHP CGI scripts. This indicates that attackers are looking for exploits with high impact.
We analyzed the network attacks in terms of the countries from which they originated. Of note, China overwhelmingly had the highest activity, followed by Russia and the United States. This may be in part because of the large population that China, Russia and the United States have, as well as the high amounts of internet use in those countries. Attacks may also appear to originate from countries that don’t correspond to the attackers’ physical locations: Some attackers use proxy servers and anonymizers to hide their locations. Indeed, it may be strategically advantageous for attackers to conduct their activities in a way that suggests their activity is emanating from other specific target countries.
Source: Palo Alto