You rarely have to go looking for cyber security news anymore.
Whether it’s WannaCry, NotPetya or a vulnerability in solar panels that could lead to hackers targeting the electrical grid, the security of computers is headline news and it’s increasingly synonymous with the securing of society.
To make sure our customers our customers are protected from the latest threats, F-Secure employs an international network of “honeypots.” These decoy servers attract the attention of attackers by seemingly offering some sort of valuable data. By looking at where the attacks on these servers are coming from, we get a snapshot of where attackers are coming from, whom they’re after and how they’re trying to get in.
The big news is that our honeypots have found a lot more cyber attacks being attempted. The connections to these servers in the first half of this year jumped 223 percent over the second half of last year.
Here’s a quick look some of other key findings from our new report “Attack Landscape H1 2017,” which you can download from here.
Russia-to-United States is the most common attack trajectory
Identifying a country as a source of an attack doesn’t mean the attackers themselves are located inside the country, the report notes. The Netherlands, for instance, is known for its “bulletproof” hosting services.
Attackers are increasingly interested in hiding their attentions
Cyber criminals seem to be quickly shifting their tactics and adopting a new focus on hiding their intentions.
“As much as they can, attackers try to appear as a normal user,” the report says, even as 66 percent carried a payload of executable files and the other third carried “fileless” scripts and commands.
IoT devices are being targeted
Last fall, the Mirai botnet utilized web-connected devices to wage the largest denial of service attack in history. In 2017, Attackers continue to see the explosion of IoT hardware, like surveillance cameras and other connected home devices, as a continuing opportunity.
The honeypots found a “jump in the volume of traffic scanning port 1900, the standard port for the SSDP protocol, which enables discovery of Universal Plug and Play devices. Port 1900 was the most-probed port, up from fifth place previously, an indication that the practice of targeting IoT devices has only accelerated…”
Leave a comment