Why has the total number of attacks reported by FireHost dropped from more than 17,000,000 in Q3 2013 to less than 9,000,000 in Q4 2013? FireHost claims this is at least partly to do with it’s IP reputation management filtering service that is creating a “black hole” effect in which would-be hackers don’t even attempt attacks on FireHost’s servers.
IP reputation filtering intercepts web traffic from blacklisted IPs at the perimeter, stopping malicious traffic coming from malevolent networks and botnets with suspicious IP addresses. These attackers find they aren’t able to connect to the protected networks, without reason or response, causing them to go elsewhere. Eventually, attackers consider these areas of the Internet veritable “black holes” that they avoid.
“If an automated attack detects a dead address, it’s unlikely to probe it any further,” FireHost CEO Chris Drake said in a statement. “It will simply move on to another, a new vulnerable target, and launch the same attack there.”
According to FireHost’s quarterly “Superfecta” report that analyzes blocked attacks, the total number of attacks filtered by FireHost’s IPRM was nearly cut in half, largely due to the black hole effect. As a result, web applications which are exposed to less attack traffic have improved memory and processor efficiency, and there is less network traffic load overall.
The report also found that attackers continue to use relatively old attack methods, like the ones used in the recent data breaches of SnapChat and Target. This means that while some networks are benefitting from being invisible to cybercriminals, others could benefit from applying new security measures.