A new study from biz broadband ISP Beaming has claimed that businesses in the UK were “attacked online” some 281,094 times each by cyber criminals during 2018 (up 23% year-on-year) via 1.3 million unique IP addresses. Most of those attempts originated from China, Brazil and Russia.
According to the provider, the most common target for such attacks last year were Internet of Things (IoT) applications such as building control systems and networked security cameras (i.e. remote control services), which on average were subjected to 489 attacks a day during the final quarter of 2018.
Meanwhile the second most targeted batch of applications were file sharing services (277 attacks a day) and databases (120 attacks a day). After that the list includes web sites / services, remote desktop systems and VoIP.
Advertisement
Many of these attacks originated in China, Brazil and Russia, although the USA also plays host to quite a lot of the activity.
Sonia Blizzard, MD of Beaming, said:
“As an ISP, we can see what is happening on the internet and take steps to help customers protect themselves and those they do business with. We’ve seen a huge surge in criminal activity online in the final months of 2018. UK businesses were attacked at least once every two minutes last year, making it the worst year on record for cyber attacks.
While there is plenty that we can do at a network level to minimise the threat of online attacks, businesses need to take cyber security seriously and put in place multiple layers of protection to ensure they don’t expose their people, assets, customers and businesses partners to undue risk.”
At this point we did go looking for the methodology behind Beaming’s analysis and were unable to find any firm indication of how they arrived at such results (i.e. take with a pinch of salt). As such it’s unclear whether or not the ISP has made any effort to distinguish between general automated scans / probes / email spam etc. and more targeted attacks (DDoS etc.).
Advertisement
This is important because on any given day it’s almost inevitable that an internet connection will at some point find itself being port scanned or otherwise checked for vulnerabilities (often via vast automated botnets of hijacked computers), which usually lasts only a moment and may occur multiple times in a day. The actual attacks usually follow later, or sometimes immediately, if the scan(s) uncover a potential weakness.
However anybody running up-to-date software, good anti-virus/spam and a decent firewall system will usually be able to fend off all but the most sophisticated assaults against their services. This is as true for home users as it is in the office environment, although businesses naturally have to be even more cautious.
However the data was gathered the potential threat is present particularly in this plug-in and use era. Its bad enough in the domestic market but worryingly it is business as well.
I have never quite understood why Internet service cannot be provided by Country or Continent. That is to say by control I could determine (like layers of an onion) that I only want access to and from certain countries, ie creating a virtual UK Intranet.
I appreciate they could use a VPN service or other techniques but presumably these too could be identified and isolated with all hard and virtual servers formerly registered.
Whilst we should all use appropriate precautions surely with the potential increase of illicit use then both UK infrastructure, businesses and consumers that are UK centric would benefit from such protection allowing non-UK access only if required so that such attacks would be either more difficult or limited and if perpetrated within the UK would be covered by UK law.
Those sort of steps are technically difficult – moving target – but fundamentally break the internet in rather undesirable ways.
The bigger issue is that most SMEs and even most larger companies have such poor defences (both human and technological) ISP should be making more efforts for home users to try to protect them.
(As a funny aside Russia is planning a test where it disconnects itself from the internet ‘to protect it from foreign aggression’ obviously – whatch those hack attempts on worldwide servers plummet briefly!