Posted on Mar 20th, 2013 by Reuven Harrison

Deutsche Telekom's new and interactive real-time map of global cyber attacks is significant because the bulk of attacks (27.3m last month) identified by the Sicherheitstacho service were against the Server Message Block (SMB) - aka the Common Internet File System (CIFS). This attack vector operates across an application-layer network protocol that is mainly used for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network.

With over 226 million SMB attacks tracked last month - compared to 800,000-plus against the NetBIOS services, 680,000-plus on port 33434 and 600,000-plus against SSH - this highlights the fact that businesses - and high-end consumers - are losing control over their network resources - including their firewalls.

The results of this real-time and rolling analysis from Deutsche Telekom - which takes in data from almost 100 honeypot-style sensors around the world - confirms the findings of our annual Firewall Management Survey, details of which were released late last month, and which found that half of businesses audit their firewalls just once a year and, and 15% never audit their firewalls at all.

The problem with controlling the firewall in many organizations - and why SMB/CIFS attacks make it through - is that modern firewalls need to be regularly updated to cope with configuration changes, with 70% of the 200 respondents to Tufin's annual survey reporting application service disruptions up to 20 times a year due to configuration changes.

We found that 93.6% of all firewall change requests are application-related, this confirms our observation that the function of firewalls has evolved to include secure application connectivity - in addition to their traditional role of perimeter security. The problem highlighted by Deutsche Telekom's new cyber attack service - is that cybercriminals are clearly exploiting the loopholes that arise as a result of these changes.

You can see Deutsche Telecom's interactive map here

Read the Annual Firewall Management Survey