Announcing the Q2 2023 CrowdSec Majority Report

IPv6 represents 20% of reported malicious IPs 

Given its high rate of adoption, it comes as no surprise that IPv6 presence in cybercriminal activities has been rising as well. For October 2022–June 2023, the CrowdSec network detected increased new threats linked to IPv6 addresses, effectively accounting for 20% of all malicious IPs. 

‍

Busting the myth of VPN in cybercriminal activities 

VPN’s increased popularity over the past few years definitely got a lot of organizations worried as, according to popular belief, VPNs offer a convenient means of concealment for cybercriminals. 

However, contrary to said belief, the CrowdSec data indicates that VPNs and proxies play a far less significant role in cybercriminal activities with only 5% of all reported malicious IPs being flagged as VPN or proxy.

The importance of the Malevolent Duration metric

Did you ever think that the number of compromised assets is not the most accurate method of evaluating an AS? While larger operators naturally receive a higher number of reports concerning malicious IPs, smaller operators, with fewer affiliated IPs and as a result receiving fewer reports, may be hosting riskier services.

The Malevolent Duration (MD) metric represents the duration in days that users report a malicious IP to the operator. The average MD of all IPs within the same AS reflects the operator's level of diligence in identifying and addressing compromised assets.

Evaluating AS based on the MD metric can be a catalyst in adopting a proactive cybersecurity approach — as recently dictated by the latest European Regulation on Network and Information Security (NIS2). A lower MD score means that a business faces reduced risk in acquiring a machine flagged as malicious. Consequently, this also decreases the likelihood of legitimate business assets being preemptively blocked by partners, prospects, or potential customers.

‍

Download the CrowdSec Majority Report today to read the full analysis.