Russia Chucks Out The Majority Of Reconnaissance Cyber Attacks In 2016

Russia was responsible for the largest number of reconnaissance cyber attacks in 2016, with the US being the biggest target of such snooping attempts.

According to threat data harvested by cyber security company F-Secure from honeypot networks it set up to analyse Internet malicious Internet traffic directed to and from locations across the world, just ten nations are responsible for the majority of reconnaissance traffic in 2016.

Top of the list were reconnaissance attacks directed from Russia, contributing to 60 percent of the global volume of attacks. Second place went to the Netherlands and third to the US. China, Germany, France, Vietnam, the UK, Canada and the Ukraine followed respectively.

The US was the most targeted nation, with surprisingly the Netherlands following in a second place, with Germany a distant third. China, the UK, Japan, France, Russia, Ukraine and Turkey followed in that order.

It is worth noting that such attacks are often conducted using proxy servers to hide the real source of the traffic, and is likely that attacks coming from them are down to compromised infrastructure being exploited by hackers and criminal enterprises to launch distributed denial of service (DDoS) attacks, phishing campaigns and spread spam.

The data certainly indicated that Russia is either awash with hacker groups or has a swathe of compromised infrastructure ripe for use by black hat hackers.

Treading the threat landscape

F-Secure’s data also indicated other cyber security trends, notably that most cyber attacks are performed with basic, script-based techniques made against poorly maintained IT infrastructure, indicating that cyber security in many companies is still lacklustre despite the myriad of anti-virus products on offer and threat detection system that tap into the power of artificial intelligence (AI).

“Today’s threats can outsmart old one-dimensional security approaches, regardless of how strong everyone thinks they are. Phishing, lists of pre-compromised accounts and networks sold online, and other resources make breaching a government organisation or Fortune 500 company within reach of a lot of different attackers,” said F-Secure security advisor Sean Sullivan.

“We’re in a post-malware world because the threat landscape has industrialised and cyber criminals aren’t only relying on the most common types of malware to make money.”

Another major security risk factor is the use of outdated Android devices being the cause of mobile malware continuing to pose risks. Indonesia has the largest proportion of old Android devices in use, while Norway has the fewest; this is likely down to the disparity of wealth between the citizens of the two nations.

Like many other threat reports from security companies based on data taken from across 2016, F-Secure’s report continues the trend of seeing ransomware grow, with it reporting 197 new ransomware families were discovered last year compared to 44 in 2015.

Despite the activities of the Lazarus hacker group, F-Secure reported that the use of exploit kits was on the decline, so much so that the firm’s researchers predict that no new exploit kit will debut this year, though the kits will be used to target JavaScript as Adobe Flash becomes increasingly marginalised by web browsers.

The trends in F-Secure’s threat data and that of other security firms all indicate that cyber security is becoming ever more complex and for companies to protect themselves and mitigate data breaches, they need to carefully consider threat assessment, penetration testing, the way they handle breach detection and how to respond to a cyber attack.

Quiz: Test your knowledge of cyber security in 2016!