F5 Labs, in conjunction with our partner Baffin Bay Networks, set out to research the global attack landscape to get a better understanding of the threat landscape across multiple regions, identify consistencies in attackers and targeted ports, and discover what was unique in each region. In this research series we look at attacks over the same 90-day period in Europe, the United States, Canada, and Australia. This article covers attack traffic destined for European IP addresses from December 1, 2018 through March 1, 2019, and how it compares to the other regions.
- The majority of attacks against Europe came from IP addresses in the Netherlands, followed by the United States, China, Russia, and France (in that order).
- The networks of the top attacking IP addresses were used to target destinations all over the globe. However, the IP addresses used in the attacks against European destinations were not seen attacking other regions in the same period.
- The top attacked ports were 5060 for SIP, 445 for Microsoft Server Message Block (SMB), and 2222 for non-standard SSH access—very similar to what we saw in Australia and Canada.
- Europe received more attacks from within its own geographic region than any other region.
Top Attacking Countries
Systems deployed in Europe are targeted by IPs all over the world. Looking at the source countries of attacks by region on a global heatmap, the source countries of European attacks are very similar to source countries of attacks against Australia and Canada. The US receives far fewer attacks from European IPs than Europe, Canada, or Australia does.
The Netherlands was the top source traffic country of attacks against European systems from Dec 1, 2018 through March 1, 2019. IPs in the Netherlands launched 1.5 times more attacks against European systems than IPs in the US or China, and 6 times more attacks than IPs in Indonesia in the tenth position.