Attack traffic up by 32% in 2018

Johannesburg, 15 Apr 2019
Read time 3min 20sec

New research from cyber security provider F-Secure reports a significant increase in attack traffic in the latter half of 2018. But, while attacks are increasing, it seems many companies are struggling with incident detection.

Attack traffic observed by F-Secure's network of decoy honeypots in 2018 increased by 32% over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.

Recent survey data suggests many companies may not have the visibility they need to catch attacks that make it past preventative measures like firewalls and endpoint protection. F-Secure's survey* found 22% of companies did not detect a single attack in a 12-month period. Twenty percent of respondents detected a single attack during that timeframe, and 31% detected two to five attacks.

For perspective, F-Secure's detection and response solutions detected 15 threats in a single month at a company with 1 300 endpoints** and seven threats in a single month at a company with 325 endpoints***. Roughly one-third of F-Secure's survey respondents indicated they were using a detection and response solution or service.

None of these trends surprise F-Secure Vice-President of Cyber Security Products Research & Development Leszek Tasiemski.

"Today's threats are completely different from 10 or even five years ago. Preventative measures and strategies won't stop everything anymore, so I've no doubt that many of the companies surveyed don't have a full picture of what's going on with their security," Tasiemski said. "Many organisations don't really value security until an incident threatens to cost them a lot of money, so I'm not completely surprised that there are companies detecting zero attacks over the course of a year."

Additional highlights in F-Secure's research include:

* Telnet was the most commonly targeted TCP port, which is likely the result of increasing numbers of compromised Internet of things (IOT) devices searching for additional vulnerable devices.
* Companies working in finance and ICT detected the most attacks, while organisations in healthcare and manufacturing detected the fewest.
* The largest source and destination of observed attack traffic were US-based IP addresses.
* Nginx was the most popular source of Web-based attacks.

"Organisations that run detection and response solutions tend to have a better understanding of what should and shouldn't be done, both to prepare against attacks and in the event of an attack taking place," comments Grant Chapman, MD of local F-Secure Distributor CyberVision. "Not only does F-Secure's RDR provide visibility into a network's attack surface to identify vulnerabilities and help put measures in place to ensure that most of the standard attacks get blocked, but it also suggests preventative measures that need to be taken to protect a network further," he adds.

Incident detection and response are fundamental in maintaining a healthy security strategy in any organisation, the majority of which usually take months or even years to figure out that they have indeed already been breached. This is one of the compelling reasons as to why organisations need to shift their focus from trying to prevent all the possible threats out there to detecting and stopping the incidents that are bypassing their basic protection.

F-Secure's Rapid Detection & Response (RDR) is a dedicated incident detection and response solution that has been configured by F-Secure to only collect events related to potential threats. The F-Secure RDR solution includes lightweight intrusion detection sensors for endpoints, networks and decoy servers that are deployed across an organisation's IT infrastructure. The sensors monitor activities initiated by the attackers and stream all the information to F-Secure's cloud in real-time.


Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure's sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach, called Live Security. F-Secure's security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki.


CyberVision is an IT security value-added distribution company that conducts business throughout Africa through a variety of resellers of various sizes and differing specialisations. The key personnel at CyberVision individually have over 20 years each of experience in data and network security with F-Secure's solutions and have supplied services to many types of organisations in Africa, ranging from SMEs to large banks, insurers and government departments. Working with leading organisations in industry has resulted in an extensive understanding of security, allowing for a competitive advantage when it comes to ensuring the right solutions are in place to adequately secure the networks of organisations of all sizes and types.

With offices in Johannesburg and Cape Town, as well as a presence in KwaZulu-Natal, CyberVision has full-service teams capable of providing resellers and their customers with the necessary support services to ensure their endpoint protection, vulnerability scanning and penetration testing is conducted efficiently and effectively to help prevent security breaches on their networks. All F-Secure solutions are relied on for much of CyberVision's security expertise in mitigating risks and helping organisations manage complex security challenges with a business-focused man-and-machine combined approach.

Editorial contacts
Camsoft Solutions Grant Chapman (0800) 616 765
Login with