Report Overview
The "Value Industry Report" is based on threat intelligence data and uses big data analysis methods to evaluate and analyze the overall security status of the industry. This report conducts security assessment and quantitative risk analysis on 336 Internet finance companies in the Internet finance industry.
This report collected data from various Internet financial companies and analyzed the security value of 336 companies, including 44 third-party payment companies, 150 P2P companies, and 110 crowdfunding companies. , 32 consumer finance companies. Risks are quantified from six dimensions: business security, privacy security, usage security, host security, network security, and environmental security.
Through the security value analysis of the first quarter data of the industry, it was found that:
Privacy issues are very common, and 288 of 336 institutions have this risk, accounting for about 86% . The main reason is that the domain name is not protected in terms of privacy, which is a situation with a large impact but a moderate impact. Among the 336 institutions, 288 (86%) did not protect the privacy of their domain names, and there was a risk of domain name information leakage, posing a major problem of privacy security. 1,097 domain names have not applied for domain name privacy protection. Domain name registration information can be queried through Whois.
Secondly, use safety and network security. Among 336 companies, 140 companies have security risks, accounting for about 42%. The main problem is that third-party vulnerability platforms publish security vulnerabilities and are frequently attacked by the web. Among them, 134 institutions (40%) publicly disclosed security vulnerabilities, posing a major problem in the use of security threats. In the past 90 days, *** discovered 208 security vulnerability records in the third-party security community, with an average of 1.5 vulnerabilities exposed per company within 30 days.
111 out of 36 institutions (33%) are exposed to botnet risks. Within 90 days, 55 IP networks were affected, and 2,381 external illegal attack requests were discovered.
Risk indicator description
Mind security values ??based on external big data and threat intelligence data, establish an indicator system and continuously update it. Currently, 12 security risk indicators support security assessment and analysis.
Domain name hijacking: Domain name resolution is abnormal, and some user data may be illegally hijacked.
Blocked domain name: This domain name is judged to be an untrusted domain name, and some users may not be able to access it.
Mailbox blocked: This email address is considered a spam domain and outgoing emails may be treated as spam.
Disclosure: The system's security vulnerability was disclosed in the Internet security community.
Network attack: Online network systems are hacked or scanned.
Domain name information leakage: Domain names have no privacy protection, and domain name administrators may be subject to phishing attacks.
Account information leakage: Company employee accounts are leaked in third-party databases, which may contain sensitive information such as passwords.
Malicious code: backdoors, viruses, Trojans and other malicious codes. It's all in the information system.
Botnet: Hosts in the network may be invaded and have Trojans and backdoors implanted.
Abnormal traffic: The online system or network is subject to a DDOS denial of service attack.
Public cloud risk: You are sharing the same cloud service resources with malicious websites.
1. Industry overview
img src=' /large/63a 0005 AC 77 ce e10e AE '/
Safety value data on May 4, 2016 It shows that the safety value of the Internet financial industry is 857, and the overall evaluation is "average". ***336 companies, of which 182 (54%) were rated as "good"; 90 (30%) were rated as "fair"; 55 (16%) were rated as "poor".
Evaluation
Score range
Number of units
Proportion
Good
901-1000
182
54%
Normal
601-900
99
Thirty percent
Contradiction
400-600
55
16%
1.1 Overall safety value distribution
img src=' /large/63a 0005 AC 79400 f 2663 '/
From the perspective of safety value distribution, 211 institutions scored higher than or equal to The average of 857 institutions, 125 institutions scored below the average, and the distribution of safety values ??was mostly in good condition. The average score is mainly affected by low-scoring companies, with the lowest score of 339.
1.2 Statistics by business classification
img src=' /large/63a 0005 AC 7 b 2 BDA fc3 e '/
Average
Number of institutions
Good
Normal
Conflicting
Third-party payment
780
p>Forty Four
16
15
13
Peer-to-Peer Network
853
150
Seventy-two
59
19
Crowdfunding
902
110
Seventy-eight
19
The average safety value of crowdfunding companies is 902 points, among 110 institutions, There are 32 "average" and "poor" companies, accounting for only 29% of crowdfunding companies.
1.3 Internet asset statistics
Value analysis and statistics of Internet assets, including domain names registered by various institutions, hosting services open to the Internet (not limited to Web services) and public *** IP address.
img src='/large/64000059030dc7f8f59"/>
The 44 third-party payment companies have a large number of assets and face the greatest risks. According to domain names open to the Internet, Host and IP address statistics show that there are 346 third-party payment company domain names, 2,377 public network hosts, 1,752 public network IP addresses, an average of 102 Internet assets per organization, and an average security score of 780.
2. Risk distribution and quantitative assessment
Based on the best practices of information security risk management in the industry, a calculation model for quantified risks is established based on risk level, scope of impact, frequency, quantity, and time. , quantitatively evaluate the six risk areas of the overall situation (business security, usage security, privacy security, host security, network security and environmental security). Overall, privacy security issues are widespread, followed by usage security and network security.
A data analysis of the Internet financial industry in the first quarter through security values ??found that:
1. Privacy and security issues are relatively common, with 288 of 336 institutions having this risk, about 86% , mainly due to the lack of privacy protection of domain names. This risk has a large scope of impact, but the impact is average. See Chapter 3.3 for detailed risk analysis;
2. Secondly, there are usage security and host security issues. In 336 There are 140 companies at home that have security risks, accounting for about 42%. The main problem is security vulnerabilities published on third-party vulnerability platforms. 111 of the 336 institutions (33%) companies have botnet risks. For details of the risks, see Chapter 3.1 and Chapter 3.2.
3. Detailed analysis of major risks
The overall safety value is based on 12 risk indicators supporting 6 dimensions of security evaluation, and the number of institutions affected by each risk indicator. Statistics can be used to identify more concentrated problems.
3.1 Vulnerability disclosure risk analysis
Security vulnerabilities publicly disclosed in the Internet security community should be dealt with first to avoid the vulnerability being disclosed before being repaired, attracting malicious attacks and affecting the image, and should be passed Security consultants help analyze the root cause of the problem and avoid the occurrence of similar vulnerabilities.
134 out of 336 institutions (40%) had publicly disclosed security vulnerabilities, posing a major problem in the use of security threats.
In the past 90 days, *** discovered 208 security vulnerability records on the third-party security community, with an average of 1.5 vulnerabilities disclosed per company within 30 days.
Disposal suggestions:
1. Contact the third-party vulnerability platform in a timely manner, claim the security vulnerability, and patch the vulnerability;
2. After patching the vulnerability Verify the effect;
3. Conduct comprehensive security vulnerability inspections and penetration tests on all systems, classify and manage vulnerabilities, track the vulnerability disposal process and results, improve online security testing, and ensure that the information system has no high-level , medium-risk security vulnerabilities.
3.2 Botnet risk analysis
The servers or terminals in the network have been implanted with Trojans and backdoors, and have been illegally controlled to become "broilers", and scans or attacks have been launched externally.
111 (33%) of the 336 institutions are at risk of botnets.
Within 90 days, 55 IP networks of *** were affected, and *** discovered 2,381 illegal external attack requests.
Disposal suggestions:
1. Analyze the network corresponding to the botnet address. If it is a server network, a comprehensive risk assessment of the system is required;
2. If The botnet address corresponds to the office network, and it is necessary to locate the terminal host through the exit router log, and check for Trojans and backdoors to strengthen terminal security protection;
3. Strengthen terminal usage security management and online behavior management.
3.3 Domain name information leakage risk analysis
After the registrar successfully registers the domain name, your name, contact address, phone number, email and other registration information will be stored in the domain name whois information database , anyone can publicly query this information, and privacy cannot be guaranteed.
The domain names of 288 (86%) of the 336 institutions do not have privacy protection, and there is a risk of domain name information leakage, posing a major problem of privacy security.
1097 domain names have not applied for domain name privacy protection. Domain name registration information can be queried through Whois.
Disposal suggestions:
Contact the domain name service provider to apply for domain name privacy protection. (Domain name privacy protection: means that domain name holders can protect domain name registrants, phone numbers, email and other information from being disclosed through independent settings, reduce spam, text messages, and prevent real personal information from being stolen.
)
Attachment: Sampling list of Internet financial companies
(In alphabetical order, in no particular order)
Beijing Lakala Network Technology Co., Ltd.
Third-party payment
Beijing Digital Wangfujing Technology Co., Ltd.
Third-party payment
Beijing Tongrongtong Information Technology Co., Ltd.
Third-party payment
Beijing UnionPay Business Co., Ltd.
Third-party payment
Bohai Yisheng Business Service Co., Ltd.
Third-party payment
Oriental Electronic Payment Co., Ltd.
Third-party payment
Guangzhou UnionPay Online Payment Co., Ltd.
Third-party payment
< p>Hainan Island Card Payment Network Co., Ltd.Third-party payment
Hainan Xinsheng Information Technology Co., Ltd.
Third-party payment
Hebei One Card Electronic Payment Service Co., Ltd.
Third-party payment
Jiangsu Ruixiang Business Co., Ltd.
Third-party payment
Jiefu Ruitong Co., Ltd. Co., Ltd.
Third-party payment
Open China Unicom Network Technology Services Co., Ltd.
Third-party payment
Quick Money Payment Clearing Information Co., Ltd.
Third-party payment
Unicom Advantage E-Commerce Co., Ltd.
Third-party payment
Unicom Payment Co., Ltd.
Third-party payment
Qiandai.com (Beijing) Information Technology Co., Ltd.
Third-party payment
Shandong Lushang Card Payment Co., Ltd.
< p>Third-party paymentShande E-commerce Service Co., Ltd.
Third-party payment
Shanghai Changgo Enterprise Service Co., Ltd.
Third-party payment
Shanghai Deshi Enterprise Service Co., Ltd.
Third-party payment
Shanghai Paytong Information Service Co., Ltd.
Third-party payment
Shanghai Fuyou Financial Network Technology Co., Ltd.
Third-party payment
Shanghai Huifu Data Service Co., Ltd.
Third-party payment< /p>
Shanghai Jieyin Information Technology Co., Ltd.
Third-party payment
Shanghai Shengfutong Electronic Payment Service Co., Ltd.
Third-party payment< /p>
Shanghai UnionPay Electronic Payment Service Co., Ltd.
Third-party payment
Shenzhen Tenpay Technology Co., Ltd.
Third-party payment
p>Shenzhen Kuaifutong Financial Network Technology Services Co., Ltd.
Third-party payment
Shenzhen Taihai Network Technology Services Co., Ltd.
No. Third-party payment
Shenzhen Yikahui Technology Service Co., Ltd.
Third-party payment
Shenzhen Yinsheng Electronic Payment Technology Co., Ltd.
Third-party payment
Tianjin City Card Co., Ltd.
Third-party payment
Tianyi E-commerce Co., Ltd.
Third-party payment
Tonglian Payment Network Services Co., Ltd.
Third-party payment
Online Banking (Beijing) Technology Co., Ltd.
Third-party payment
Wuhan Jinyuanxin Enterprise Service Information System Co., Ltd.
Third-party payment
Xunfu Information Technology Co., Ltd.
Third-party payment
Yitong Payment Co., Ltd.
Third-party payment
UnionPay Commerce Co., Ltd.
Third-party payment
Yufu Network Technology Co., Ltd. Company
Third-party payment
Zhenglian Rongtong Electronics Co., Ltd.
Third-party payment
Alipay (China) Network Technology Co., Ltd.< /p>
Third-party payment
Zihexin Electronic Payment Co., Ltd.
Third-party payment
168 Financial Management Network
P2P
365 Easy Loan
P2P
91 Wangcai
P2P
e Road Tongxin
P2P
E Quick Loan
P2P
PPmoney
P2P
Love Qianbang
P2P
Love Money
P2P
Love Investment
P2P
< p>Anxin DeliP2P
Anxin Loan
P2P
Anxing Wealth Network
P2P< /p>
Baocai.com
P2P
Bojindai
P2P
Fortune China
P2P
Superman Loan
P2P
Chenghuitong
P2P
Chengcheng Financial Management
P2P
Orange Flag Loan
P2P
Great Harvest Finance
P2P
Dezhong Finance
P2P
Landmark Finance
P2P
Dianrong.com
P2P
Ding Credit
P2P
Duanrong.com
P2P
Fu Rongbao
P2P
Fuchun Loan
P2P
***Xinying
P2P
Guan e Tong
P2P
Guangdong Credit Investment
P2P
Hanjin Institute
P2P
Haodaibao
P2P
Helidai
P2P
Hepai Online
P2P
Hepandai< /p>
P2P
He Times
P2P
He Credit
P2P
Hengxinyi Loan
P2P
Hongling Venture Capital
P2P
Houhe Fortune
P2P
Huli Net Dragon Baby
P2P
Hurongbao
P2P
Huarong Road
P2P
Huitong Yidai
P2P
Hui Investment
P2P
Huiying Financial Services
P2P
Building Block Box
P2P
Jili Wealth Network
P2P
金e Loan
P2P
Jinbaobao
P2P
Jinhai Loan
P2P
Financial Control Online Loan
P2P
Jinfedhu
P2P
Jinliangbao
P2P
Jinniu Online
P2P
Golden Ticket Pass
P2P
Financial Factory
P2P< /p>
Jinxin.com
P2P
Gold and Silver Cat
P2P
Jinshang Loan
< p>P2PNine Douyu
P2P
Big Treasure Basin
P2P
Junrongdai< /p>
P2P
Kaixin Loan
P2P
Retroactive Loan
P2P
Brother Kong Fang
P2P
Koudai.com
P2P
Lazy Investment
P2P
Li De Wealth
P2P
Financial Management Style
P2P
Ideal Treasure
P2P
Lifan Shanrong
P2P
Lianzidai
P2P
Two Tigers
P2P
Longjinbao
P2P
Lufax
P2P
Greening Loan
>P2P
Meili Finance
P2P
Mini Loan
P2P
Min Credit Co., Ltd.
P2P
You and I loan
P2P
Nono Pound Guest
P2P
Paipai Loan
P2P
Inclusive Financial Management
P2P
Putian Loan
P2P
Qidao Financial
P2P
Qianyi Finance
P2P
Qian Daddy
P2P
Qianba
P2P
Qianduoduo
P2P
Qianlai.com
P2P< /p>
Quqian
P2P
Renrendai
P2P
Everyone gathers money
< p>P2PHumanity Loan
P2P
Rongbei.com
P2P
Finance Institute
p>P2P
Easy Financing
P2P
UBS Venture Capital
P2P
Three Credit
P2P
Shan Yidai
P2P
Shangfu Dai
P2P
< p>Lettuce FinanceP2P
Shitou Finance
P2P
First E Home
P2P
p>Star Investment
P2P
Candy Finance
P2P
Tembon Ventures
P2P
Toumi.com
P2P
Touina.com
P2P
Tuandai.com
p>P2P
Tuodao Financial Services
P2P
Wanglibao
P2P
Wedai.com
P2P
Wenzhou Loan
P2P
Wenzhou Loan
P2P
Woshidai
P2P
Shanghai Financial Services
P2P
Small and Micro Finance
P2P
Xiaoying Financial Management
P2P
Little Rapeseed
P2P
Xinlian Online
< p>P2PXinxindai
P2P
Xinhehui
P2P
Xinrong Wealth< /p>
P2P
Credit Bao
P2P
Xueshan Loan
P2P
Xunbo Da
P2P
Yidiantong
P2P
Yirendai
P2P
Yidai.com
P2P
Pterodactyl Loan
P2P
Yinbake
P2P
Yindou.com
P2P
Yinhu.com
P2P
Yinke.com
P2P
Yinqiao.com
P2P
Yongli Bao
P2P
Liyi.com
P2P
Yourong.com
P2P
Guangdong Business Loan
P2P
Jiujiu Loan
P2P
China Merchants Loan
P2P
Zheshang E Loan
P2P
CGN Rich Ying
P2P
Zhongrongbao
P2P
Zhongrui Wealth
P2P
< p>Zhongjin OnlineP2P
Zhongxin Finance
P2P
Jewelry Loan
P2P
p>28 Crowdfunding
>
Crowdfunding
36氪
Crowdfunding
58 Crowdfunding Network
Crowdfunding
91 Crowdfunding
Crowdfunding
Efentou
Crowdfunding
e人发
Crowdfunding Fundraising
V2IPO Maker
Crowdfunding
Love Entrepreneurship
Crowdfunding
Invest if you love
p>Crowdfunding
Aitoushe
Crowdfunding
Baizhouhui
Crowdfunding
< p>Peking University Entrepreneurship CrowdfundingCrowdfunding
Local Crowdfunding
Crowdfunding
Bole Investment
Crowdfunding
Bodian.com
Crowdfunding
Wealth Crowdinvest
Crowdfunding
Cheche car
crowdfunding
funding
crowdfunding
choqu.com
crowdfunding
Touch crowdfunding
Crowdfunding
Venture Capital Circle
Crowdfunding
Venture Capital Online
Crowdfunding
Chuangwei.com
Crowdfunding
Entrepreneurial e-home
Crowdfunding
Everyone invests
Crowdfunding
Everyone invests
Crowdfunding
Everyone invests
Crowdfunding
daiibangcrowdfunding
crowdfunding
danya.com
crowdfunding
Fifth Creation
Crowdfunding
Dongzhibei
Crowdfunding
Colorful Investment
Crowdfunding
Honeycomb Crowdfunding
Crowdfunding
Stock Funding Network
Crowdfunding
Shareholder Exchange
Crowdfunding
p>Equity Store
Crowdfunding
Guzhong.com
Crowdfunding
Haitie Crowdfunding
Crowdfunding
Hailili
Crowdfunding
Partnership Circle
Crowdfunding
Partnership China
Crowdfunding
Heyunchou
Crowdfunding
Black Horse Island
Crowdfunding
Huimeng Commune
Crowdfunding
Beijing Crowdfunding
Crowdfunding
Jingdong Dongjia
Crowdfunding
Jiujiu Crowdfunding
Crowdfunding
Gathering to Win
Crowdfunding
Gathering Crowdfunding Fundraising
Crowdfunding
Gathering the World
Crowdfunding
Happy Investment-
Crowdfunding
Tatad Crowdfunding
Crowdfunding
Laichou.com
Crowdfunding
Legeng
< p>CrowdfundingLezhuge
Crowdfunding
Lingcai.com/Crowdfunding Office
Crowdfunding
< p>Niutou CrowdfundingCrowdfunding
Qilu Crowdfunding
Crowdfunding
Qilin Crowdfunding
Crowdfunding
Car Crowdfunding
Crowdfunding
Public Investment
Crowdfunding
Qingtong Tree< /p>
Crowdfunding
Crowdfunding
Crowdfunding
Everyone partners
Crowdfunding
RenRenTou
Crowdfunding
Shaanxi Crowdfunding
Crowdfunding
Angel Investment
Crowdfunding
Angel Fund Network
Crowdfunding
Angel Street
Crowdfunding
Angel Guest
p>Crowdfunding
Uncle Angel
Crowdfunding
Angel Camp
Crowdfunding
Tiantian Investment
Crowdfunding
Tongcaihui
Crowdfunding
Investment Banking Circle
Crowdfunding
p>Touhu.com
Crowdfunding
Investment and Finance Industry
Crowdfunding
Weichou.com<
/p>
Crowdfunding
Wenzhou.com
Crowdfunding
Hope Funding
Crowdfunding
< p>Xiangshan CrowdfundingCrowdfunding
Xiaocao Crowdfunding
Crowdfunding
Collaborative Factory
Crowdfunding
Xinchou Institute
Crowdfunding
Spark Investment
Crowdfunding
Yizhou.com< /p>
Crowdfunding
Yiwang Crowdfunding
Crowdfunding
Roundtable Forum
Crowdfunding
Source_Crowdfunding
Crowdfunding
Yungan Financial Services
Crowdfunding
Yunnan
< p>CrowdfundingYunyanshe
Crowdfunding
Zhijinhui
Crowdfunding
Zhijinhui Ruichuangxiang
Crowdfunding
China Securities Public Innovation
Crowdfunding
Crowdfunding
Crowdfunding Fundraising
Crowdfunding
Crowdfunding
Crowdfunding Client
Crowdfunding
Crowdfunding
Crowdfunding
Crowdfunding
Zhongjia Investment
Crowdfunding
Crowdfunding
Crowdfunding
Crowdinvestor
Crowdfunding
Crowdinvest Society
Crowdfunding
Crowdinvest World
< p>CrowdfundingCrowdfunding
Crowdfunding
Crowdinvesting
Crowdfunding
Intercontinental United
Crowdfunding
DreamChaser
Crowdfunding
Capital Exchange
Crowdfunding
p>President Hui
Crowdfunding
Alibaba Huabei
Consumer Finance
Aixuedai
< p>Consumer FinanceBaidu Money
Consumer Finance
BeiBank Consumer Finance
Consumer Finance
Dingli Installment
Consumer Finance
Instalment Model
Consumer Finance
Instalment Manager
Consumer Finance
Installation
Consumer Finance
Fuyidai
Consumer Finance
Guaniu Installment
Consumer Finance
Gome Consumer Finance
Consumer Finance
Haier Consumer Finance
Consumer Finance
Hubei Consumer Finance
Consumer Finance
Jie Credit Installment
Consumer Finance
Home Credit Consumer Finance
Consumer Finance
Finance No. 1 Store
Consumer Finance
Financial Cat
Consumer Finance
Jincheng Consumer Finance
Consumer Finance
JD Baitiao
Consumer Finance
Juzi Installment
Consumer Finance
Now Consumer Finance
Consumer Finance
Prestigious School Loans
Consumer Finance
Ping An Consumer Finance
Consumer Finance
p>Renren Installment
Consumer Finance
Suning Consumer Finance
Consumer Finance
Everyday Installment
< p>Consumer FinanceWanda Consumer Finance
Consumer Finance
Xianhuahua
Consumer Finance
Xintong Bag
Consumer Finance
Industrial Consumer Finance
Consumer Finance
Excellent Installment
Consumer Finance
BOC Consumer Finance
Consumer Finance
---Related questions and answers: Is the Fuchundai P2P financial management platform safe? Are there risks? Will the Fuchun loan platform go away?
Refer to Ezubao, Daweibao, etc. p2p
Many have been investigated or gone away
Last year, there was a thunder The platform has exceeded 800 companies
It is recommended not to participate
Please accept the answer if you are satisfied!