CrowdSec is a proud participant in the Microsoft Copilot for Security Partner Private Preview
Read more
crowdsec majority report q2 2023

Announcing the Q2 2023 CrowdSec Majority Report

Explore cyber threats worldwide, including the rise of IPv6, VPN's role in cybercriminal activities, and more!

We are thrilled to announce the release of the CrowdSec Majority Report for Q2 2023!

Conceived about a year ago, the Majority Report is a project very close to the hearts of the CrowdSec team. Inspired by the 2002 film, Minority Report, we created the Majority Report to showcase the power of crowdsourced data in detecting malicious behavior and preventing imminent cyberattacks. 

In this quarter’s report, we are exploring global cyber threats, busting the myth of VPN’s popularity in cybercriminal activities, and showing you the most accurate method of evaluating Autonomous Systems (AS).

Let’s take a look at a few highlights from the Q2 2023 Majority Report.

CrowdSec Majority Report

Discover Key Insights on Emerging Cyberthreats

Download Report

IPv6 represents 20% of reported malicious IPs 

Given its high rate of adoption, it comes as no surprise that IPv6 presence in cybercriminal activities has been rising as well. For October 2022–June 2023, the CrowdSec network detected increased new threats linked to IPv6 addresses, effectively accounting for 20% of all malicious IPs. 

Source: CrowdSec Majority Report Q2 2023

Busting the myth of VPN in cybercriminal activities 

VPN’s increased popularity over the past few years definitely got a lot of organizations worried as, according to popular belief, VPNs offer a convenient means of concealment for cybercriminals. 

However, contrary to said belief, the CrowdSec data indicates that VPNs and proxies play a far less significant role in cybercriminal activities with only 5% of all reported malicious IPs being flagged as VPN or proxy.

The importance of the Malevolent Duration metric

Did you ever think that the number of compromised assets is not the most accurate method of evaluating an AS? While larger operators naturally receive a higher number of reports concerning malicious IPs, smaller operators, with fewer affiliated IPs and as a result receiving fewer reports, may be hosting riskier services.

The Malevolent Duration (MD) metric represents the duration in days that users report a malicious IP to the operator. The average MD of all IPs within the same AS reflects the operator's level of diligence in identifying and addressing compromised assets.

Source: CrowdSec Majority Report Q2 2023

Evaluating AS based on the MD metric can be a catalyst in adopting a proactive cybersecurity approach — as recently dictated by the latest European Regulation on Network and Information Security (NIS2). A lower MD score means that a business faces reduced risk in acquiring a machine flagged as malicious. Consequently, this also decreases the likelihood of legitimate business assets being preemptively blocked by partners, prospects, or potential customers.

Download the CrowdSec Majority Report today to read the full analysis.

CrowdSec Majority Report

Discover Key Insights on Emerging Cyberthreats

Download Report
No items found.