Report Overview
The "Value Industry Report" is based on threat intelligence data and uses big data analysis methods to evaluate and analyze the overall security status of the industry. This report conducts security assessment and quantitative risk analysis on 336 Internet finance companies in the Internet finance industry.
This report collected data from various Internet financial companies and analyzed the security value of 336 companies, including 44 third-party payment companies, 150 P2P companies, and 110 crowdfunding companies. , 32 consumer finance companies. Risks are quantified from six dimensions: business security, privacy security, usage security, host security, network security, and environmental security.
Through the security value analysis of the first quarter data of the industry, it was found that:
Privacy issues are very common, and 288 of the 336 institutions have this risk, accounting for about 86%. The main reason is that the domain name is not protected in terms of privacy, which is a situation with a large impact but a moderate impact. Among the 336 institutions, 288 (86) have not implemented privacy protection for their domain names, and there is a risk of domain name information leakage, posing a major problem of privacy security. 1,097 domain names have not applied for domain name privacy protection. Domain name registration information can be queried through Whois.
Secondly, use safety and network security. Among 336 companies, 140 companies have use security risks, accounting for about 42%. The main problem is that third-party vulnerability platforms publish security vulnerabilities and are frequently attacked by the Web. Among them, 134 institutions (40) publicly disclosed security vulnerabilities, posing a major problem in the use of security threats. In the past 90 days, *** discovered 208 security vulnerability records in the third-party security community, with an average of 1.5 vulnerabilities disclosed per company within 30 days.
111 out of 36 institutions (33) companies are exposed to botnet risks. Within 90 days, 55 IP networks were affected, and 2,381 external illegal attack requests were discovered.
Risk indicator description
Mind security values ??based on external big data and threat intelligence data, establish an indicator system and continuously update it. Currently, 12 security risk indicators support security assessment and analysis.
Domain name hijacking: Domain name resolution is abnormal, and some user data may be illegally hijacked.
Blocked domain name: This domain name is judged to be an untrusted domain name, and some users may not be able to access it.
Mailbox blocked: This email address is considered a spam domain and outgoing emails may be treated as spam.
Disclosure: The system's security vulnerability was disclosed in the Internet security community.
Network attack: Online network systems are hacked or scanned.
Domain name information leakage: Domain names have no privacy protection, and domain name administrators may be subject to phishing attacks.
Account information leakage: Company employee accounts are leaked in third-party databases, which may contain sensitive information such as passwords.
Malicious code: backdoors, viruses, Trojans and other malicious codes. It's all in the information system.
Botnet: Hosts in the network may be invaded and have Trojans and backdoors implanted.
Abnormal traffic: The online system or network is subject to a DDOS denial of service attack.
Public cloud risk: You are sharing the same cloud service resources with malicious websites.
1. Industry overview
img src=' /large/63a 0005 AC 77 ce e10e AE '/
Safety value data on May 4, 2016 It shows that the safety value of the Internet financial industry is 857, and the overall evaluation is "average". ***336 companies, of which 182 (54) were rated as "good"; 90 (30) were rated as "fair"; 55 (16) were rated as "poor".
Evaluation
Score range
Number of units
Proportion
Good
901-1000
182
54
Normal
601-900
99
Thirty percent
Contradiction
400-600
55
16
1.1 Overall Safety value distribution
img src=' /large/63a 0005 AC 79400 f 2663 '/
From the safety value distribution, there are 211 institutions with scores higher than or equal to 857 The average of institutions, 125 institutions scored below the average, and the distribution of safety values ??was mostly in good condition. The average score is mainly affected by low-scoring companies, with the lowest score at 339.
1.2 Statistics by business classification
img src=' /large/63a 0005 AC 7 b 2 BDA fc3 e '/
Average
Number of institutions
Good
Normal
Conflicting
Third-party payment
780
p>Forty Four
16
15
13
Peer-to-Peer Network
853
150
Seventy-two
59
19
Crowdfunding
902
110
Seventy-eight
19
The average safety value of crowdfunding companies is 902 points, among 110 institutions, There are 32 "average" and "poor" companies, accounting for only 29 of the crowdfunding companies.
1.3 Internet asset statistics
Value analysis and statistics of Internet assets, including domain names registered by various institutions, hosting services open to the Internet (not limited to Web services) and public *** IP address.
img src='/large/64000059030dc7f8f59"/gt;
The 44 third-party payment companies have a large number of assets and face the greatest risks. According to the domain names open to the Internet , host and IP address statistics, there are 346 third-party payment company domain names, 2377 public network hosts, 1752 public network IP addresses, an average of 102 Internet assets per organization, and an average security score of 780. p>
2. Risk distribution and quantitative assessment
Based on the best practices of information security risk management in the industry, the calculation of quantitative risks is established based on various factors such as risk level, scope of impact, frequency, quantity, and time. model, which quantitatively evaluates the six risk domains of the overall situation (business security, usage security, privacy security, host security, network security and environmental security). On the whole, privacy and security issues are widespread, followed by usage security and network security. .
The first quarter data analysis of the Internet financial industry through security value found that:
1. Privacy and security issues are relatively common, with 288 of 336 institutions having this risk, about 86 %, mainly due to the lack of privacy protection for domain names. The scope of this risk is large, but the impact is average. Please see Chapter 3.3 for detailed risk analysis;
2. Secondly, there are usage security and host security issues. 140 of the 336 institutions, accounting for about 42%, have security risks. The main problem is that security vulnerabilities have been published on third-party vulnerability platforms. 111 (33) of the 336 institutions have the risk of botnets. For details of the risks, see Chapter 3.1 and Chapter 3.2.
3. Detailed analysis of major risks
The overall safety value is based on 12 risk indicators to support 6-dimensional security evaluation. Statistics are made on the number of institutions affected by each risk indicator for easy identification. More focused questions.
3.1 Vulnerability disclosure risk analysis
Security vulnerabilities disclosed publicly in the Internet security community should be dealt with first to avoid the vulnerability being disclosed before being repaired, attracting malicious attacks and affecting the image, and should be passed Security consultants help analyze the root cause of the problem and avoid the occurrence of similar vulnerabilities.
134 of the 336 institutions (40) had publicly disclosed security vulnerabilities, posing a major problem in the use of security threats.
In the past 90 days, *** discovered 208 security vulnerability records on the third-party security community, with an average of 1.5 vulnerabilities disclosed per company within 30 days.
Disposal suggestions:
1. Get in touch with the third-party vulnerability platform in a timely manner, claim the security vulnerability, and patch the vulnerability;
2. After patching the vulnerability Verify the effect;
3. Conduct comprehensive security vulnerability inspections and penetration tests on all systems, classify and manage vulnerabilities, track the vulnerability disposal process and results, improve online security testing work, and ensure that the information system has no high-level , medium-risk security vulnerabilities.
3.2 Botnet risk analysis
The servers or terminals in the network have been implanted with Trojans and backdoors, and have been illegally controlled to become "broilers", and scans or attacks have been launched externally.
111 (33) companies out of 336 institutions are at risk of botnets.
Within 90 days, 55 IP networks of *** were affected, and *** discovered 2,381 illegal external attack requests.
Disposal suggestions:
1. Analyze the network corresponding to the botnet address. If it is a server network, a comprehensive risk assessment of the system is required;
2. If The botnet address corresponds to the office network, and it is necessary to locate the terminal host through the exit router log, and check for Trojans and backdoors to strengthen terminal security protection;
3. Strengthen terminal usage security management and online behavior management.
3.3 Domain name information leakage risk analysis
After the registrar successfully registers the domain name, your name, contact address, phone number, email and other registration information will be stored in the domain name whois information database , anyone can publicly query this information, and privacy cannot be guaranteed.
The domain names of 288 (86) of the 336 institutions do not have privacy protection, and there is a risk of domain name information leakage, posing a major problem of privacy security.
1097 domain names have not applied for domain name privacy protection. Domain name registration information can be queried through Whois.
Disposal suggestions:
Contact the domain name service provider to apply for domain name privacy protection. (Domain name privacy protection: means that domain name holders can protect domain name registrants, phone numbers, email and other information from being disclosed through independent settings, reduce spam, text messages, and prevent real personal information from being stolen.
)
Attachment: Sampling list of Internet financial companies
(In alphabetical order, in no particular order)
Beijing Lakala Network Technology Co., Ltd.
Third-party payment
Beijing Digital Wangfujing Technology Co., Ltd.
Third-party payment
Beijing Tongrongtong Information Technology Co., Ltd.
Third-party payment
Beijing UnionPay Business Co., Ltd.
Third-party payment
Bohai Yisheng Business Service Co., Ltd.
Third-party payment
Oriental Electronic Payment Co., Ltd.
Third-party payment
Guangzhou UnionPay Online Payment Co., Ltd.
Third-party payment
Hainan Island Card Payment Network Co., Ltd.
Third-party payment
Hainan Xinsheng Information Technology Co., Ltd.
Third-party payment
Hebei One Card Electronic Payment Service Co., Ltd.
Third-party payment
Jiangsu Ruixiang Business Co., Ltd.
Third-party payment
Jiefu Ruitong Co., Ltd. Co., Ltd.
Third-party payment
Open Unicom Network Technology Services Co., Ltd.
Third-party payment
Kuaiqian Payment and Clearing Information Co., Ltd.
Third-party payment
Unicom Advantage E-Commerce Co., Ltd.
Third-party payment
Unicom Payment Co., Ltd.
Third-party payment
Qiandai.com (Beijing) Information Technology Co., Ltd.
Third-party payment
Shandong Lushang Card Payment Co., Ltd.
Third-party payment
Shande E-commerce Services Co., Ltd.
Third-party payment
Shanghai Changgo Enterprise Services Co., Ltd.
Third-party payment
Shanghai Deshi Enterprise Service Co., Ltd.
Third-party payment
Shanghai Paytong Information Service Co., Ltd.
Third-party payment
Shanghai Fuyou Financial Network Technology Co., Ltd.
Third-party payment
Shanghai Huifu Data Service Co., Ltd.
Third-party payment
Shanghai Jieyin Information Technology Co., Ltd.
Third-party payment
Shanghai Shengfutong Electronic Payment Service Co., Ltd.
Third-party payment
Shanghai UnionPay Electronic Payment Service Co., Ltd.
Third-party payment
Shenzhen Tenpay Technology Co., Ltd.
Third-party payment
p>Shenzhen Kuaifutong Financial Network Technology Services Co., Ltd.
Third-party payment
Shenzhen Taihai Network Technology Services Co., Ltd.
No. Third-party payment
Shenzhen Yikahui Technology Service Co., Ltd.
Third-party payment
Shenzhen Yinsheng Electronic Payment Technology Co., Ltd.
Third-party payment
Tianjin City Card Co., Ltd.
Third-party payment
Tianyi E-commerce Co., Ltd.
Third-party payment
Tonglian Payment Network Services Co., Ltd.
Third-party payment
Online Banking (Beijing) Technology Co., Ltd.
Third-party payment
Wuhan Jinyuanxin Enterprise Service Information System Co., Ltd.
Third-party payment
Xunfu Information Technology Co., Ltd.
Third-party payment
Yitong Payment Co., Ltd.
Third-party payment
UnionPay Commerce Co., Ltd.
Third-party payment
Yufu Network Technology Co., Ltd. Company
Third-party payment
Zhenglian Rongtong Electronics Co., Ltd.
Third-party payment
Alipay (China) Network Technology Co., Ltd.
Third-party payment
Zihexin Electronic Payment Co., Ltd.
Third-party payment
168 Financial Management Network
P2P
365 Yidai
P2P
91wangcai
P2P
e路同心
P2P
E-speed loan
p>P2P
PPmoney
P2P
Aiqianbang
P2P
Aiqianjin
P2P
Love investment
P2P
Safe benefits
P2P
Anxindai
P2P
Anxing Wealth Network
P2P
Baocai.com
P2P
Bojin Loan
P2P
Fortune China
P2P
Superman Loan
P2P
Chenghuitong
P2P
Chengcheng Financial Management
P2P
Orange Flag Loan
P2P
Great Harvest Finance
P2P
Dezhong Finance
P2P
Landmark Finance
P2P
Dianrong.com
P2P
Ding Credit
P2P
Duanrong.com
P2P
Fu Rongbao
P2P
Fuchun Loan
P2P
***Xinying
P2P
Guan e Tong
P2P
Guangxin Credit
P2P
Hanjin Institute
P2P
Haodaibao
P2P
Helidai
P2P
Hepai Online
P2P
Hepandai
P2P
Hedai
P2P
Hexindai
P2P
Hengxin Yidai
P2P
Hongling Venture Capital
P2P
Houhe Fortune
P2P
Mutual Benefit NetDragon Baby
P2P
Hurongbao
P2P
Huarongdao
P2P
Huitong Yidai
P2P
Hui Investment
P2P
Huiying Financial Services
P2P
Building Block Box
P2P
Jili Wealth Network
P2P
Jin e Loan
P2P
Jinbaobao
p>P2P
Jinhai Loan
P2P
Financial Online Loan
P2P
Jinhai Loan Federal Reserve
P2P
Jinliangbao
P2P
Jinniu Online
P2P
Jinticiaotong
P2P
Financial Workshop
P2P
Jinxin.com
P2P
Gold and Silver Cat
P2P
Jinshang Loan
P2P
Nine Douyu
P2P
Big Treasure Basin
P2P
Junrongdai
P2P
Kaixindai
P2P
Traceable Loan
P2P
Brother Kong Fang
P2P
Koudai.com
P2
P
Lazy Investment
P2P
Li De Wealth
P2P
Financial Management Style
P2P
Li Li Bao
P2P
Lifan Shanrong
P2P
Lianzidai
p>P2P
Two Tigers
P2P
Long Jinbao
P2P
Lu Jin So
P2P
Greening Loan
P2P
Meili Finance
P2P
Mini Loan
P2P
Minsheng Credit Investment
P2P
You and Me Loan
P2P
Nono Lianke
P2P
Paipaidai
P2P
Inclusive financial management
P2P
Putiandai
P2P
Qidao Finance
P2P
Qianyi Finance
P2P
Qian Daddy
P2P
Qianba
P2P
Qianduoduo
P2P
Qianlai.com
P2P
Quqian
P2P
Renrendai
P2P
Everyone gathers money
P2P
Humanity loan
P2P
Rongbei.com
P2P
Financial Exchange
P2P
Financing Easy
P2P
UBS Venture Capital
P2P
Three Credits
P2P
Shan Yida
P2P
Shangfudai
P2P
Lettuce Finance
P2P
Shitou Finance
P2P
Shou E Home
P2P
Star Investment
P2P
Candy Finance
P2P
Tembon Ventures
P2P
Toumi.com
P2P
Toona.com
P2P
Tuandai.com
P2P
Tuodao Financial Services
P2P
Wanglibao
P2P
Weidai.com
P2P
Wenshangdai
P2P
Wenzhou Loan
P2P
Woshi Loan
P2P
Shanghai Financial Services
p>P2P
Small and Micro Finance
P2P
Xiaoying Financial Management
P2P
Small Rapeseed
P2P
Xinlian Online
P2P
Xinxindai
P2P
Xinhehui
P2P
Xinrong Wealth
P2P
Credit Bao
P2P
p>Xueshan Loan
P2P
Xunboda
P2P
Yidiantong
P2P
Yirendai
P2P
Yidai.com
P2P
Pterodactyl Loan
P2P
Yinbake
P2P
Yindou.com
P2P
Yinhu.com
p>P2P
Yinke.com
P2P
Yinqiao.com
P2P
Yongli Bao
P2P
Liyi.com
P2P
Yourong.com
P2P
Guangdong Business Loan
P2P
Jiujiu Loan
P2P
China Merchants Loan
P2P
Zheshang E Loan
P2P
CGN Rich Ying
P2P
Zhongrongbao
P2P
Zhongrui Wealth
P2P
Zhongjin Online
P2P
Zhongxin Finance
P2P
Jewelry Loan
P2P
p>28 Crowdfunding
Crowdfunding
36氪
Crowdfunding
58 Crowdfunding Network
Crowdfunding
91 Crowdfunding
Crowdfunding
Efeninvest
Crowdfunding
erenfunding
Crowdfunding
V2IPO Maker
Crowdfunding
Love Entrepreneurship
Crowdfunding
Aijutou
Crowdfunding
Aijiutoushe
Crowdfunding
Baizhouhui
Crowdfunding
Peking University Entrepreneurship Crowdfunding
Crowdfunding
Local Crowdfunding
Crowdfunding
Bole Hetou
Crowdfunding
Bodian.com
Crowdfunding
Wealth Crowdfunding
Crowdfunding
CheCheCheChe
Crowdfunding
Crowdfunding
Crowdfunding
Chouqu.com
Crowdfunding
Touch crowdfunding
Crowdfunding
Venture Capital Circle
Crowdfunding
Venture Capital Online
Crowdfunding
Chuangwei.com
Crowdfunding
Entrepreneurial e-home
Crowdfunding
Everyone invests
Crowdfunding
Everyone funds
Crowdfunding
Everyone invests
Crowdfunding
daiibangcrowdfunding
crowdfunding
danya.com
crowdfunding
The Fifth Creation
Crowdfunding
Dongzhibei
Crowdfunding
Colorful Investment
Crowdfunding
Honeycomb Crowdfunding
Crowdfunding
Guchiou.com
Crowdfunding
Shareholder Exchange
Crowdfunding
Equity Store
Crowdfunding
Guzhong.com
Crowdfunding
Hai Turtle Crowdfunding
Crowdfunding
Hai Lili
Crowdfunding
Partnership Circle
Crowdfunding
Partnership China
Crowdfunding
And Cloud Funding
Crowdfunding
Black Horse Island
p>Crowdfunding
Huimeng Commune
Crowdfunding
Beijing Crowdfunding
Crowdfunding
JD.com
Crowdfunding
Jiujiu Crowdfunding
Crowdfunding
Aggregation Win
Crowdfunding Raising
Jufunding Crowdfunding
Crowdfunding
Gathering the World
Crowdfunding
Happy Investment-
Crowdfunding
Tatad Crowdfunding
Crowdfunding
Laichou.com
Crowdfunding
Legeng
Crowdfunding
Lezhuge
Crowdfunding
Lingcai.com/Crowdfunding Office
Crowdfunding
Niutou Crowdfunding
Crowdfunding
Qilu Crowdfunding
Crowdfunding
Qilin Crowdfunding
Crowdfunding
Car Crowdfunding
Crowdfunding
Co-investment
Crowdfunding
Qingtong Tree
Crowdfunding
All crowdfunding
Crowdfunding
Everyone partners
Crowdfunding
Everyone invests
Crowdfunding
Shaanxi Crowdfunding
Crowdfunding
Angel Investment
Crowdfunding
Angel Fund Network
Crowdfunding
Angel Street
Crowdfunding
Angel Guest
Crowdfunding
Uncle Angel
Crowdfunding
Angel Camp
Crowdfunding
Tiantian Investment
Crowdfunding
p>Tongcaihui
Crowdfunding
Investment Banking Circle
Crowdfunding
Touhu.com
Crowdfunding
Investment and Finance Industry
Crowdfunding
Micro Investment Network
Crowdfunding
Wenqiu Net
Crowdfunding
Hope Funding
Crowdfunding
Xiangshan Crowdfunding
Crowdfunding
Xiaocao Crowdfunding
Crowdfunding
Collaborative Workshop
Crowdfunding
Xinchi Institute
Crowdfunding
Spark Investment
Crowdfunding
Yizhou.com
Crowdfunding
Yiwang Crowdfunding
Crowdfunding
Roundtable
Crowdfunding
Source_Crowdfunding
Crowdfunding
Yun'an Financial Services
Crowdfunding
Yunchi
Crowdfunding
Yunyanshe
Crowdfunding
Zhijinhui
Crowdfunding
Zhirui Chuangxiang
Crowdfunding
CSI Public Innovation
Crowdfunding
Crowdfunding State
Crowdfunding
Crowdfunding World
Crowdfunding
Crowdfunding
Crowdfunding
Crowdfunding
Crowdfunding
Crowdfunding Jiatou
Crowdfunding
Zhongtou Bang
Crowdfunding
Crowdinvestor
Crowdfunding
Crowdinvest Society
Crowdfunding
Crowdinvest World
Crowdfunding
Crowdsource Crowdfunding
p>Crowdfunding
Crowdfunding
Crowdfunding
Intercontinental United
Crowdfunding
DreamChasing.com
Crowdfunding
Capital Exchange
Crowdfunding
President Exchange
Crowdfunding
Alibaba Huabei
Consumer Finance
Aixuedai
Consumer Finance
Baidu Money
Consumer Finance
BBC Consumer Finance
Consumer Finance
Dingli Installment
Consumer Finance
Instalment Fan
Consumer Finance
Instalment Manager
Consumer Finance
Instalment Music
Consumer Finance
p>Fuyidai
Consumer Finance
Guaniu Installment
Consumer Finance
Gome Consumer Finance
Consumer Finance
Haier Consumer Finance
Consumer Finance
Hubei Consumer Finance
Consumer Finance
Jie Credit Finance
Consumer Finance
Jie Credit Consumer Finance
Consumer Finance
Financial No. 1 Store
Consumption Finance
Financial Cat
Consumer Finance
Jincheng Consumer Finance
Consumer Finance
JD Baitiao
Consumer Finance
Orange Installment
Consumer Finance
Consumer Finance Now
Consumer Finance
Prestigious School Loan
Consumer Finance
p>Ping An Consumer Finance
Consumer Finance
Renren Installment
Consumer Finance
Suning Consumer Finance
Consumer Finance
Tiantian Installment
Consumer Finance
Wanda Consumer Finance
Consumer Finance
First Huahua
Consumer Finance
Xintong Bag
Consumer Finance
Industrial Consumer Finance
Consumer Finance
Excellent installments
Consumer Finance
BOC Consumer Finance
Consumer Finance
---Related questions and answers: Fuchun Is the P2P financial management platform safe? Are there any risks? Will the Fuchun loan platform go away?
Refer to Ezubao, Daweibao, etc. p2p
Many have been investigated or gone away
Last year, there was a thunder The platform has exceeded 800 companies
It is recommended not to participate
Please accept the answer if you are satisfied!