
BlackFog collected threat statistics on a global basis during the first quarter of 2019. What follows is a summary of the threats determined via data exfiltration techniques across Windows, Mac, Android and iOS clients. Third party use is granted with appropriate attribution back to BlackFog.
During the first quarter of 2019 BlackFog saw continued focus by both Russia and China to exfiltrate data back to servers within their borders. This represented 20% of total threats and 50% of threats by all other countries combined. Russia represented 15.5% and China 4.1%. This does not include anonymized, advertising or profiling servers which would increase these numbers significantly.
PowerShell Attacks
With the exception direct or raw IP addresses, PowerShell attacks now represent 5.65% of all threat vectors. With the increased sharing and sophistication of cybercriminal networks working code is quickly leveraged. Hence, the increase in the use of PowerShell and fileless attacks. In fact PowerShell attack vectors represent 9.24% of attacks when data exfiltration by country threats are excluded.
Direct IP’s
Direct, or raw IP addresses still represent a major problem and are used in 48.8% of all attacks. This provides an easy way for cybercriminals to obfuscate an attack and anonymize their location. Unfortunately, some legitimate applications still employ direct IP’s instead of using common domain names. There is no reason this should be employed in a working application, unless the vendor is trying to also hide their actions.
Major Threat Vectors
Dark Web and Spyware
The Dark Web continues to provide a network for cybercriminals to steal your data and evade detection. This underground network is routinely used to transact and exchange data with other cybercriminals. It represented 3.9% of attacks in the first quarter of 2019.
Lastly, spyware and ransomware contributed 2.6% to the total number of threats.
Share This Story, Choose Your Platform!
Related Posts
Studio Gang Strengthens Data Security with BlackFog’s Last Line of Defense
Learn how Studio Gang strengthened data security with BlackFog ADX Protect and ADX Vision to stop data exfiltration and reduce AI data risk.
How EDR Killers Work: BYOVD, Kernel Access, And The Pre-Encryption Window
EDR killers now sell as SaaS-style products with dashboards and credit balances. Here's how the market works and what to harden first.
BlackFog Receives 2026 AI in Cybersecurity Innovation Award from TMCnet
BlackFog wins the 2026 TMC AI in Cybersecurity Innovation Award for ADX Protect, recognizing innovation in preventing data exfiltration and AI threats.
The State of Ransomware: June 2026
BlackFog's state of ransomware June 2026 measures publicly disclosed and non-disclosed attacks globally.
What Is Shadow AI And How Does It Differ From Other AI Types?
What is Shadow AI, why is it growing in the workplace and how does it differ from enterprise AI systems?
Are There Best Practices For Protecting Sensitive Information When Using AI Chatbots?
How can employees safely use AI chatbots at work without exposing sensitive business information?







