The SERT Q2 Quarterly Threat Intelligence Report

Something Old, Something New

Jon-Louis Heimerl

July 15, 2014 - Posted by Jon-Louis Heimerl to Threat Intelligence

The Solutionary Security Engineering Research Team (SERT) has released its Q2 2014 Quarterly Threat Intelligence Report. SERT has identified both old and new trends and information during research efforts this past quarter. For instance, it may not surprise anyone to know that the United States dominated malware hosting countries, but it is new that this included 56% of the malware identified by the SERT honeynet (that’s up from 44% since Q4, 2013).

There were some changes in the top 10 hosting countries, but United States sites still rules this particular category. It may surprise you; however, to hear that Amazon hosted 41% of the malware SERT identified during the quarter (that’s an increase of over 2.5 times the 16% found in Q3, 2013). We had hoped that hosting providers would take action to reduce the number of “hostile” sites, yet it appears that attackers are flocking to Amazon hosted services because of the ease with which the new sites can be provisioned, and up and running in a few moments. By contrast, GoDaddy dropped seven spots, to the 9th position, due to a significant decrease from 14% to 2% of the trapped malware.


And malware news isn’t just limited to the same old viruses. SERT was able to weaponize an attack which exploited the Heartbleed vulnerability in OpenSSL. SERT identified the characteristics of this attack, which should be taken seriously, because as of June 21, 2014 over 300,000 servers were still vulnerable to Heartbleed.

Part of the issue with Heartbleed is taking advantage of the threat. Which is exactly what Web shells are designed to do – maximize the effectiveness of a breach by helping to make the breach more durable – easier to use and harder to find. SERT performed analysis on Web shells, as well as evaluated the exploitability of Node.js as a current and future threat vector. SERT discusses malware sources and hosting providers, weaponized Heartbleed, geographic profiling of attacks, Web shells, Node.js and more in the Q2 2014 Quarterly Threat Intelligence Report, available from Solutionary now.

Download the complete report and use the information to help protect your organization from the latest security threats.




The NTT Group 2014 Global Threat Intelligence Report is now available for download. Click here for key findings, global statistics, real-world case studies and recommendations to reduce the threat mitigation timeline.

Read more on Solutionary Minds about:

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)