Threat Intelligence Briefing

Global threat volume increased by 15.4% compared to the previous period, reaching 3,557 events, which is a significant deviation above the 7-day average. This surge is primarily driven by SSH brute force attacks originating from a concentrated set of IPs in Vietnam (<a href="https://ip.wayscloud.services/country-intelligence/VN" target="_blank">VN</a>), Bulgaria (<a href="https://ip.wayscloud.services/country-intelligence/BG" target="_blank">BG</a>), and the UK (<a href="https://ip.wayscloud.services/country-intelligence/GB" target="_blank">GB</a>). Nordic activity remains stable and low; Sweden saw 13 events across various categories, consistent with its baseline, while Norway and Finland registered minimal activity. The pattern suggests a coordinated campaign rather than random noise, focusing on credential access. Focus defensive actions on the identified ASN clusters from these source countries. Implement temporary rate-limiting rules for SSH traffic originating from VN, BG, and specific UK/GB CIDR ranges associated with the top attacking IPs. This activity is ephemeral; do not prioritize individual IPs for long-term blocking.