Note: this summary is based on the last 12 months of data.
.png&w=1200&q=75)
26 million attacks per day
Together, the CrowdSec Community blocked 26 million attacks from 1.5 million unique attackers per day.
Supreme Leader Debian
Same as last year, a majority of our users are hosting their services on Debian , but docker-based systems beat them in growth this year, in part due to CrowdSec getting integrated with other products such as Pangolin (who have great devs, show them some love!).
Attacking us? Attacking US!
When it comes to the origin of attackers, big countries continue to dominate. Of the currently active Attackers, leader of the pack is the US with 4.8 million unique malicious IPs, followed by Brasil with 2.5 million attackers and India with 1.2 million. This year we saw significantly more activity from south america, in part due to increasing CrowdSec use in the area.
The year of the TelCo
When it comes to Autonomous Systems, this year we saw a lot more activity coming from ISPs than from hosters. While previously 80% of our top 10 AS were hosters, now 70% are Internet Service Providers. A big part of this is public hosters like Hetzner significantly stepping up their enforcement game. Hats off to them.
.png&w=1200&q=75)
HTTP remains King
Last year was the first time that we prevented more HTTP attacks than SSH attacks. This year the trend intesified even more. Around 70% of the attacks detected by the CrowdSec Community are HTTP-based.
Old routers are a favourite
We focused a lot more on CVE detection this year. With our new CVE Explorer we also made this work public for the first time. Our top reported CVE this year was CVE-2024-12847 a decade old router vulnerability that finally got classified last year. If you want to see who else is in our top 5, feel free to check out our CVE Explorer tool at https://app.crowdsec.net/cti/cve-explorer?filter=most-exploited
Working parser ahhh moment
With version 1.7 of the Security Engine, we released the Parser metrics to help our users debug issues with their configuration. Among the 23'000 organizations that have already enabled this, parsers read 320 billion lines of logs . Thats already around 4 million copies of the bible.
Talk is cheap, send patches!
Together with our open source community we received around 800 contributions to the Security Engine. In addition to this, 44 people contributed their scenarios and parsers to our Hub, helping us improve the protection for the whole CrowdSec Network. Whether its raising issues or contributing code, we thank you very much for your help!
Growing Stronger
Our herd also grew at a consistent rate this year, leading to a 65% increase in connected Security Engines. Thanks to the efforts of our FOSS team in making debugging and onboarding simpler, the number of Security Engines who are actively sending alerts grew by 85% , a significantly higher rate.
