BlackFog collected threat statistics on a global basis during the first quarter of 2019. What follows is a summary of the threats determined via data exfiltration techniques across Windows, Mac, Android and iOS clients. Third party use is granted with appropriate attribution back to BlackFog.
During the first quarter of 2019 BlackFog saw continued focus by both Russia and China to exfiltrate data back to servers within their borders. This represented 20% of total threats and 50% of threats by all other countries combined. Russia represented 15.5% and China 4.1%. This does not include anonymized, advertising or profiling servers which would increase these numbers significantly.
PowerShell Attacks
With the exception direct or raw IP addresses, PowerShell attacks now represent 5.65% of all threat vectors. With the increased sharing and sophistication of cybercriminal networks working code is quickly leveraged. Hence, the increase in the use of PowerShell and fileless attacks. In fact PowerShell attack vectors represent 9.24% of attacks when data exfiltration by country threats are excluded.
Direct IP’s
Direct, or raw IP addresses still represent a major problem and are used in 48.8% of all attacks. This provides an easy way for cybercriminals to obfuscate an attack and anonymize their location. Unfortunately, some legitimate applications still employ direct IP’s instead of using common domain names. There is no reason this should be employed in a working application, unless the vendor is trying to also hide their actions.
Major Threat Vectors
Dark Web and Spyware
The Dark Web continues to provide a network for cybercriminals to steal your data and evade detection. This underground network is routinely used to transact and exchange data with other cybercriminals. It represented 3.9% of attacks in the first quarter of 2019.
Lastly, spyware and ransomware contributed 2.6% to the total number of threats.
Related Posts
Manufacturing Industry Faces Surge in Ransomware Attacks in 2024
Ransomware attacks on the manufacturing industry are rising, with notable cases at MKS Instruments, Brunswick Corporation, Simpson Manufacturing, and The Clorox Company. Learn about the financial and operational impacts and why manufacturers are prime targets for cybercriminals.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
Enterprise Ransomware Protection: Why it Matters
Why must enterprise ransomware protection be a critical component of any firm's cyber security strategy?
TAG Blog Series 1 – How ADX Supports and Implements Policy
Implementing Anti Data Exfiltration (ADX) solutions is critical for enterprise security. This article provides guidance on establishing effective ADX deployment policies, with a focus on aligning them with business objectives and threat perceptions. Highlighting BlackFog's ADX solution, it explores proactive strategies to prevent data exfiltration, offering valuable insights for practitioners aiming to enhance their security posture.
5 Steps to Ensure Your Enterprise Data Security
Why do enterprise data security strategies need to evolve to cope with a new range of threats?
Ransomware Recovery: Key Steps Every Firm Should Know
What should businesses keep in mind in order to develop an effective ransomware recovery plan?