pinkeyes - stock.adobe.com

F-Secure reports a steep rise in hacking attempts

An increase in distributed denial of service attacks pushes up the volume of identified rogue internet traffic to almost three billion

The latest Attack landscape H2 2019 report from F-Secure has found that there has been a jump in the volume of cyber attacks targeting internet users.

In the report, F-Secure said that in the first half of 2019, the company’s global network of honeypots experienced a jump in cyber attack traffic.

The volume of such attacks rose from 246 million in H1 2017 to 2.9 billion in H1 2019. In the second half of the year, according to F-Secure, the pace of attack traffic continued but at a slightly reduced rate. F-Secure said there were 2.8 billion hits to its honeypot servers in H2 2019. Distributed Denial of Service (DDos) attacks drove this deluge, accounting for two-thirds of the traffic.

Its research found that the US is the country whose IP space played host to the greatest number of attacks, followed by China and Russia. 

Looking at where attack traffic originated, the UK came sixth, with 80 million hits, compared with the US, which took the top spot for initiating attacks, with 566 million. Ukraine was the top attack destination, followed by China, Austria and the US, according to F-Secure’s data.

It found that the top aggressors hitting the Ukraine were the US, the Ukraine itself and Russia. In the number two spot, the top countries hitting China were China itself, the US and France, while Austria was hit by China, Russia and the US. Attacks hitting the US came primarily from the US itself, followed by Russia and China. The UK was the 7th most targeted country, with 136 million attacks.

In its report for H1 2019, F-Secure reported that telnet (port 23) was the most targeted network port for hackers, with 760 million attacks. But for H2 2019, F-Secure found that the SMB (server message block) port – on port 445 – took the first position as the most targeted port over the period.

Read more threat reports

F-Secure said this indicates that, as in the first half of the year, attackers are still keen to use SMB worms and exploits such as Eternal Blue. In the report, it noted that Trickbot, one of the top spam payloads hitting endpoint devices, leverages Eternal Blue as a means of spreading. 

Explaining the results, F-Secure said: “While that’s a reduction from a high of 760 million in H1 of 2019, it’s a continued indicator that attacks on an ever-growing pool of IoT devices are still going strong. The ease with which attackers can acquire tools such as Mirai, which enable high-volume, low-sophistication attacks, continues to result in the compromise of large numbers of these poorly secured devices.”

It found that brute-force attacks trying factory default usernames and passwords of IoT devices continues to be an effective method for recruiting these devices into botnets that can be used in DDoS attacks.

In the report, F-Secure stated: “In 2019, we identified four main infection vectors for the malware samples we have observed, most of which are ransomware variants. The most popular delivery method by far was via email and spam, which accounted for 43%. Nearly a quarter were second stage/followup payloads or were delivered manually through brute force or RDP (Microsoft remote desktop services) attacks. We also saw delivery through exploit kits and malvertising as well as software cracks, fake installers, and bundled applications.”

It also identified a new trend from late 2019, where ransomware such as Sodinokibi and Maze have begun threatening to publicly leak stolen data if payment is not remunerated. With the trend continuing into 2020, organisations should now be prepared to assume that a successful ransomware attack would also mean a data breach scenario, substantially raising the stakes for everyone, F-Secure warned.

In spite of the big rise in hacking attempts and attacks, Mikko Hypponen, chief research officer at F-Secure, is optimistic that IT security is getting better.

“The last decade was pretty bad for information security, but the next one will be better,” he said. “It doesn’t always look like it, but we are getting better. In the middle of news on major breaches and data leaks, it might look like it’s getting worse, but it isn’t. If you look at the level of security tools we were using in 2010 and today, it’s like night and day. We are going in the right direction.”

Read more on Endpoint security