During the first 2 months of 2019 BlackFog saw some interesting trends in cyber attacks, noting the geographic dispersal and types of attacks being used.
More than 18.29% of threats discovered attempted to connect to Russian based servers. This includes activation through command and control (C&C) servers, redirections and outbound connections. Similarly, there was significant traffic sent through China, totaling 6.91%. Together these 2 countries now represent 25.2% of all threats discovered. “Typically, we are seeing a large majority of these threats initiated through advertising networks (aka Malvertising).” said Dr. Darren Williams, Founder and CEO of BlackFog. “What is disturbing is the sheer number of attacks coming from these regions.”
PowerShell attacks rising
BlackFog has also determined that 9.08% of all threats now leverage the PowerShell as the main threat vector. Every day we are seeing an increase in fileless, in-memory attacks like this . This is very difficult to detect with traditional approaches because there are no files associated with the attack.
Direct IP’s still a problem
Of particular note are the number of threats that still use direct IP addresses to anonymize the final destination of their attack. Precisely 55.83% of attacks still attempt to steal data by bypassing DNS servers entirely.
Dark Web and Spyware alive and well
The Dark Web continues to provide a network for cyber criminals to steal your data and evade detection. This underground network is routinely used to transact and exchange data with other cyber criminals. It represented 5.16% of attacks in the first 2 months of 2019.
Lastly, spyware and ransomware contributed 4.07% to the total number of threats.