Cybersecurity
SIX MILLION C YBER AT TACK S ON POL AND IN THE SPACE OF A YE AR JERZY BOJANOWICZ
B
etween 1 June 2017 and 1 June 2018 more than six million attempts at a cyberattack against Poland were made, which is an average of 700 per hour. The attacks came mainly from the United States, France and Russia. Jerzy Bojanowski comments on the scale of this phenomenon: “Our systems have detected almost 1.5 million cyberattack attempts coming from the US. Interestingly enough, almost a third of them were launched at Christmas. Sixty percent of the incidents involved HTTPS and HTTP traffic, which means that servers were scanned for online applications, whose gaps could be taken advantage of to steal data or take control of specific devices,” said Leszek Tasiemski, Vice-President, R&D at F-Secure (NASDAQ OMX Helsinki Ltd.), a corporation established in 1988. To obtain this information, Honeyspot (a proprietary network) servers posing as easy targets were used to bait cybercriminals. Once attacked by hackers, these servers collect valuable data, which can later be used to develop new methods of countering cyberthreats. As far as attacks coming from France are concerned, most of the incidents involved SMTP attacks, suggesting phishing, which are fraudulent attempts to obtain sensitive data, such as user names, by posing as individuals or institutions. “More than 90 percent of the cyberattacks were launched in the second half of August, with 12 percent coming from only three IP addresses, suggesting that they could have belonged to major organisations using thousands of computers. This could mean that France had been affected by a mass infection at the time. We should keep in mind, however, that online locations tend to be elusive, with cybercriminals often operating beyond national borders. The last “stop” of the attacker is identified as the source of the attack, but it is not necessarily consistent with the physical location. This means that devices in France might have been used by hackers from another country to launch attacks,” Tasiemski explained. As for cyberattacks coming from Russian IP addresses, almost 85 percent of the attempts involved the SMB protocol, which means that hackers were probably distributing ransomware. This traffic was steady
58 polish market
over the year, with a clear surge in August. Chinese cyberattackers, in turn, have become experts in finding and taking advantage of unprotected database servers (MySQL). “In most cases, they use them to steal valuable information, embezzle money via transaction processing systems (e.g. by disguising as online stores), or take over control of devices,” Tasiemski explained. “By exposing any database directly to public web traffic, the admin commits a fundamental mistake. Consequently, hackers know that if they encounter such a database, it is very likely that it will be poorly protected and misconfigured. Luckily, this is not an issue for banks and other major financial institutions, so our money is safe from this threat”. When it comes to other countries which were listed as the main sources of cyberattacks on Poland, a large majority of detected incidents involved spamming, which could lead to ransomware- or phishing-based attacks. Thanks to the Honeyspot network, we could draw up a map of the main targets in Poland. These included, in order of the number of attacks, Warsaw, Poznań, Kraków, Gdańsk and Wrocław. This can be attributed to the large populations of these cities, and, by extension, the big numbers of devices used in them. Also, communication nodes of Internet providers are located in major cities, generating heavy Internet traffic. “The number of cyberattacks against Poland in the first half of 2018 was two times higher than in the same period of 2017. Perhaps the biggest surprise was that Russia had been less active. So far, this country has been by far the most active location on the map of cyberthreats. Now, we believe that the number of cyberattacks is more likely to be associated with the size of the country, which could explain the increased activity coming from the US,” Tasiemski summed up. Among the prevailing cyber threat trends are phishing, ransomware attacks, and attempts to take advantage of security gaps in applications, mostly in order to take control over devices, especially those • used in Internet of Things (IoT) solutions.