28 June 2014

Online Maps Show Cyber Attacks in Realtime

Privacy and Security Fanatic (Ms. Smith)
June 25, 2014
Spellbound by maps tracking hack attacks and cyber threats in real-time
NORSE ‘DARK INTELLIGENCE’ HAS A ‘LIVE’ MAP OF GLOBAL CYBER ATTACKS AND KASPERSKY LAB HAS AN INTERACTIVE CYBER THREAT MAP, BOTH UPDATE IN REAL-TIME. CAREFUL NOT TO GET SUCKED IN AS THE AMAZINGLY HYPNOTIC MAPS ARE SERIOUS TIME EATERS.

If you’ve ever been entranced by maps showing data in real-time, such as alightning strike map, then it’s likely a global map with “live” cyber attacks might hold you spellbound too.

Although the attacks seem like they are being launched from China, that is not necessarily true as attackers are good at masking their real location. Just the same, in this little snapshot of “live” activity, Norse’s cyber attack map showsChina launching massive attacks on the USA. As far as attack origins go, the U.S. is plenty active too; in fact the top five attack countries are China, followed by the U.S., Bulgaria, Netherlands, and Other Country – wait, what?

According to Norse, a “dark intelligence” and security solution company, “Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries.” As cool as the attack map is, what you see is only a “small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks (services-ports).”

The live cyber attack map is not showing anything at the time of publication, perhaps overwhelmed by traffic from NBC and Asian news coverage, but Heather Timmons for Quartz captured the screenshot below. (Update: Norse map is up again)

It shows attack origin country, the attack target country, and details about the attacks such as organization, location and target. The “live” shot of attack types and ports for the exact second the map was captured show 482 SSH attacks, 98 telnet, 34 HTTP, 34 DNS, 31 NetBIOS Name Spoofing, 27 NetBIOS Datagram distribution service, 25 Microsoft-DS file sharing, and 22 CrazzyNet.

If you are interested in viewing attacks in real-time on something other thanthousands of honeypots, then Kaspersky’s interactive cyber threat map might fit the bill.
Kaspersky Lab has over 60 million users and detects more than 300,000 malicious objects every day. Its cyber threat map shows threats detected in real-time “with various diagnostic tools, including On-Access Scan, On-Demand Scan, Web and Mail Anti-Viruses, as well as the Vulnerability Scan and Intrusion Detection System.”
According to Kaspersky Security Network, currently the most infected countries are Russia, India, Vietnam, United States and Germany.

Hacked and cyber incidents in the US

In 2013, the feds “notified more than 3,000 U.S. companies” that “their computer systems had been hacked.” The Washington Post reported, “About 2,000 of the notifications were made in person or by phone by the FBI, which has 1,000 people dedicated to cybersecurity investigations among 56 field offices and its headquarters.”

A recent report from the U.S. Government Accountability Office cited the number of cyber incidents reported by all federal agencies in fiscal year 2013 as 46,160; that’s up from 34,840 cyber incidents reported in 2012. The GAO found that “24 major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents.” In fact, in about 49% of incidents, the GAO foundthat “agencies could not establish that they had taken steps to prevent such incidents from happening again.”

No comments: