March 5, 2019 |

Attack traffic up by 32 percent in 2018

F-Secure’s research highlights increase in attacks but survey data shows companies still struggle with incident detection

Helsinki, Finland – March 5, 2019: New research from cyber security provider F-Secure reports a significant increase in attack traffic in the latter half of 2018. But while attacks are increasing, it seems many companies are struggling with incident detection.

Attack traffic observed by F-Secure’s network of decoy honeypots in 2018 increased by 32 percent over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.

Recent survey data suggests that many companies may not have the visibility they need to catch attacks that make it past preventative measures like firewalls and endpoint protection. F-Secure’s survey* found that 22 percent of companies did not detect a single attack in a 12-month period. 20 percent of respondents detected a single attack during that time frame, and 31 percent detected 2-5 attacks.

For perspective, F-Secure’s detection and response solutions detected 15 threats in a single month at a company with 1300 endpoints,** and 7 threats in a single month at a company with 325 endpoints.*** Roughly one third of F-Secure’s survey respondents indicated that they were using a detection and response solution or service.

None of these trends surprise F-Secure Vice President of Cyber Security Products Research & Development Leszek Tasiemski.

“Today’s threats are completely different from 10 or even 5 years ago. Preventative measures and strategies won’t stop everything anymore, so I’ve no doubt that many of the companies surveyed don’t have a full picture of what’s going on with their security,” Tasiemski said. “Many organizations don’t really value security until an incident threatens to cost them a lot of money, so I’m not completely surprised that there are companies detecting zero attacks over the course of a year.”

Additional highlights in F-Secure’s research include:

  • Telnet was the most commonly targeted TCP port, which is likely the result of increasing numbers of compromised internet-of-things devices searching for additional vulnerable devices
  • Companies working in finance and ICT detected the most attacks, while organizations in healthcare and manufacturing detected the fewest
  • The largest source and destination of observed attack traffic were US-based IP addresses
  • Nginx was the most popular source of web-based attacks

“We find that companies running detection and response solutions tend to have a better grasp of what they’re doing right and what they’re doing wrong. Ideally, the visibility these solutions have will show companies that they’re blocking most of the standard, opportunistic attacks, like the ones our public honeypots usually attract. But these solutions will also pick up what preventative measures like firewalls or endpoint protection misses, which makes detection and response a pretty invaluable part of a healthy security strategy,” said Tasiemski.

*Source: Survey consisted of an online survey of 3350 IT decision makers, influencers, and managers from 12 countries

**Source: https://www.f-secure.com/documents/10192/2310496/RDS-Service-Overview.pdf/

***Source: https://www.f-secure.com/documents/10192/2317861/F-Secure_Broad_Context_Detection_whitepaper-web.pdf/

More information

Attack landscape H2 2018: Attack traffic increases fourfold

About F-Secure

Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com twitter.com/fsecure | facebook.com/f-secure

Latest Press Releases

May 29, 2020

A start button for securing cloud-based email

F-Secure Cloud Protection for Microsoft Office 365 is built to secure inboxes as businesses move to cloud-based email services.

May 22, 2020

F-Secure becomes Premier Member of The Fiber Broadband Association’s LATAM Chapter

Helsinki, Finland – May 22, 2020: Cyber security provider F-Secure has become the newest Premier Member of the LATAM chapter of the Fiber Broadband Association – the largest and only trade association in the Americas dedicated to the pursuit of an all-fiber optic network infrastructure. As a Premier Member, F-Secure will support the organization providing […]

May 13, 2020

F-Secure UK completes study on intelligent transport system security

Research highlights threats and security challenges facing the UK’s emerging driverless transportation infrastructure.

April 30, 2020

New vulnerabilities make exposed Salt hosts easy targets

“Patch by Friday or compromised by Monday,” warns F-Secure Principal Consultant Olle Segerdahl. “That’s how I’d describe the dilemma facing admins who have their Salt master hosts exposed to the internet.” Olle’s warning is a reference to new Salt vulnerabilities (CVE-2020-11651 and CVE-2020-11652) disclosed earlier today in an F-Secure Labs advisory. Salt is open-source software […]

%d bloggers like this: