EMEA tagged as global hotspot for brute force access attacks: report
New research from F5 Labs shows EMEA enduring almost half of all F5 Labs-monitored attacks
The EMEA region accounted for 43.5% of all brute force attacks logged by F5 Networks’ platforms last year, new research shows. This put EMEA ahead of Canada (41.7%), USA (33.3%) and APAC (9.5%). Half of the attacks took place in the public sector, closely trailed by financial services (47.8%) and the healthcare industry. Education (27.3%) and service providers (25%) were also in the firing line.
Brute force attacks are typically defined as either ten or more successive failed attempts to log in in less than a minute, or 100 or more failed attempts in a 24-hour period.
“Depending on how robust your monitoring capabilities are, brute force attacks can appear innocuous, like a legitimate login with correct username and password,” said Ray Pompon, principal threat research evangelist, F5 Networks. “Attacks of this nature can be hard to spot because, as far as the system is concerned, the attacker appears to be the rightful user.”
The new analysis forms part of the F5 Labs Application Protection Report 2019, which delves into the detail and implications of why most applications are attacked at the access tier, circumventing legitimate processes of authentication and authorisation.
In 2018, the F5 Security Incident Response Team (SIRT) reported that brute force attacks against F5 customers constituted 18% of all attacks and 19% of addressed incidents.
Overall, email is the most targeted service when it comes to brute force attacks. For organisations that do not rely heavily on ecommerce, the most valuable assets are often stored far from the perimeter, behind multiple layers of controls. In this case, email is often a powerful staging ground to steal data and gain access to the tools needed to wreak widespread havoc.
Breach data also pegged email as a primary target; it was involved in the top two subcategories of access breaches, representing 39% of access breaches and 34.6% of all breach causes. Email is directly attributed as a factor in over a third of all breach reports.