F5 Labs, in conjunction with our partner Baffin Bay Networks, researched attacks by geographic region to get a better understanding of the threat landscape region to region. We sought to understand if the global attack landscape was consistent, or if it differed region to region, and to identify consistencies in attacking networks, IPs, and targeted ports. In this research series we looked at attacks over the same 90-day period in Europe, the United States, Canada, and Australia. The United States and Canada were originally slated to be combined to a “North American” view, however because Canada’s attack profile is similar to Europe and Australia, we separated the countries.
This article covers attack traffic destined for Canadian IP addresses from December 1, 2018 through March 1, 2019, and explores how it compares to the other regions.
- European countries were the primary source of attack traffic against Canadian systems
- OVH SAS from France launched 5.5 times more attacks against systems in Canada than Netherlands-based Host Palace Web Solutions, which was in second place.
- Four of the top 5 IP addresses targeting Canadian systems are from OVH SAS’s network.
- The top attacked port was SIP 5060, followed by Microsoft SMB, and then HTTP port 80. SIP was targeted 8.3 times more than Microsoft SMB.
Top Attacking Countries
Canadian systems receive attacks from systems all over the world, however 6 of the top 10 attacking countries between December 1, 2018 and March 1, 2019 were European. European systems have a similar threat profile such that they receive a high rate of attacks from European countries.
The Netherlands was the top source traffic country launching attacks against systems in Canada from Dec 1, 2018 through March 1, 2019, followed by the United States and then France, Germany, and Italy to round out the top 5 attacking countries.