Key Findings from China’s 2018 Q2 Internet Security Threat Report

1. Network Security Threat Situation

In the second quarter, about 18.41 million internet security threats were monitored, with roughly 16.83 million detected by basic telecom operators, 300 thousand by security agencies, and 1.55 million by key internet enterprises, domain registrars, and security firms. The threat landscape showed several notable trends:

Compromised user email accounts : Nearly 100 thousand user email accounts appeared to be controlled by hackers, used for spam and potentially exposing passwords, posing serious personal information risks.

Industrial IoT platforms and smart devices as targets : 22 domestic industrial IoT platforms were attacked 656 times from abroad; 115 new industrial control system vulnerabilities were discovered across brands such as Rockwell, Siemens, and Schneider Electric; over 527 thousand IPs of compromised IoT devices were identified, with 13 botnets controlling more than 10 thousand IPs each.

Illegal cryptocurrency mining : Cloud mining activities surged, with cloud hosts being abused to mine Monero and other coins; botnet expansion increasingly aimed at hijacking mining rigs; a new mining malware targeting XMR spread rapidly, generating nearly one million CNY in illicit profits.

2. Main Work Conducted

Security for the Qingdao SCO Summit : Coordinated telecom regulators, operators, security agencies, and internet enterprises to provide link expansion, reinforcement, and traffic cleaning; remediated ten high‑risk industrial IoT vulnerabilities; neutralized over 10 thousand botnet nodes and shut down 620 malicious domains, blocking more than 350 thousand malicious programs.

Struts 2 vulnerability remediation : Guided provincial telecom bureaus and enterprises to scan and remediate over 300 thousand websites, addressing more than 2 thousand Struts 2 vulnerabilities.

Handling public internet threats : Across the industry, about 11.44 million threats were mitigated, including 1.12 million by telecom regulators and 10.15 million by basic telecom operators. Thirteen malicious mobile apps were taken down, and several offending applications were forced to rectify.

Enforcement of the Cybersecurity Law : Administrative penalties were imposed on entities misusing Wi‑Fi passwords and other user data; multiple enterprises were ordered to rectify privacy violations.

Cybersecurity competitions and training : Hosted regional offensive‑defensive contests, industrial IoT security elite invitational, and numerous skill competitions to scout talent; conducted emergency drills and knowledge‑training sessions for industry personnel.

3. Next Steps

Future priorities include strengthening security guarantees for major events, intensifying remediation of malware, botnets, and malicious mobile programs, and accelerating the formulation of industrial IoT security standards and pilot projects to promote best‑practice solutions.