Cyber-Attacks Represented in Threat Map

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Thousands of cyber-attacks occur on a daily basis originating from various parts of the world and targeting a wide range of victims; visualizing them creates a better picture of the current threat landscape.

Cyber-Attacks-Represented-in-Threat-Map.jpg


For this purpose and for keeping an eye on the changes in the behavior of a malicious actor, security researchers from FireEye created ThreatMap, a representation of the communication between command and control (C&C) servers and the victims’ computers.
Visual created based on real attack information
The map does not show real-time attacks and it definitely does not display all incidents, otherwise the information would become useless, since no clear connection between an attacker and their victim would be visible.

To make the entire threat scene comprehensible, the researchers included samples of real information collected from their intelligence database.

“The ThreatMap data is a sample of real data collected from our two-way sharing customers for the past 30 days. The data represented in the map is malware communication to command and control (C2) servers,” says FireEye threat researcher Ali Mesdaq.

The identity of the attacker and of the target is not provided, and neither is their location; instead, only information about the country is offered.

In order to preserve an accurate view of the incidents and the actors involved, FireEye relies on information collected by its systems and calculates the attacks displayed on the map based on their observed frequency.
A better picture of malicious patterns and changes
ThreatMap is useful for understanding patterns of malware families and threat actors. This is what the researchers need, as such details contribute to expanding their knowledge-base and make the necessary connections for identifying a malicious party.

“For instance, it lets us examine whether a particular threat actor – say APT1 – is using a particular set of IP addresses, domain names, URLs to launch their attacks. Based on the type of malware being used it also lets us attribute the malware and hence, the source of these attacks, to particular threat actors,” Mesdaq says.
Top five of most targeted sectors
Apart from an eye-catching view of the attacks, the map also offers a list with the most affected industries from the past 30 days.

At the moment, most of the cybercriminal attention seems to be directed towards organizations in the services and consulting sector, followed at a great distance by educational institutions and the energy and utilities sectors.

Oddly enough, financial services are last in the top five targeted sectors, behind the high-tech industry.

From our observations, the United States records most activity, both as an attacker and as a victim. We also noticed several APT (advanced persistent threat) groups being hit in Korea, the US, and Canada. In such cases, FireEye also gives information on the type of malware used by the threat actors.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top