BlackFog collected threat statistics on a global basis for Q4 of 2019. What follows is a summary of the data exfiltration across all endpoints including Windows, Mac, Android and iOS devices.

Dark Web

BlackFog saw a steady increase in Dark Web exfiltration over the quarter representing 1.71% of traffic, an increase from Q3 but down overall from the first half the year. However, BlackFog saw a sustained increase in PowerShell attacks in Q4 at 6.63%, which is the second highest we have seen with the exception of Q3, which was close to 8%. October was in fact the highest we have seen all year with over 10%. This reflects the increased use of the PowerShell for fileless attacks and the increase in the number of ransomware attacks globally.

Geographic Exfiltration

BlackFog reported an increase in data exfiltrated to Russia this quarter, totaling 14.47% compared to 13.5% in the previous quarter. Exfiltration to China remained relatively stable at 2% compared with 2.12% in the previous quarter.

Direct IP’s and Spyware

Spyware increased significantly this quarter from 1.57% to 2.61%, and the use of direct IP’s for communicating with servers represented 38.57% of all attacks.

Major Threat Vectors