The U.S. was on the receiving end of more internet attacks than any other country, with Russia at the top of the list, according to a new report.
The U.S. was hit by 11 million attacks, a report from Helsinki-based F-Secure says. France was a distant second with 6.4 million, according to the cybersecurity firm, whose report covered the first half of 2018.
Russia led the list of countries attacking the U.S., with 8 million attacks coming from the Vladimir Putin-led country.
That said, the volume is much lower than the second half of last year when there were about 70 million attacks from Russia on the U.S., the cybersecurity firm said.
Traffic peaked in the second of 2017 when there were “strong campaigns” from Russia via so-called SSH, or Secure Shell, protocol.
“Russia’s relative quiet in Q1, however, accounts for a large part of this dropoff,” the cybersecurity firm said in the report.
“One thing that didn’t change is the top adversarial relationship between countries: Russia targeting the U.S.,” F-Secure said in comments that accompanied the report.
Many of those Russian attacks use SSH for remote access by attempting, for example, to log in as an administrator. Russia is the largest source of SSH traffic, the report said.
Overall, Russia led with 27 million SSH attacks worldwide and the U.S. was the largest target overall (including those coming from Russia and other countries), totaling 9 million, F-Secure said.
F-Secure tallied the attacks for the report using a “honeypot,” which are decoy servers set up to attract the interest of attackers by emulating popular services such as SSH, HTTP, and SMB (Server Message Block).
Spam booby-trapped with malicious web addresses and attachments was the number one infection method in the first half of 2018, the report said.
A total of 31 percent of spam email had links to malicious websites, while 23 contained malicious attachments. Most malware attachments were found to be either 7Z, DOC, PDF, XLS, or ZIP.
The other 46 percent of spam was mostly dating scams, “which appear to be making a comeback,” F-secure said.
Why the uptick in Spam? Spam is becoming more sophisticated than before. Strategies include sending email ostensibly from someone the recipient knows and improving grammar and spelling. In particular, “error-free subject lines” are effective, F-Secure said. As any computer user knows, one of the easiest tip-offs to a scam is bad grammar.
Another reason for Spam attacks: other tactics aren’t working. For example, antivirus software is beating back commoditized malware threats more effectively.
Meanwhile, the top banking threat during the first half of the year was Trickbot, whose target list includes over 400 banks, including every major bank in Scandinavia as well as major banks in the U.S. and Europe.
“Known to use EternalBlue to infect unpatched Windows systems, it then uses Mimikatz to grab credentials to spread to patched systems,” F-Secure said.