Attack traffic up by 32% in 2018
New research from cyber security provider F-Secure reports a significant increase in attack traffic in the latter half of 2018. But, while attacks are increasing, it seems many companies are struggling with incident detection.
Attack traffic observed by F-Secure's network of decoy honeypots in 2018 increased by 32% over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.
Recent survey data suggests many companies may not have the visibility they need to catch attacks that make it past preventative measures like firewalls and endpoint protection. F-Secure's survey* found 22% of companies did not detect a single attack in a 12-month period. Twenty percent of respondents detected a single attack during that timeframe, and 31% detected two to five attacks.
For perspective, F-Secure's detection and response solutions detected 15 threats in a single month at a company with 1 300 endpoints** and seven threats in a single month at a company with 325 endpoints***. Roughly one-third of F-Secure's survey respondents indicated they were using a detection and response solution or service.
None of these trends surprise F-Secure Vice-President of Cyber Security Products Research & Development Leszek Tasiemski.
"Today's threats are completely different from 10 or even five years ago. Preventative measures and strategies won't stop everything anymore, so I've no doubt that many of the companies surveyed don't have a full picture of what's going on with their security," Tasiemski said. "Many organisations don't really value security until an incident threatens to cost them a lot of money, so I'm not completely surprised that there are companies detecting zero attacks over the course of a year."
Additional highlights in F-Secure's research include:
* Telnet was the most commonly targeted TCP port, which is likely the result of increasing numbers of compromised Internet of things (IOT) devices searching for additional vulnerable devices.
* Companies working in finance and ICT detected the most attacks, while organisations in healthcare and manufacturing detected the fewest.
* The largest source and destination of observed attack traffic were US-based IP addresses.
* Nginx was the most popular source of Web-based attacks.
"Organisations that run detection and response solutions tend to have a better understanding of what should and shouldn't be done, both to prepare against attacks and in the event of an attack taking place," comments Grant Chapman, MD of local F-Secure Distributor CyberVision. "Not only does F-Secure's RDR provide visibility into a network's attack surface to identify vulnerabilities and help put measures in place to ensure that most of the standard attacks get blocked, but it also suggests preventative measures that need to be taken to protect a network further," he adds.
Incident detection and response are fundamental in maintaining a healthy security strategy in any organisation, the majority of which usually take months or even years to figure out that they have indeed already been breached. This is one of the compelling reasons as to why organisations need to shift their focus from trying to prevent all the possible threats out there to detecting and stopping the incidents that are bypassing their basic protection.
F-Secure's Rapid Detection & Response (RDR) is a dedicated incident detection and response solution that has been configured by F-Secure to only collect events related to potential threats. The F-Secure RDR solution includes lightweight intrusion detection sensors for endpoints, networks and decoy servers that are deployed across an organisation's IT infrastructure. The sensors monitor activities initiated by the attackers and stream all the information to F-Secure's cloud in real-time.