BlackFog collected threat statistics on a global basis for 2019. These statistics capture all data exfiltration from devices over a 12 month period for Windows, Mac, Android and iOS.
In 2019 we saw a total of 3.12% of all data exfiltrated through the Dark Web with a high of 6.11% in May. This consists of any connection trying to anonymize traffic using the Onion Router or other anonymization services. This is commonly used when exfiltrating data from user devices.
Threat | Percentage |
---|---|
Dark Web | 3.12 |
PowerShell | 6.23 |
Spyware | 2.34 |
Direct IP | 41.14 |
Russia | 15.85 |
China | 2.62 |
PowerShell attacks averaged 6.23% through the year with a high of 10.69% in October. We have seen this fluctuate throughout 2019 and this seems to correlate strongly with the rise in ransomware at various times of the year. It remains a common Fileless technique for obfuscating code and dropping malware onto devices.
Spyware represents any threat that monitors user activity, collects passwords through key loggers, camera activation or forensic analysis. Spyware remained consistent throughout the year with an average of 2.34% across all threat vectors.
Direct IP’s are still being used to conceal the destination of network connections. Even some legitimate services persist in hard coding IP’s directly into their products. This is most commonly used to try and evade DNS registration and the origin of servers. Malware and ransomware rely on this to make connections to pools of servers. It represented 41.14% of all threats detected by BlackFog in 2019.
Exfiltration based on geography saw 15.85% of all data being exfiltrated to Russia. This has been consistent throughout the year and reflects the sheer volume of attacks originating from this geographic region. China represented 2.62% of exfiltrated traffic over the same period. This peaked at 4.58% in Q1 but has otherwise remained stable throughout 2019. This correlates well with the number of espionage indictments by the US government.
Major Threat Vectors
Related Posts
Lake Dallas ISD Chooses BlackFog to Prevent Data Exfiltration
Lake Dallas ISD serves about 4,000 students in Denton County uses BlackFog's anti data exfiltration to protect the school district and ensure data doesn’t end up in the hands of cybercriminals.
Wizard Spider: Taking A Look At The Notorious Russian Cybercrime Group
Wizard Spider is a notorious Russian cybercrime group which is part of a larger cyber-cartel known as the Ransom Cartel or Maze Cartel.
Ransomware Focus: LockBit Attacks in 2024
Latest information on all LockBit attacks both disclosed and undisclosed in 2024
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
Data Security Services: What do Firms Need to Know?
Why should firms be considering data security services as part of their cyber protection strategy?
BlackFog Sweeps the 20th Annual 2024 Globee Awards for Cybersecurity
BlackFog Named Triple-Winner in the 20th Annual 2024 Globee Awards for Cybersecurity