2019 proves a bumper year for cyber attacks
Cyber criminals launched a barrage of attacks in 2019, spurred on by botnets of infected IoT devices and by attacker interest in the Eternal Blue vulnerability.
Security company F-Secure's global network of honeypots saw 5.7 billion attacks during the year. For comparison, 2018 saw just over one billion attacks, while 2017 saw 792 million.
Traffic was dominated by attacks hitting the SMB protocol, indicating that attackers are still very much interested in using worms and exploits related to Eternal Blue. Telnet traffic and attacks hitting SSH were also high, showing continued high attacker interest in IoT devices. Malware found in the honeypots was dominated by various versions of Mirai.
The volume of ransomware spam dropped during the course of the year, but ransomware itself became more targeted and inflicted greater damage, targeting enterprises, and demanding sums in the hundreds of thousands of dollars. Modular malware employed a range of tricks, one of which was dropping ransomware as a second stage payload.
"The last decade was pretty bad for information security, but the next one will be better," says Mikko Hypponen, chief research officer at F-Secure. "It doesn't always look like it, but we are getting better. In the middle of news on major breaches and data leaks, it might look it's getting worse, but it isn't. If you look at the level of security tools we were using in 2010 and today, it's like night and day. We are going in the right direction."
Other key findings include that the IP spaces of the US, China, Russia and Ukraine played host to the highest numbers of attack sources. Countries where the most attacks were directed were the Ukraine, China, Austria and the US.
The most common delivery method for ransomware during the period was via manually installed/second stage payloads at 28 percent, followed by email spam.
You can find out more and get the full report on the F-Secure blog.