Press Release: March 24, 2020.
Coronavirus has been in the news since January. The virus, allegedly originating out of China, has caused a global pandemic. But COVID-19 is not the only virus originating out of China.
During the past two weeks Country IP Blocks has been
monitoring large scale cyber attacks also allegedly originating from China.
These attacks are centered around compromising email servers, so large-scale
influxes of Ransomware and other virus, trojans, etc., can be released into the
wild. The attacks are also looking for server vulnerabilities so malicious
files can be stored on your servers.
Country IP blocks is issuing the following alert: If you are
not doing business in or with China at this time, we recommend that you
quarantine your network and systems by blocking all cyber traffic from China
for a limited time. If you are doing business with China, we recommend you take
steps to carefully examine all cyber traffic from China.
We realize this is an unprecedented step, but the danger is
great. As a courtesy, we are releasing a free, aggregated list, in CIDR format,
of all China networks. This ACL is available for download at https://www.countryipblocks.net/downloads/china_aggregated.txt.
This ACL list may be used in your hardware or software firewalls
until further notice.
Brazil, China, Germany, Iran, Italy, Netherlands, Russia, Thailand, Ukraine, Viet Nam are expected to be the ten most prevalent countries involved with cyber security threats for May 2019.
The countries above are given in alphabetical order, not by threat level.
China, Russia, Ukraine top our list with Brazil rapidly rising into the top four. The cyberthreats originating from our top ten are as different as the countries themselves. China, Russia and Ukraine appear to be active in a wide variety of hack attempts, including root kits, ransomware, brute force attacks and a wide variety of malware.
Attacks from Brazil, Germany, Iran, Italy, Netherlands, Thailand and Viet Nam are primarily against email servers including high volume spammers and a smattering of other threats.
Country IP Blocks strongly suggests taking control of your network assets to eliminate or at least mitigate many of these threats. For example, if you are not doing business with any of the above countries, why allow them access into your network? Consider blocking them using a Country IP Blocks Access Control List. Those who purchase a license get access control list data updated every four hours.
You may not be able to predict all incoming threats. But you can drastically reduce the level of malicious attacks, spam, ransomware and other threats by limiting traffic to countries where you do business.