F-Secure's global network of honeypots saw 2.8 billion attack events in the second half of the year. After 2.9 billion in the first half of the year, the yearly total rings in at 5.7 billion attacks. For comparison, 2018 saw just over 1 billion attacks, while 2017 saw 792 million.
Traffic was dominated by attacks hitting the SMB protocol, indicating attackers are still very much interested in using worms and exploits related to Eternal Blue. Telnet traffic and attacks hitting SSH were also high, indicating continued high attacker interest in IoT devices. Malware found in the honeypots was dominated by various versions of Mirai.
While ransomware spam was observed to have dropped during the course of the year, ransomware itself became more targeted and impactful, inflicting greater damage, targeting enterprises, and demanding sums in the hundreds of thousands of dollars. Modular malware employed a range of tricks, one of which was dropping ransomware as a second stage payload.
The report also features a look back at the past ten years of information security, a decade marked by spates of breaches, the emergence of nation state malware, and devastating supply chain attacks. But going forward, there is reason for optimism, says Mikko Hypponen, Chief Research Officer at F-Secure.
“The last decade was pretty bad for information security, but the next one will be better,” says Hypponen. “It doesn't always look like it, but we are getting better. In the middle of news on major breaches and data leaks, it might look it's getting worse, but it isn't. If you look at the level of security tools we were using in 2010 and today, it's like night and day. We are going in the right direction.”
Other findings from the report include:
“Spam continued to be popular amongst attackers in 2019. It preys on unsuspecting individuals, making the lack of awareness about threats a weak link for companies, and a lucrative target for malware authors,” says Calvin Gan, Manager at F-Secure's Tactical Defense Unit. “And with attacks becoming more sophisticated, such as ransomware infections that escalate into data breaches, it’s more important than ever for organizations to improve their cyber defenses in preparation for these attacks.”