To no one’s surprise, internet of things (IoT) device insecurity has emerged as a top concern and top driver of internet attack traffic in the first half of 2019. According to our new report, Attack Landscape H1 2019, which details traffic measured by F-Secure’s global network of honeypots, the number of attack events measured from January through June was twelve times higher when compared with the same period in 2018, an increase largely driven by IoT-related traffic.
The largest share of attack traffic, 760 million events, was measured on the Telnet protocol, which is used by IoT devices (compared with 611 million events in our last report). Following that was 611 million events measured on UPnP, which is also employed by IoT “things.” It’s also no surprise then, that malware found in the honeypots was dominated by various versions of Mirai, which infects IoT devices that use default credentials and co-opts those devices into botnets that conduct DDoS attacks.
Traffic to SMB port 445 also had a very strong showing, with 556 million events. Two years after WannaCry, EternalBlue and related exploits still maintain high popularity due to large numbers of still-unpatched servers around the world.
Other findings in the report include:
- Countries whose IP spaces played host to the highest numbers of attack sources were China, the US, Russia and Germany.
- Countries to which the most attacks were directed were the US, Austria, Ukraine, UK, Netherlands and Italy.
- The most common delivery method for ransomware during the period was via remote desktop protocol (RDP) at 31% of cases.
- The greatest share of Telnet traffic came from the US, Germany, UK and the Netherlands.
- The greatest share of SMB traffic came from China.
Check out the report for more details.Get the report