A map of cyberattacks on Poland

The F-Secure company presents data on cyber attacks in Poland between October 2016 and March 2017. The information was obtained thanks to the proprietary network of Honeypots, or servers that pretend to be an easy target and are a lure for cybercriminals. Hackers attack them and thanks to that it is possible to obtain valuable data and develop further methods to combat cyber threats.

Cyberattacks in Poland are most often from Russia - 65,493 attacks a day.

Russia is leading as a source of attacks globally, it is connected with the intense activity of criminals located in this country (eg selling bot networks or organizing ransomware campaigns), but also with poor security and monitoring of the internet infrastructure there - says Leszek Tasiemski, leader of the special CSS from F-Secure.

The second place, when it comes to suspicious network traffic directed towards Poland, are IP addresses belonging to Germany with an average number of 13,390 attempts per day.

Germany's leading position may be due to geographical proximity to Poland. It can be pure optimization, where targets in low latency networks are scanned.

The Netherlands is also high on the list. Again, not only in relation to the goals in Poland, but also globally. In this case, the suspicion falls on poorly secured server rooms (data centers), which are used for attacks carried out by criminals from other countries - in 2016 they were mainly attacks on the US.

On the Internet, geography is a very fluid and fleeting thing. We must remember that what we see as the source is the last "stop" that the attacker used, which is not synonymous with the physical position of the attacker. It is possible that a hacker from Poland uses a server in Russia to attack a target in Brazil - explains Tasiemski.

Thanks to the Honeypot network, it was also possible to create a map showing the most frequent occurrences of attacks in our country.

If we look at the map of the targets of attacks, it is not surprising that the largest accumulation in the case of Warsaw, Krakow or the Katowice Agglomeration. Simply put, the more users, the more attacked devices. In addition, the largest cities have headquarters (and Internet nodes) of Internet service providers (ISPs), which further intensifies network traffic in these places - says Leszek Tasiemski.

The attacks identified by the F-Secure network are:

- reckon, which is an automated activity consisting of scanning the network and detecting unsecured devices to be infected (all platforms, more and more devices from the category of Internet of Things - IoT);

- creating botnets, using exploits of kits (Linux as a platform), such ready botnets are later rented for further activity, such as DDoS attacks, sending spam or acquiring Bitcoin currency;

- attempts to infect malware (Windows platform), it is mainly ransomware (software that encrypts data for ransom) and adware (software that serves more advertisements, often of an offensive nature - eg erotic).

Infographics show the so-called non-targeted attacks. In order to get information on what specific places are attacked, it would be necessary to cooperate with individual institutions in order to install honeypots in their networks.


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.