BlackFog collected threat statistics on a global basis for 2019. These statistics capture all data exfiltration from devices over a 12 month period for Windows, Mac, Android and iOS.
In 2019 we saw a total of 3.12% of all data exfiltrated through the Dark Web with a high of 6.11% in May. This consists of any connection trying to anonymize traffic using the Onion Router or other anonymization services. This is commonly used when exfiltrating data from user devices.
| Threat | Percentage |
|---|---|
| Dark Web | 3.12 |
| PowerShell | 6.23 |
| Spyware | 2.34 |
| Direct IP | 41.14 |
| Russia | 15.85 |
| China | 2.62 |
PowerShell attacks averaged 6.23% through the year with a high of 10.69% in October. We have seen this fluctuate throughout 2019 and this seems to correlate strongly with the rise in ransomware at various times of the year. It remains a common Fileless technique for obfuscating code and dropping malware onto devices.
Spyware represents any threat that monitors user activity, collects passwords through key loggers, camera activation or forensic analysis. Spyware remained consistent throughout the year with an average of 2.34% across all threat vectors.
Direct IP’s are still being used to conceal the destination of network connections. Even some legitimate services persist in hard coding IP’s directly into their products. This is most commonly used to try and evade DNS registration and the origin of servers. Malware and ransomware rely on this to make connections to pools of servers. It represented 41.14% of all threats detected by BlackFog in 2019.
Exfiltration based on geography saw 15.85% of all data being exfiltrated to Russia. This has been consistent throughout the year and reflects the sheer volume of attacks originating from this geographic region. China represented 2.62% of exfiltrated traffic over the same period. This peaked at 4.58% in Q1 but has otherwise remained stable throughout 2019. This correlates well with the number of espionage indictments by the US government.
Major Threat Vectors
Related Posts
Data Backup and Data Recovery: What Every Business Needs to Know
Understand these critical data backup and data recovery steps to reduce the risk of lengthy downtime following data loss.
DNS Exfiltration: How Hackers Use Your Network to Steal Data Without Detection
Learn how DNS exfiltration works and why this method of data theft often goes undetected.
How Do You Protect Yourself From Hackers? Proactive Strategies for Business Data Security
Follow these advanced data protection strategies to help protect your firm from hackers in an increasingly challenging environment.
5 Steps to a Disaster Recovery Plan That Protects Your Business
Follow these key steps to develop a data backup and recovery plan fit for the digital-first world.
Data Protection Management: Building a Resilient Data Security Framework
Keep these six key principles in mind to ensure your data protection management solutions are as effective as possible.
Data Leakage Demystified: Risks and Mitigation Strategies
Learn everything you need to know about common data leakage risks and how to mitigate them.