A large increase in hacker activity was detected by HACKNET in the early morning of December 17th. The volume of hacker movement, which had remained stable in recent months, had a sudden increase – reaching a growth of around 50% within an hour.
"There were about 22,000 IP addresses engaging in some sort of recent hacking activity, and within 1 hour that number surpassed 33,000."
There was a very intense detection of suspicious traffic coming from big companies – like Microsoft.
How did the increase in hacker activity occur?
The detection of hacker movement growth was accomplished through the increase in the amount of IP addresses detected by HACKNET with some kind of recent hacker activity.
Afterwards, the information was analyzed by HACKNET's specialized security team and an emergence of many new IP addresses that, until then, had not been detected with hacker activity was identified.
IP address blocks owned by large organizations
The great movement of hacking activities originated from blocks of IP addresses belonging to several companies, among which the following stand out: Alibaba, Microsoft, Google LLC, AT&T and the hosting provider CloudRadium L.L.C.
But the main highlights were due to two Clouds: DigitalOcean and, above all, Linode – with thousands of addresses detected with some type of hacker activity.
What explains the increase in hacker activity?
The increase in hacking activity could have occurred for different reasons. See the main explanations for phenomena like this:
New address blocks under the domain of hacker groups, which may be being used to carry out cyber crimes;
Company equipments being compromised and used for hacking activity;
Propagation (successful infection) of a new virus or malware on various devices around the world. In these situations, these equipments become a kind of robots in the service of cybercriminals.
How was the detection done?
The increase in hacking activity occurred in the early morning hours of December 17th and was detected in customer networks using HACKNET as part of their line of defense against cyber attacks. Several exploit attempts were identified coming from thousands of IPs of these new blocks.
For this, HACKNET technology was used, which is an artificial neural network project aimed at cybersecurity that collects, analyzes and catalogs information about hacker activities recently detected in different parts of the planet.
This information helps in identifying pattern changes in hacking activity and new services that are being targeted by these criminals. From there, security analysts can make adjustments and take greater care with new targets that are being searched on the internet.
In addition, a summary of hacking activities is made available daily on the HACKNET website – including the services most sought after by hackers, the countries that generated the most hacking activity and the points where these activities were detected.
Do you want to increase cybersecurity and stay up to date on hacking activities?
Then follow the informations from HACKNET.
Comments