The number of cybersecurity attacks events measured from January through June was twelve times higher when compared with the same period in 2018, an increase largely driven by IoT-related traffic, according to the Attack Landscape H1 2019 by F-Secure. In the first half of 2019, F-Secure's global network of honeypots measured more than triple the attack traffic of the previous period, to a total of over 2.9 billion events.
"Our honeypots are decoy servers that we’ve set up in countries around the world to gauge trends and patterns in what’s going on in the global cyber attack landscape. We’ve configured them to look like actual servers, inviting the type of traffic that hits actual servers. Honeypots are highly effective tools for collecting information on the methods and target selection processes used by modern attackers. They can also be a good source of malware samples and shell scripts," says the report.
"The largest share of attack traffic, 760 million events, was measured on the Telnet protocol, which is used by IoT devices (compared with 611 million events in the last report). Following that was 611 million events measured on UPnP, which is also employed by IoT “things.” It’s also no surprise then, that malware found in the honeypots was dominated by various versions of Mirai, which infects IoT devices that use default credentials and co-opts those devices into botnets that conduct DDoS attacks," says a F-Secure blog.
Additional findings in the report include:
- Countries whose IP spaces played host to the highest numbers of attack sources were China, the US, Russia and Germany.
- Countries to which the most attacks were directed were the US, Austria, Ukraine, UK, Netherlands and Italy.
- The most common delivery method for ransomware during the period was via remote desktop protocol (RDP) at 31 percent of cases.
- The greatest share of Telnet traffic came from the US, Germany, UK and the Netherlands.
- The greatest share of SMB traffic came from China.
- 99.9% of traffic to honeypots is automated traffic coming from bots, malware and other tools. Attacks may come from any sort of connected computing device – a traditional computer, malwareinfected smartwatch or IoT toothbrush can be a source.
- Malware found in the honeypots is dominated by various versions of Mirai, which is still going strong three years after it first burst onto the scene in 2016. Mirai targets IoT devices such as IP cameras and routers, infects those using default credentials, and co-opts them into botnet armies.