Aquaboutic | Focus Security Research | Vulnerability Exploit | POC

Home

one hole view of the world: see the defense capability of network warfare of all countries

Posted by barkins at 2020-03-28
all

1. introduction

It is difficult to evaluate the capability of cyber warfare in different countries before a real cyber war begins. The real war can evaluate the national combat capability through weapons, combat personnel, strategic resources and so on, while the network war is invisible and hidden, so it is difficult for us to evaluate the attack and defense capability of each country in the network war.

The "heart bleeding" loophole has a wide global impact, important impact targets, great impact hazards, and is easy to detect in technology, which provides a very rare opportunity for us to compare the network warfare capabilities of various countries.

There is a famous saying in the Jianghu: the world's martial arts are fast, and so are the cyber security attacks and defenses. The first three days after the outbreak of the "heart bleeding" vulnerability is the golden period, for the attacker, it is the golden period for vulnerability attack, and the attack time window is very short; for the defender, it is the golden period for vulnerability repair, and the time race with the attacker needs to be carried out at the fastest speed.

Therefore, in the first three days after the outbreak of the "heart bleeding" leak, it can be said that a real network attack and defense war without smoke of gunpowder has been staged all over the world. This paper will interpret the defense capability of each country in network war through the speed of repairing this vulnerability in every country in the world.

2. Vulnerability summary

On April 7, 2014, OpenSSL software was shocked to have a serious security vulnerability, with the vulnerability number of cve-2014-0160. The vulnerability has great harm and wide influence, just like the Internet's heart bleeding, so it is called "heart bleeding" vulnerability.

Vulnerability Description:

OpenSSL is the most widely used secure transmission method on the Internet at present. It uses data encryption technology to ensure the data transmission security on the Internet and ensure that the data will not be intercepted and eavesdropped in the process of transmission on the Internet, which is equivalent to the door lock with the largest sales volume on the Internet.

Due to a vulnerability in the source code of OpenSSL software, the attacker can obtain 64K data content in the server memory, which includes user privacy information, user clear text password, user bank password, e-mail content, important business documents, etc. the vulnerability makes OpenSSL a useless lock that can be opened without a key.

Vulnerability impact:

Many Internet companies are affected by the vulnerability, including Google, YAHOO, Amazon and Taobao, Alipay, WeChat, NetEase, and 12306 railway ticketing systems. The scope of the vulnerability is hitherto unknown, making it the first security flaw reported by CCTV in history.

Not only the products of well-known Internet enterprises are affected, but also the important information systems of each country will be affected by the vulnerability. OpenSSL software itself is used to ensure the security of data transmission. The national important information system and important network services will use OpenSSL software, so it will be affected by the vulnerability. The industries affected by the information system include government, power, oil, communication, finance, science and technology, etc., and the affected network services include privacy information transmission service, mail encryption receiving and sending service, VPN virtual network service, etc.

Vulnerability example:

This vulnerability is used to obtain the user name and password of 12306 railway ticketing system.

Using this vulnerability to get Alipay user's user name, login token, mobile phone number, bank card binding information, balance treasure income.

3. Vulnerability impact situation

From the zoomeye team of know Chuangyu, the security emergency response will be carried out immediately after the outbreak of the vulnerability, and the impact scope of the vulnerability in the global cyberspace will be evaluated to sense the impact situation of the vulnerability. According to the detection and evaluation of zoomeye team, the number of network devices affected in the global cyberspace was 2433550 on the first day of the vulnerability. The global impact of vulnerability is shown in the figure below. The darker the color is, the more network devices affected by the vulnerability are.

Global vulnerability impact map

As can be seen from the figure, the United States has the largest number of network equipment affected by vulnerabilities, indicating that the United States has the largest number of important information systems; African countries have few network equipment affected by vulnerabilities, reflecting that their countries are underdeveloped and the information construction is relatively backward; Northwest China has few network equipment affected by vulnerabilities, reflecting that the information construction in Northwest China is also relatively backward.

The zoomeye team makes a statistical comparison of the number of vulnerability impacts in 20 regions around China and Europe and the United States, as shown in the figure below.

Comparison of vulnerability impacts in 20 regions

Conclusion:

By statistical comparison, the number of network devices affected by the vulnerability in the United States accounts for about 34% of the world's total, and the network devices affected by the vulnerability are all important information systems, which also reflects that the construction capacity of important information systems in the United States is in the leading position in the world.

On the contrary, China's number of vulnerability affected accounts for less than 1.5% of the world, which is far lower than that of the United States. This shows that the construction of important information systems in China is not developed enough, which is seriously inconsistent with China's international status. China still needs to vigorously develop the infrastructure in the era of information network.

4. Vulnerability repair situation

Within one week after the outbreak of the vulnerability, zoomeye team of Chuangyu is known to conduct continuous detection of the impact scope of the vulnerability on global cyberspace, evaluate the number of the impact of the vulnerability, and perceive the vulnerability repair situation in global cyberspace.

Number and rate of repairs:

The figure below is a trend chart of the number of network devices affected by vulnerabilities in the world in a week, which shows that countries around the world are responding to vulnerabilities and repairing vulnerabilities to ensure the security of their own information systems.

Global vulnerability repair trend in one week

There is a famous saying in the Jianghu: the world's martial arts are fast, and so are the cyber security attacks and defenses. No matter the attacker or the defense party, they will do their own things as soon as possible after the outbreak of the vulnerability: the attacker attacks against the target, and the defense policy fixes the vulnerability of their own system. The first three days after the outbreak of the vulnerability are the golden period for both parties. We compare the number of vulnerability impacts on the first day and the third day after the outbreak to calculate the vulnerability repair rate.

The zoomeye team made statistics on 20 regions around China and Europe and the United States, compared the number of countries' vulnerability impact on the first and third day of vulnerability outbreak, and obtained the vulnerability repair rate of each country. Through the comparison of repair rate, it can truly reflect the response ability of each country in the face of this serious vulnerability, and also reflect the defense ability of each country in the network war.

Comparison of vulnerability repair rates in 20 regions

As can be seen from the figure, compared with the number of vulnerability impacts on the first and third days, the global vulnerability repair rate is 40%; Singapore's vulnerability repair rate is the highest, reaching 57%; the US's vulnerability repair rate is only the second, ranking 49%; while China's vulnerability repair rate is 18%, lower than the global average, ranking only 102.

Repair industry:

The zoomeye team conducted an industry survey on the information systems for bug fixes in the first day in the United States, Taiwan and Japan. It was found that most of the information systems for major industries completed bug fixes on the first day in these three regions, as shown in the following list. However, most of the large-scale Internet enterprises, such as Alibaba and Tencent, completed the bug repair on the first day in China. The repair speed of information systems in important industries in China is relatively slow, and most of them started to repair the bugs after three days.

Here are some examples:

US government:

US military:

Us - Finance:

U.S. - Power:

U.S. - oil:

Us - Communications:

Taiwan - Education:

Taiwan - Communications:

Japan - Government:

Japan - Finance:

Japan - oil / steel / Communications:

Japan - Education:

Conclusion:

The repair speed in response to the security threat of important loopholes reflects the response ability of the country in resisting the important network threat and emergency important network events, and also reflects the network defense ability of each country in the future network war at the national level.

From the perspective of the repair speed of "heart bleeding" hole, China's repair speed is only ranked the 102nd in the world, indicating that the network security response ability is still weak, so it is necessary to improve the security awareness, enhance the emergency response ability and the overall security defense ability.

5. Recruit talents

Know that Chuangyu is an aspiring Internet security company. They have gathered the first-class hackers and engineers in China. The "hacker culture" and "engineer culture" have excellent reputation in the industry. They describe themselves like this:

We firmly believe that excellent hackers and engineers are the driving force for our growth; we are eager for the real people who love programming, have strong initiative, strong curiosity and strong hands-on ability; we encourage innovation, use of Linux and open-source spirit; we advocate agility and practice agility; we work together without any bureaucratic atmosphere; we provide Competitive salary system, once a year salary adjustment opportunities; Five insurances and one subsidy, such as meal subsidy, telephone subsidy, transportation subsidy, computer subsidy, etc.; annual physical examination, birthday, marriage and birth congratulation gifts for employees; reimbursement of book purchase expenses at any time, fruits and yoghurt every day; travel or expansion activities for all employees every year, regular activities for hobby groups; working hours 10:00-18:00, flexible working hours, extra five days of holiday for Spring Festival.

We always think that we are entrepreneurial teams, and the brothers who come in have a sense of entrepreneurship and a sense of entrepreneurship. We cooperate with each other to form an excellent combat team, and there is no such bureaucratic atmosphere of management.

If you join us, we can provide a salary + development platform that matches your ability. Here you can also get in touch with first-class hackers and engineers, cross-border collision and many inspiration. If you don't want to provide for the aged, don't want to do nothing, don't want to experience office politics, come here.

Let the Internet be better and safer together!

We are looking for:

For details, please refer to: http://www.knownsec.com/job;

If you are interested, please send your resume to [email protected], with the title of "name - applied position". We will contact you as soon as we receive your resume.