F5 Labs in collaboration with Effluxio researches global attack traffic to gain a better understanding of cyberthreat landscape. In this episode of regional threat analysis, F5 Labs researchers break down the data collected by our sensors on attacks targeting India from October 1 through December 31, 2020. Cyberattacks happen in many forms, but it usually starts with a scan. The insights in this report is an analysis of network logs and does not necessarily indicate a malicious intent from source country or organization.

Highlights

• The network sensors collected 126 million malicious requests in a time period of 90 days.
• The number one source country of malicious traffic origin was the UK.
• Port 5900, used by Virtual Network Computing/VNC for remote desktop sharing and control, was scanned the most.
• Web hosting provider SERVERIUS-AS (AS50673) lead the attack chart with over 25 million requests.

Details on Attack Traffic

Analysis on the traffic yields significant insights into the source as well as the intended services that malicious actors want to abuse. The section covers top 10 in categories like traffic source countries, organizations, services, and IP addresses.

Top Source Traffic Countries

Analyzing the geographical source of the IP addresses, the major source for the malicious request, listed in order, were the UK, US, Germany, Russia, China, Netherlands, France, India, Poland, and Brazil (see Figure 1).