After publishing our previous infrastructure outline last year, we decided to complement this edition with general statistics. The numbers are meant to illustrate the scale of login brute force attacks on our infrastructure we have experienced in recent months.
Considering the time frame starting from last December until the publishing of this outline, we had blocked over 95 million brute force requests targeted at our servers.
The distribution of the login brute forces we had to deal with by month is the following:
- We blocked 60 million unauthorized access requests
- There were 7.5 million login attempts made
- Over 2.5 million unique IP addresses tried to log in to our servers
- On average, we experienced 183 login attempts per minute
- On average, every minute we blocked 1880 logins
December attack distribution by countries:
- Malaysia: 28%
- Vietnam: 27%
- Russia: 18%
- United States: 15%
In January (to this day):
- We have blocked 35 million unauthorized access requests
- There have been 3.2 million login attempts made
- Over 1.5 million unique IP addresses have tried to log in to our servers
- On average, we experience 152 login attempts per minute
- On average, every minute we block 2150 logins
January attack distribution by countries:
- Malaysia: 26%
- Vietnam: 26%
- United States: 17%
- Indonesia: 16%
The trend of infrastructure statistics collected halfway through January indicates that the scale of login brute force attacks is increasing. Knowing this, we have been anticipating the global pattern and work on continually upgrading our network security and capabilities.
Most recent infrastructure-related milestones:
- 2FA for our vendors
Following the best cybersecurity practices, we enabled two-factor authentication (2FA) mechanisms on all our vendor websites and control panels.
- 2FA for our users
In January, we became one of the very few VPN providers to launch a 2FA solution for our users. This has added a new layer of protection for everyone who opted in. This solution is also helping us to prevent possible account exploitation by unauthorized resellers and minimize the risks of potential brute force attacks on our user base.
- Disabled or secured IPMI access
We have performed internal security due diligence and disabled or secured all instances of Intelligent Platform Management Interface (IPMI) access to our VPN servers where such access was identified.
- Proactive safety maintenance
An intrusion detection system (IDS), which we implemented on all our VPN infra servers last year, helped us to identify an unauthorized access one of our decommissioned servers in January 2020. This did not compromise our user security as the affected server had already been isolated from our production network for elimination. We destroyed the server after the internal due diligence. Also, the IDC solution helped us identify that one of our hosts had its firewall disabled, so we were able to act on the issues immediately.
- POC of Teleport
To even further the risk of unauthorized access to our servers, we implemented the POC of Gravitational Teleport gateway. It will help us manage role-based access control to clusters of our Linux servers.
- Disk encryption project
We continue to ensure our network protection by adding additional layers of security on all our infrastructure. For this, we started working on a new server disk encryption project to eliminate even a mere possibility of security compromise by unauthorized server access.
Our core premise is securing people’s digital lives by humanizing privacy protection. We believe that sincerity and transparency are the critical factors in delivering on this. That is why we were one of the first VPN providers to undergo an independent security audit in 2018.
The third-party audit was done by an independent German cybersecurity company Cure53, and its results were published publicly.
We performed the audit not only to check our technological practices but also to set a benchmark of openness to the whole privacy protection industry. Among other things, we will continue carrying out such audits in the future.