BlackFog collected threat statistics on a global basis for 2019. These statistics capture all data exfiltration from devices over a 12 month period for Windows, Mac, Android and iOS.
In 2019 we saw a total of 3.12% of all data exfiltrated through the Dark Web with a high of 6.11% in May. This consists of any connection trying to anonymize traffic using the Onion Router or other anonymization services. This is commonly used when exfiltrating data from user devices.
| Threat | Percentage |
|---|---|
| Dark Web | 3.12 |
| PowerShell | 6.23 |
| Spyware | 2.34 |
| Direct IP | 41.14 |
| Russia | 15.85 |
| China | 2.62 |
PowerShell attacks averaged 6.23% through the year with a high of 10.69% in October. We have seen this fluctuate throughout 2019 and this seems to correlate strongly with the rise in ransomware at various times of the year. It remains a common Fileless technique for obfuscating code and dropping malware onto devices.
Spyware represents any threat that monitors user activity, collects passwords through key loggers, camera activation or forensic analysis. Spyware remained consistent throughout the year with an average of 2.34% across all threat vectors.
Direct IP’s are still being used to conceal the destination of network connections. Even some legitimate services persist in hard coding IP’s directly into their products. This is most commonly used to try and evade DNS registration and the origin of servers. Malware and ransomware rely on this to make connections to pools of servers. It represented 41.14% of all threats detected by BlackFog in 2019.
Exfiltration based on geography saw 15.85% of all data being exfiltrated to Russia. This has been consistent throughout the year and reflects the sheer volume of attacks originating from this geographic region. China represented 2.62% of exfiltrated traffic over the same period. This peaked at 4.58% in Q1 but has otherwise remained stable throughout 2019. This correlates well with the number of espionage indictments by the US government.
Major Threat Vectors
Related Posts
Microsegmentation: Strengthening Network Security Against Zero Day Exploits
Find out why microsegmentation is an increasingly popular option for supporting zero trust networking approaches.
Patch Management: An Essential Part of Data Security
Ensuring you have a strong patch management strategy in place is essential in minimizing the risks posed by known vulnerabilities.
Layered Security – How a Defense-in-Depth Approach Guards Against Unknown Threats
Make sure your systems are fully protected from threats at every level by incorporating these six key layered security defense strategies.
Zero Trust Data Protection: Securing Your Data in a Perimeterless World
What should firms know about zero trust data protection and how can they ensure it is implemented effectively?
ZTNA vs VPN: Choosing the Right Secure Remote Access Solution
What are the pros and cons of ZTNA vs VPN remote access solutions and which should firms consider?
Zero Day Security Exploits: How They Work and How to Stay Safe
Learn about the risk posed by zero day security exploits and what firms can do to minimize their exposure to these issues.