Forget China, Brazil, North Korea, Iran – when it comes to EU states under cyberattack, their biggest enemy is – The Netherlands.
Yep, the land of tulips, windmills and Van Persie has seen more attacks launched at European IP addresses than US, China, Russia, France, Iran, Vietnam, Canada, India and Indonesia. According to new analysis by F5 Labs, the Netherlands launched 1,5 times more attacks against European systems than US and China combined, and six times more than Indonesia.
The largest number of attacks came from HostPalace Web Solutions (from The Netherlands), followed by Online SAS (France), and NForce Entertainment, also from The Netherlands. All three are web hosting providers, which F5 Labs regularly lists as a top threat actor.
Most ASNs are either ISPs or hosting providers. They usually attack port 5060, used by the Session Initiation Protocol (SIP) service, for VoIP connectivity. If not that, then they attack Microsoft Server Message Block (SMB) ports 445 and 2222.
“Network administrators and security engineers should review network logs for any connections to the top attacking IPs. If you are experiencing attacks from any of these top IP addresses, you should submit abuse complaints to the owners of the ASNs and ISPs, so they hopefully shut down the attacking systems,” said Sara Boddy, Threat Research Director, F5 Labs.
“When it comes to IP blocking, it can get tricky maintaining large IP blocklists, as well as blocking IP addresses within ISPs that offer internet service to residences that might be customers. In these cases, the attacking system is likely to be an infected IoT device that the resident doesn’t know is infected, and it likely won’t get cleaned up,” added Boddy.
Image Credit: Denzel / Pixabay