Cyber criminals continued a barrage of attacks in 2019, spurred on by botnets of infected IoT devices and by attacker interest in the Eternal Blue vulnerability. A new report from cyber security provider F-Secure, Attack Landscape H2 2019, documents a steep increase in attack traffic in 2019 that was unmatched by previous years.
F-Secure's global network of honeypots saw 2.8 billion attack events in the second half of the year. After 2.9 billion in the first half of the year, the yearly total rings in at 5.7 billion attacks. For comparison, 2018 saw just over 1 billion attacks, while 2017 saw 792 million.
Traffic was dominated by attacks hitting the SMB protocol, indicating attackers are still very much interested in using worms and exploits related to Eternal Blue. Telnet traffic and attacks hitting SSH were also high, indicating continued, high attacker interest in IoT devices. Malware found in the honeypots was dominated by various versions of Mirai.
While ransomware spam was observed to have dropped during the course of the year, ransomware itself became more targeted and impactful, inflicting greater damage, targeting enterprises, and demanding sums in the hundreds of thousands of dollars. Modular malware employed a range of tricks, one of which was dropping ransomware as a second stage payload.
The report also features a look back at the past ten years of information security, a decade marked by spates of breaches, the emergence of nation state malware, and devastating supply chain attacks. But going forward, there is reason for optimism, says Mikko Hypponen, Chief Research Officer at F-Secure.
“The last decade was pretty bad for information security, but the next one will be better,” says Hypponen. “It doesn't always look like it, but we are getting better. In the middle of news on major breaches and data leaks, it might look like it's getting worse, but it isn't. If you look at the level of security tools we were using in 2010 and today, it's like night and day. We are going in the right direction.”
Other findings from the report include:
Countries whose IP spaces played host to the highest numbers of attack sources were the US, China, Russia, and Ukraine.
Countries where the most attacks were directed were the Ukraine, China, Austria, and the US.
The most common delivery method for ransomware during the period was via manually installed/second stage payloads at 28%, followed by email/spam.
The greatest share of Telnet traffic came from the US, Armenia, the UK, Bulgaria, and France.
The greatest share of SMB traffic came from the Philippines and China.
“Spam continued to be popular amongst attackers in 2019. It preys on unsuspecting individuals, making the lack of awareness about threats a weak link for companies, and a lucrative target for malware authors,” says Calvin Gan, Manager at F-Secure's Tactical Defense Unit. “And with attacks becoming more sophisticated, such as ransomware infections that escalate into data breaches, it’s more important than ever for organizations to improve their cyber defenses in preparation for these attacks.”