News
CrowdSec’s New Cybersecurity Majority Report Highlights the Rise of IPv6 in Cybercriminal Activities
August 2023 by CrowdSec
CrowdSec released its Q2 2023 Majority Report, a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities. The CrowdSec Majority Report consolidates valuable insights from CrowdSec’s open source network, providing data on some of the top emerging cybersecurity threats and trends worldwide, details from which CrowdSec will be discussing while at Black Hat USA 2023.
The CrowdSec Majority Report leverages the strength of CrowdSec’s extensive user base, comprising individuals, organizations, and cybersecurity experts dedicated to fortifying their defenses against emerging threats. By harnessing the insights collected by this community, the CrowdSec Majority Report shows that:
• IPv6 represents 20% of reported malicious IPs. With such rapid high adoption, it was inevitable that IPv6 eventually started registering on cybersecurity radars. For October 2022–June 2023, the CrowdSec network detected increased new threats linked to IPv6 addresses.
• Only 5% of reported IPs are flagged as VPN or proxy users. VPN’s rise to popularity over the past few years sounded the alarm for many organizations. However, contrary to popular belief, data collected by the CrowdSec network indicates that VPNs and proxies play a far less significant role in cybercriminal activities.
• The number of compromised assets is not the most accurate method of evaluating an Autonomous System (AS). The size of operators varies greatly, creating a discrepancy when comparing big operators to small. Though big operators inevitably receive a greater number of reports related to malicious IPs, smaller operators with fewer affiliated IPs — therefore receiving fewer reports — may be hosting riskier services.
• Malevolent Duration (MD) is a more accurate metric for evaluating AS. This refers to the number of days for which users report a malicious IP to the operator. The average MD of all the IPs in the same AS indicates the operator’s due diligence when it comes to identifying and dealing with compromised assets.
• Third-party reports of infected machines play a significant role. The ability to quickly deal with infected machines reported by third parties within a network, as well as proactively identifying infected machines based on behavioral patterns, significantly impacts how long a machine stays infected.
• Low MD translates to a lower risk for a business to inherit a machine that has been flagged as malevolent. By extension, this also minimizes the risk of a legitimate business asset being preemptively blocked by partners, prospects, or potential customers.
The CrowdSec Majority Report serves as an example of the valuable insights that the CrowdSec community is able to provide in an ever-changing threat landscape. The continuous input from the CrowdSec community enables rapid detection and response to emerging threats, providing users with a proactive defense against cyber attacks. By pooling together their collective knowledge, CrowdSec users protect one another, establishing a united front against malicious actors.
“The Majority Report serves as a testimony to the power of crowdsourced data” said Philippe Humeau, CrowdSec CEO and co-founder. “We created this report to provide the industry with much-needed threat intelligence in detecting malicious behavior and preventing imminent cyberattacks. In the Majority Report, you will find evidence of the effectiveness of the CrowdSec network in spotting and blocking malicious IPs before they get a chance to breach your system.”
