Full text of the network security report of the Internet finance industry in the first quarter of 216

Overview of the report

Based on the threat intelligence data, the Value Industry Report uses the analysis method of big data to evaluate and analyze the overall security situation of the industry. This report conducts security assessment and quantitative risk analysis on 336 Internet finance companies in the Internet finance industry.

this report collects data of various internet finance companies, and analyzes the safety values of 336 companies, including 44 third-party payment companies, 15 P2P companies, 11 crowdfunding companies and 32 consumer finance companies. Quantify the risk from six dimensions: business security, privacy security, use security, host security, network security and environmental security.

Through the analysis of the safety value of the data in the first quarter of this industry, it is found that:

Privacy issues are very common, and 288 of the 336 institutions have such risks, accounting for about 86%. The main reason is that domain names are not protected in terms of privacy, which is a situation with a large scope of influence but a general degree of influence. Among the 336 organizations, 288 (86%) did not protect the privacy of their domain names, and there is a risk of domain name information disclosure, which constitutes the main problem of privacy security. 197 domain names did not apply for domain name privacy protection. You can query domain name registration information through Whois.

secondly, use security and network security. Among 336 companies, 14 companies have use safety risks, accounting for about 42%. The main problem is that the third-party vulnerability platform publishes security vulnerabilities and is frequently attacked by the Web. Among them, 134 institutions (4%) publicly disclosed security vulnerabilities, which constituted the main problem of using security threats. In the past 9 days, * * * discovered 28 security vulnerabilities in the third-party security community, with an average of 1.5 vulnerabilities exposed within 3 days for each company.

among the p>36 institutions, 111 (33%) companies are at risk of botnets. Within 9 days, 55 IP networks were affected and 2381 external illegal attack requests were found.

description of risk indicators

according to external big data and threat intelligence data, mine safety values, establish an indicator system and constantly update it. At present, 12 safety risk indicators support safety assessment and analysis.

domain name hijacking: the domain name resolution is abnormal, and some user data may be hijacked illegally.

blocked domain name: this domain name is judged as untrusted, and some users may not be able to access it.

mailbox blocked: this email address is considered as a spam domain, and the sent email may be considered as spam.

Disclosure: The security vulnerabilities of the system were disclosed in the Internet security community.

network attack: the online network system is attacked or scanned by hackers.

disclosure of domain name information: the domain name has no privacy protection, and the domain name administrator may be attacked by phishing.

account information disclosure: employee accounts of an enterprise are disclosed in a third-party database, which may contain sensitive information such as passwords.

malicious code: backdoor, virus, Trojan horse and other malicious codes. It's all in the information system.

Botnet: Hosts in the network may be invaded, and Trojan horses and backdoor programs are implanted.

abnormal traffic: the online system or network is attacked by DDOS.

public * * * cloud risk: you are enjoying the same cloud service resources as malicious websites * * *.

1. Overview of the industry

img src ='/large/6A5ac77cee1eae'/

According to the data of safety value on May 4, 216, the safety value of the Internet finance industry is 857, and the overall evaluation is "average". ***336 companies, of which 182 (54%) were rated as "good"; 9 (3%) rated as "average"; 55 people (16%) were rated as "poor".

evaluation

score range

number of units

proportion

good

91-1

182

54%

ordinary

61-9

99

3% < 63a 5 AC 794 f 2663 '/

According to the distribution of safety values, 211 institutions scored higher than or equal to the average of 857 institutions, and 125 institutions scored lower than the average, and the distribution of safety values was mostly in a good state. The average score is mainly influenced by companies with low scores, with the lowest score of 339.

1.2 statistics by business classification

img src ='/large/63a5ac7b2bdafc3e'/

average

number of institutions

good

common

contradiction

third-party payment

78

44

16

15

13

peer-to-peer network

853

15.

1.3 internet assets statistics

value analysis and statistics of internet assets, including domain names registered by various organizations, host services (not limited to Web services) open to the internet and public ***IP addresses.

img src='/large/64593dc7f8f59"/>

44 third-party payment companies have a large number of assets, and at the same time face the greatest risks. According to the statistics of domain names, hosts and IP addresses open to the Internet, there are 346 domain names, 2,377 public network hosts and 1,752 public network IP addresses of third-party payment companies, with an average of 12 Internet assets for each organization and an average score of 78.

2. Risk distribution and quantitative evaluation

According to the best practice of information security risk management in the industry, a calculation model of quantitative risk is established by combining the factors of risk level, influence scope, frequency, quantity and time, and the six risk areas (business security, use security, privacy security, host security, network security and environmental security) of the overall situation are quantitatively evaluated. On the whole, privacy security issues are widespread, followed by use.

Based on the data analysis of the Internet finance industry in the first quarter, it is found that:

1. Privacy security issues are common, with 288 out of 336 institutions at risk, accounting for about 86%, mainly due to the lack of privacy protection of domain names, which has a large impact range but a moderate impact. See Chapter 3.3 for detailed risk analysis;

2. Secondly, the use security and host security issues. Among 336 companies, 14 have use security risks, accounting for about 42%. The main problem is the security vulnerabilities published on the third-party vulnerability platform. Among 336 institutions, 111 (33%) companies have botnet risks. See chapters 3.1 and 3.2 for details of risks.

3. Detailed analysis of major risks

The overall safety value is based on 12 risk indicators to support six dimensions of safety evaluation. It is convenient to find more concentrated problems by counting the number of institutions affected by each risk indicator.

3.1 Risk Analysis of Vulnerability Disclosure

Security vulnerabilities publicly disclosed in the Internet security community should be given priority to avoid being made public before being fixed, which will lead to malicious attacks and affect the image. The root cause of the problem should be analyzed with the help of security consultants to avoid similar vulnerabilities.

among p>336 institutions, 134 (4%) have publicly disclosed security vulnerabilities, which constitutes the main problem of using security threats.

in the past 9 days, * * * 28 records of security vulnerabilities in the third-party security community were discovered, and on average, 1.5 vulnerabilities were disclosed within 3 days for each company.

Disposal suggestion:

1. Get in touch with the third-party vulnerability platform in time, claim the security vulnerability and fix the vulnerability;

2. Verify the effect of the bug patch;

3. Conduct a comprehensive security vulnerability inspection and penetration test on all systems, classify and manage vulnerabilities, track the process and results of vulnerability disposal, improve online security testing, and ensure that the information system has no high or medium-risk security vulnerabilities.

3.2 risk analysis of botnet

The servers or terminals in the network have been implanted with Trojans and backdoors, illegally controlled as "broilers", and launched external scanning or attacks.

among p>336 organizations, 111 (33%) companies are at risk of botnets.

in p>9 days, * * * 55 IP networks were affected, and * * * 2,381 foreign illegal attack requests were found.

Disposal suggestion:

1. Analyze the network corresponding to the botnet address. If it is a server network, it is necessary to conduct a comprehensive risk assessment of the system;

2. If the botnet address corresponds to the office network, it is necessary to locate the terminal host through the exit router log, and check the Trojan horse and back door to strengthen the terminal security protection;

3. Strengthen the management of terminal use safety and online behavior.

3.3 Risk Analysis of Domain Name Information Disclosure

After the registrar successfully registers the domain name, your name, contact address, telephone number, Email and other registration information will be stored in the domain name whois information database, and anyone can publicly inquire about this information, so privacy cannot be guaranteed.

among the p>336 organizations, 288 (86%) have no privacy protection for their domain names, and there is a risk of domain name information disclosure, which constitutes the main problem of privacy security.

197 domain names have not applied for domain name privacy protection, and domain name registration information can be queried through Whois.

Disposal suggestion:

Contact the domain name service provider to apply for domain name privacy protection. (Domain name privacy protection: it means that the domain name holder can protect the registrant, telephone number, email address and other information from being made public, reduce spam and text messages, and prevent personal real information from being stolen. )

Attached Table: Sampling List of Internet Finance Companies

(alphabetical order, In no particular order)

Beijing Lacarra Network Technology Co., Ltd.

Third-party payment

Beijing Digital Wangfujing Technology Co., Ltd.

Beijing Tongrongtong Information Technology Co., Ltd.

Beijing UnionPay Commerce Co., Ltd.

Bohai Yisheng Business Service Co., Ltd.

Third-party payment

. Payment Co., Ltd.

Third Party Payment

Hainan Island One Card Payment Network Co., Ltd.

Hainan Xinsheng Information Technology Co., Ltd.

Hebei One Card Electronic Payment Service Co., Ltd.

Jiangsu Ruixiang Commercial Co., Ltd.

Third Party Payment

Jiefu Ruitong Co., Ltd.

. Third-party payment

Quick Money Payment Clearing Information Co., Ltd.

Third-party payment

Linkage Advantage Electronic Commerce Co., Ltd.

Unicom Payment Co., Ltd.

Third-party payment

Qianbaowang (Beijing) Information Technology Co., Ltd.

Third-party payment

Shandong Lushang One Card Payment Co., Ltd.

Third-party payment. Service Co., Ltd.

Third Party Payment

Shanghai Deshi Enterprise Service Co., Ltd.

Shanghai PayPal Information Service Co., Ltd.

Shanghai Fu You Financial Network Technology Co., Ltd.

Third Party Payment

Shanghai Remittance Data Service Co., Ltd.

Third Party Payment

Shanghai Jieyin Information Technology Co., Ltd. < P > Third Party Payment

Shanghai UnionPay Electronic Payment Service Co., Ltd.

Third Party Payment

Shenzhen Tenpay Technology Co., Ltd.

Shenzhen Kuaifutong Financial Network Technology Service Co., Ltd.

Third Party Payment

Shenzhen Taihai Network Technology Service Co., Ltd.

Third Party Payment

Shenzhen Yikahui Technology Service Co., Ltd. < Division

Third Party Payment

Tianjin City Card Co., Ltd.

Tianyi Electronic Commerce Co., Ltd.

Third Party Payment

Tonglian Payment Network Service Co., Ltd.

Third Party Payment

Online Banking (Beijing) Technology Co., Ltd.

Third Party Payment

Wuhan Jinyuanxin Enterprise Service Information System Co., Ltd. Pay

Yitong Payment Co., Ltd.

Third Party Payment

UnionPay Commerce Co., Ltd.

Yufu Network Technology Co., Ltd.

Zhenglian Rongtong Electronics Co., Ltd.

Alipay (China) Network Technology Co., Ltd.

Third Party Payment

. Loan

P2P

91 Wangcai

P2P

e Road Tongxin

P2P

E-speed loan

P2P

PPmoney

P2P

love money

P2P

love money

P2P

P2P

love. > Bojin Loan

P2P

Wealth China

P2P

Superman Loan

P2P

Chenghuitong

City Finance

P2P

Orange Flag Loan

P2P

Harvest Finance

P2P

Germany. Fu rongbao

P2P

Fuchun loan

P2P

*** Xinying

P2P

Guanetong

P2P

Guangde

P2P

Hanjin Institute

P2P

Haodai Bao

P2P

Heli Loan

P2P

Co-production online

P2P

loan. P>P2P

mutual benefit network dragon baby

P2P

mutual financing treasure

P2P

Huarong Road

P2P

Huitong Easy Loan

P2P

Hui Investment

P2P

Huiying Jinfu

P2P

Building block <