News Alert: CrowdSec report highlights the rise of IPv6 in cyber criminal activities

Paris, France, July 27, 2023 – CrowdSec, the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report, a comprehensive community-driven data report fueled by the collective efforts of its thousands of users.

Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.  The CrowdSec Majority Report consolidates valuable insights from CrowdSec’s open source network, providing data on some of the top emerging cybersecurity threats and trends worldwide, details from which CrowdSec will be discussing while at Black Hat USA 2023.

The CrowdSec Majority Report leverages the strength of CrowdSec’s extensive user base, comprising individuals, organizations, and cybersecurity experts dedicated to fortifying their defenses against emerging threats. By harnessing the insights collected by this community, the CrowdSec Majority Report shows that:

•IPv6 represents 20% of reported malicious IPs. With such rapid high adoption, it was inevitable that IPv6 eventually started registering on cybersecurity radars. For October 2022–June 2023, the CrowdSec network detected increased new threats linked to IPv6 addresses.

•Only 5% of reported IPs are flagged as VPN or proxy users. VPN’s rise to popularity over the past few years sounded the alarm for many organizations. However, contrary to popular belief, data collected by the CrowdSec network indicates that VPNs and proxies play a far less significant role in cybercriminal activities.

•The number of compromised assets is not the most accurate method of evaluating an Autonomous System (AS). The size of operators varies greatly, creating a discrepancy when comparing big operators to small. Though big operators inevitably receive a greater number of reports related to malicious IPs, smaller operators with fewer affiliated IPs — therefore receiving fewer reports — may be hosting riskier services.

•Malevolent Duration (MD) is a more accurate metric for evaluating AS.  This refers to the number of days for which users report a malicious IP to the operator. The average MD of all the IPs in the same AS indicates the operator’s due diligence when it comes to identifying and dealing with compromised assets.

•Third-party reports of infected machines play a significant role. The ability to quickly deal with infected machines reported by third parties within a network, as well as proactively identifying infected machines based on behavioral patterns, significantly impacts how long a machine stays infected.

•Low MD translates to a lower risk for a business to inherit a machine that has been flagged as malevolent. By extension, this also minimizes the risk of a legitimate business asset being preemptively blocked by partners, prospects, or potential customers.

The CrowdSec Majority Report serves as an example of the valuable insights that the CrowdSec community is able to provide in an ever-changing threat landscape. The continuous input from the CrowdSec community enables rapid detection and response to emerging threats, providing users with a proactive defense against cyber attacks. By pooling together their collective knowledge, CrowdSec users protect one another, establishing a united front against malicious actors.


“The Majority Report serves as a testimony to the power of crowdsourced data” said Philippe Humeau, CrowdSec CEO and co-founder. “We created this report to provide the industry with much-needed threat intelligence in detecting malicious behavior and preventing imminent cyberattacks. In the Majority Report, you will find evidence of the effectiveness of the CrowdSec network in spotting and blocking malicious IPs before they get a chance to breach your system.”

Download the CrowdSec Majority Report here or visit You can also visit CrowdSec at Black Hat USA 2023 at Booth 2850 to learn more about how CrowdSec is shaping the future of proactive and collaborative cybersecurity or join CrowdSec CEO Philippe Humeau at the Omdia Analyst Summit on 8 August, where he will be investigating the Acronym Soup of Cybersecurity.

About CrowdSec: CrowdSec is an open source and collaborative cybersecurity company that provides real-time threat detection and response capabilities. Its unique approach to cybersecurity leverages the power of the community to protect against threats, making it an ideal solution for organizations of all sizes. For more information, please visit

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone