Attack traffic observed by F-Secure’s network of decoy honeypots in 2018 increased by 32 percent over the previous year and increased fourfold in the latter half of 2018 compared with the first half of the year, the Finnish cybersecurity company has shared.
At the same time, many companies are still struggling with incident detection.
Companies are unprepared
F-Secure has asked 3350 IT decision makers, influencers, and managers from 12 countries questions about attacks they have detected in the last year and 22 percent of the pollees said their companies did not detect a single attack.
20 percent of respondents detected a single attack during that time frame, and 31 percent detected 2-5 attacks.
(For perspective, F-Secure’s detection and response solutions detected 15 threats in a single month at a company with 1300 endpoints, and 7 threats in a single month at a company with 325 endpoints.)
The results of the survey have also shown that:
- Telnet was the most commonly targeted TCP port, which is likely the result of increasing numbers of compromised Internet-of-Things (IoT) devices searching for additional vulnerable devices
- Companies working in finance and ICT detected the most attacks, while organizations in healthcare and manufacturing detected the fewest
- The largest source and destination of observed attack traffic were US-based IP addresses
- Nginx was the most popular source of web-based attacks.
Lack of visibility
Roughly one third of F-Secure’s survey respondents indicated that they were using a detection and response solution or service, meaning that the rest may not have the visibility they need to catch attacks that make it past firewalls and endpoint protection solutions.
“Today’s threats are completely different from 10 or even 5 years ago. Preventative measures and strategies won’t stop everything anymore, so I’ve no doubt that many of the companies surveyed don’t have a full picture of what’s going on with their security,” noted Leszek Tasiemski, F-Secure VP of Cyber Security Products Research & Development.
But, he notes, today’s threats are completely different from 10 or even 5 years ago and preventative measures and strategies won’t stop everything anymore.
“We find that companies running detection and response solutions tend to have a better grasp of what they’re doing right and what they’re doing wrong. Ideally, the visibility these solutions have will show companies that they’re blocking most of the standard, opportunistic attacks, like the ones our public honeypots usually attract. But these solutions will also pick up what preventative measures like firewalls or endpoint protection miss, which makes detection and response a pretty invaluable part of a healthy security strategy,” he concluded.