Threat Detection

Quadrimester Analysis - May - August 2022 | Managed Web Hosting

Please note that starting from March 2022 we are changing to a quadrimester report format (every 4 months). The next report is scheduled for publication on January 15th, 2023. This approach will enable us to better identify data patterns and long-term trends.

Click the images below for a larger view:

First Row Left - Based on our traffic analysis for May to August 2022, see the top 10 countries classified as origin of web server attacks.
First Row Right - Geovisualization of web server attacks during the same period, across the 109 countries classified as origin of such attacks.
Second Row Left - Analysis of IP addresses identified as trying to hide their identity, classified in 4 categories - Hosting, Proxy, VPN, and TOR Exit Nodes.
Second Row Right - Cloud service providers classified as origin of web server attacks during the months of May to August 2022. These 6 providers accounted for 24% of the total attacks for the month.
Third Row Left - Geovisualization of web server attacks originating from the Amazon Web Services (AWS), during the months of May to August 2022.
Third Row Right - Geovisualization of web server attacks originating from the Google Cloud Platform (GCP), during the months of May to August 2022.
Fourth Row - Analysis of web server attacks identified as either of a Residential (33%) or Non-Residential origin (67%). We clasify as Non-Residentials those addresses that are identified as Hosting, Business, Government, Schools, and others.

Highlights

  • Overwhelmingly, USA remains the principal source of web server attacks.
  • Most common type of web server attack for this period continues to be Brute-force password guessing.
  • For the first time, Amazon Web Services is dethroned while Microsoft Azure gets the top spot as the principal source of web server attacks across all the major cloud providers.
  • Attacks from Amazon and Google clouds represented 44% of the total number of attacks across all cloud providers. Big drop, when compared to previous period due to the significant increase of attacks coming from Microsoft Azure (48% of total cloud providers).
  • The top ten countries out of 109 classified as origin of web server attacks accounted for 71% of the total attacks for the months of May to August 2022.
  • IP addresses identified as anonymous (trying to hide their identity) accounted for 62% of the total web server attacks.
  • Websites built on the WordPress and Joomla CMS platforms continue to be the most attacked. We estimate that 85% of attacks recorded during this period were directed to these platforms.

Gain the unfair advantage™

Contact us!