Cyber security is no longer a niche issue discussed only among IT techs and CISOs. It constantly comes up in major news in the form of large-scale breaches and data leaks. The rapidly increasing volume and severity of cyber attacks has forced everyone to take information security seriously – even those who previously wished to have nothing to do with it.
2016 was one of the biggest years yet in terms of cyber security: ransomware effectively went mainstream, hackers interfered in the US election, an IoT botnet caused a large scale internet outage, and we witnessed huge data leaks such as Panama Papers and Yahoo.
How do we monitor the threat landscape to help defend against these types of threats? In addition to following the news and keeping our ears open within the community, we also gather data through other means, one of which is our honeypot network.
Simply put, honeypots are decoy servers which are used to attract the attention of attackers by seemingly offering them valuable data – in reality, the location hosting the data is isolated and monitored, allowing those who deployed the honeypot to gather important information about an attack, such as its source location and type.
F-Secure utilizes a large international honeypot network to help us monitor the global threat landscape on an overall level. In addition, we install honeypots to the private networks of the customers using our Rapid Detection Service (RDS) solution.
Looking at the data gathered from our honeypots during the first half of this year, we have some news: as bad as 2016 might have seemed, 2017 is looking to be even worse.
Compared with data from H2 2016, our sensors logged over twice as many attacks during the first half of 2017. Although some of this can be attributed to improvements in our technology and an increase in the number of honeypots in our network, a surge this large can only mean one thing: cyber attacks are on the rise.
According to our data, traffic from IP addresses geolocated in Russia comprises almost half of the total global volume. Right behind Russia are old favorites the US, Netherlands, Germany and China – Belgium also appears as a new contender. The most common target countries have roughly stayed the same: most attacks are directed against the US, Netherlands, Germany and the United Kingdom.
In addition to increasing their attack volumes, hackers are also constantly evolving their methods. For example, attackers are increasingly often attempting to pose as normal users within a network, effectively disguising themselves among the standard traffic. They are also focusing on making remote connections to target computers, moving away from the more “noisy” methods of the past, such as port scanning. They continue to target new attack surfaces such as IoT devices (we noticed that UPnP port 1900 saw a spike in traffic) and they are quick to incorporate new attack tools such as the leaked NSA exploits from the Shadow Brokers dump (traffic to SMB port 445 also saw a jump).
So, what does all this mean for the average company?
Firstly, the probability of you being attacked has increased significantly. Be it a targeted breach attempt, or a malware wave being directed towards anyone who happens to cross its path, you and your organization are potential targets. To-do list? Make sure you’re running the latest version of your operating system, enable auto-updates for applications and deploy necessary software to shield you from attacks. Create a solid operations security (OpSec) protocol, and ensure that all employees follow it to minimize the risk of your organization falling victim to various social engineering tactics.
Secondly, attackers are getting smarter and better by the day. It is increasingly likely that something will slip through the cracks of your security program (often resulting from poor OpSec or human error), and endanger your operations. You need to be properly equipped to both detect and respond to attacks when they happen. To this end, familiarize yourself with the basic principles of MDR and, if possible, hire a cyber security company to monitor your data traffic. It is also smart to create effective and realistic contingency plans in case your organization gets hit.
Maintaining effective information security is a constant uphill struggle: you are never done. It can sometimes seem frustrating and pointless to invest so much time and money into staying up-to-date with the latest attack trends, and still being forced to watch over your shoulder on a daily basis. But trust us: it’s much better than the alternative. The consequences of a company-wide security compromise are often immeasurable – even irreversible.
Cyber security requires a lot of work. The only consolation we can offer you is this: you don’t have to do it alone.
Download the full report and infographic for a more comprehensive look into the latest attack trends.