Ransomware getting more fearsome, but there’s reason for optimism

Cybercriminals continued a barrage of attacks in 2019, spurred on by botnets of infected IoT devices and by attacker interest in the Eternal Blue vulnerability. A report from F-Secure documents a steep increase in attack traffic in 2019 that was unmatched by previous years.

attack traffic

There have been 2.8 billion attack events in the second half of the year. After 2.9 billion in the first half of the year, the yearly total rings in at 5.7 billion attacks. For comparison, 2018 saw just over 1 billion attacks, while 2017 saw 792 million.

Traffic was dominated by attacks hitting the SMB protocol, indicating attackers are still very much interested in using worms and exploits related to Eternal Blue. Telnet traffic and attacks hitting SSH were also high, indicating continued high attacker interest in IoT devices. Malware found in the honeypots was dominated by various versions of Mirai.

Ransomware becoming more targeted and impactful

While ransomware spam was observed to have dropped during the course of the year, ransomware itself became more targeted and impactful, inflicting greater damage, targeting enterprises, and demanding sums in the hundreds of thousands of dollars. Modular malware employed a range of tricks, one of which was dropping ransomware as a second stage payload.

“The last decade was pretty bad for information security, but the next one will be better,” says Mikko Hypponen, Chief Research Officer at F-Secure.

“It doesn’t always look like it, but we are getting better. In the middle of news on major breaches and data leaks, it might look it’s getting worse, but it isn’t. If you look at the level of security tools we were using in 2010 and today, it’s like night and day. We are going in the right direction.”

Other findings

  • Countries whose IP spaces played host to the highest numbers of attack sources were the US, China, Russia and Ukraine.
  • Countries where the most attacks were directed were the Ukraine, China, Austria and the US.
  • The most common delivery method for ransomware during the period was via manually installed/second stage payloads at 28%, followed by email/spam.
  • The greatest share of Telnet traffic came from the US, Armenia, the UK, Bulgaria and France.
  • The greatest share of SMB traffic came from the Philippines and China.

attack traffic

“Spam continued to be popular amongst attackers in 2019. It preys on unsuspecting individuals, making the lack of awareness about threats a weak link for companies, and a lucrative target for malware authors,” says Calvin Gan, Manager at F-Secure‘s Tactical Defense Unit.

“And with attacks becoming more sophisticated, such as ransomware infections that escalate into data breaches, it’s more important than ever for organizations to improve their cyber defenses in preparation for these attacks.”

Don't miss