2018: The Year in Review at BitNinja
Boglarka Angalet

2018: The Year in Review at BitNinja

As we look back now, it is amazing to remember all the things we achieved together and all the threats BitNinja saved us from since the start of the year. 

Here’s a five minute summary of what we have been up to in 2018. 

Hacker-free new year to everyone! See you in 2019!


Thank you for an amazing 2018!

First of all, we’d like to say thank you for your engagement and support all around the year. You inspire us to achieve the best security solution available, to develop our community and to deepen our knowledge of every aspect of cybersecurity. 

Thanks for being such great partners and reaching these amazing milestones with BitNinja:


Top-notch Linux Server Security

2018 started with two critical CPU vulnerabilities. Desktops, laptops, smartphones, tablets, cloud devices, servers… All of them got endangered by Meltdown and Spectre.  Another punch at server owners' face was Drupalgeddon#3, where we had to act quick and patch it in 48 hours. And threats just kept coming over the year...

There's no question that BitNinja left its mark on the cybersecurity industry this year, too. How do we know that?

1,555,552,253 stopped attacks worldwide must have been a pain in the... eye of the hackers. The dispersion was something we had counted on, having the majority of the attacks at Q3 and Q4, as we predicted in our Black Friday attack note

The attack trends weren’t really surprising - they showed huge similarity with the former years’ statistics. 

Our Port Honeypot module was the busiest, as usual, capturing millions of port scans and sweeps over the year. Most of the time, this is the very first phase of automated web attacks, so it's no wonder it won the first prize. 



As our honeypot modules stopped all these attacks proactively and grey/blacklisted the attackers quickly, other modules, like the WAF, Log Analysis and DoS Detection had much less to do. 

The list of the heavily scanned ports hasn’t changed much since we last tracked them. Telnet is still on top of the list, and the only one ruining its position was port 119 jumping by place #29 to #6.   



But it’s worth taking a look at the most common attack types of 2018 - captured by BitNinja -  as well. 



Watch out WordPress hosters! 5 attack types of the Top10 list are used to hack into the servers through WordPress. Here you can see the shortlist for the graph above:


1.

BNVL-2018-0009

Wordpress Brute-force Login Attempt

2.

BNVL-2018-0003

Testing for open form

3.

BNVL-2018-0050

Backdoor checking

4.

BNVL-2018-0012

WordPress username enumeration 

5.

BNVL-2018-0007

Automated WordPress Registration

6.

BNVL-2018-0014

WordPress Xmlrpc Scan

7.

BNVL-2018-0051

Backdoor testing

8.

BNVL-2018-0008

Redirect Vulnerability in WordPress's WP Login Plugin (wp-login.php) (CVE-2014-2229)

9.

BNVL-2018-0034

D-Link router DSL-2750B firmware 1.01 to 1.03 - remote command execution no auth required

10.

BNVL-2018-0015

Joomla! Automated registration attempt



Malware infections were still a hit, here you can see the quarantined malware infections by BitNinja through the weeks.


Our WAF 2.0 module - debuted this year - and you guys started to use it slowly but steadily. We’ve tested and tailored the rulesets during the last months so you can get the best value out of its protection. It has already captured 7,806,72 web attacks

Looking at the analytics, the most frequently triggered rules are related to:


The most active botnet of the year was the HelloPeppa, emerging over the summer:



Considering the top-attacking countries, China - no surprise - is No1. Nonetheless, many infected servers tried to attack our defense network from Brazil, the USA, Russia, Vietnam, and India, too. We’ll continue working on making the Internet a safer place and increasing the number of BitNinja-protected servers in those countries as well. ;)






One last thing

We’re dedicated to develop the best security for your servers and keep your business successful, without security issues.

What’s waiting for you in 2019?

Just to mention some - an upgraded Malware Detection module, a brand new Dashboard to help your daily job, a false positive terminator to keep FP rates low, new feature against phishing sites, and new integrations for your convenience.

Stay tuned for more big reveals in 2019!

Share your ideas with us about this article

Previous posts

Goodbye Peppa, Hello January!
A few months ago our Attack Vector Miner discovered a new botnet, that we simply call „Hello Peppa botnet”. Now, this botnet welcomes the new year in a new mask. Specifics of this botnet Its behaviour stayed the same, like what we mentioned in the case of the Hello Peppa: Checks backdoors which remained from a previous infection. Uses the Mozilla/5.0 User Agent The most targeted URLs are: /7788.php /8899.php /9678.php /conflg.php /db.init.php /db__...
The BitNinja mature WAF module
We love to talk about our Web Application Firewall (in short: WAF) module, since its’ complete makeover and upgrade. Before the WAF 2.0, we had a previous Web Application Firewall module that’s been completely redesigned: this was the reason why the new WAF module got a brand new name too: it’s called WAFManager now. But you’ll only see the module’s name like this in CLI, because we’re calling it WAF 2.0 most of the time. We put a lot of time and effort into shaping the upgraded, mature WAF module into an asset that is effective and customizable for our users. And why did we...