BlackFog collected threat statistics on a global basis for 2019. These statistics capture all data exfiltration from devices over a 12 month period for Windows, Mac, Android and iOS.
In 2019 we saw a total of 3.12% of all data exfiltrated through the Dark Web with a high of 6.11% in May. This consists of any connection trying to anonymize traffic using the Onion Router or other anonymization services. This is commonly used when exfiltrating data from user devices.
| Threat | Percentage |
|---|---|
| Dark Web | 3.12 |
| PowerShell | 6.23 |
| Spyware | 2.34 |
| Direct IP | 41.14 |
| Russia | 15.85 |
| China | 2.62 |
PowerShell attacks averaged 6.23% through the year with a high of 10.69% in October. We have seen this fluctuate throughout 2019 and this seems to correlate strongly with the rise in ransomware at various times of the year. It remains a common Fileless technique for obfuscating code and dropping malware onto devices.
Spyware represents any threat that monitors user activity, collects passwords through key loggers, camera activation or forensic analysis. Spyware remained consistent throughout the year with an average of 2.34% across all threat vectors.
Direct IP’s are still being used to conceal the destination of network connections. Even some legitimate services persist in hard coding IP’s directly into their products. This is most commonly used to try and evade DNS registration and the origin of servers. Malware and ransomware rely on this to make connections to pools of servers. It represented 41.14% of all threats detected by BlackFog in 2019.
Exfiltration based on geography saw 15.85% of all data being exfiltrated to Russia. This has been consistent throughout the year and reflects the sheer volume of attacks originating from this geographic region. China represented 2.62% of exfiltrated traffic over the same period. This peaked at 4.58% in Q1 but has otherwise remained stable throughout 2019. This correlates well with the number of espionage indictments by the US government.
Major Threat Vectors
Related Posts
The State of Ransomware 2025
BlackFog's state of ransomware report 2025 measures publicly disclosed and non-disclosed attacks globally.
Iran Hacked Trump Campaign: A Deep Dive into the Cyberattack
An overview of how Iranian IRGC hackers penetrated Trump's campaign through spear-phishing, leaked sensitive data to influence opponents, and the DOJ's subsequent response.
Microsegmentation: Strengthening Network Security Against Zero Day Exploits
Find out why microsegmentation is an increasingly popular option for supporting zero trust networking approaches.
Patch Management: An Essential Part of Data Security
Ensuring you have a strong patch management strategy in place is essential in minimizing the risks posed by known vulnerabilities.
Layered Security – How a Defense-in-Depth Approach Guards Against Unknown Threats
Make sure your systems are fully protected from threats at every level by incorporating these six key layered security defense strategies.
Zero Trust Data Protection: Securing Your Data in a Perimeterless World
What should firms know about zero trust data protection and how can they ensure it is implemented effectively?