Modern warfare, in many respects, takes place at a keyboard rather than a gun. As the United States is still reeling from revelations about armies of internet trolls who have manipulated domestic discourse, countless other bot and troll armies are wielding digital warfare as we go about our daily lives. Once the stuff of basement-dwelling hackers, cyber warfare is becoming tools of world government and nefarious data miners.
While it's the stuff of government agencies to suss out the bad guys from the good, we can at the very least understand who's doing bad things on the internet to whom.
We recently began tracking digital attacks that cloud-security firm ZSclaer ($ZS) publishes in order to better understand malicious digital activity and, ultimately, track change over time in order to predict trends.
Since we began tracking attacks in April, the most common attacks - of all types - were from Mexican IP addresses on US IP addresses. Here are the top-10 region-on-region attacks:
|
Region |
Value (Sum) |
|---|---|
|
Mexico -> United States |
189915097 |
|
Colombia -> United States |
95071490 |
|
Belgium -> United States |
79280027 |
|
United States -> United States |
27710906 |
|
United States -> Belgium |
13632305 |
|
United States -> Russian Federation |
9664398 |
|
United States -> Saudi Arabia |
7354498 |
|
Europe -> Netherlands |
6477445 |
|
United States -> Germany |
5621040 |
|
France -> Netherlands |
4903162 |
The types of attacks are varied, with malware attacks that attempt to install software being the most common:
|
Category |
Description (Count) |
|---|---|
|
Malurl.Gen.XO |
461913 |
|
Js.Coinminer.Gen.LZ |
457074 |
|
Malurl.Gen.UZ |
225181 |
|
Malurl.Gen.LV |
222929 |
|
Malurl.Gen.DM |
207859 |
|
IBM WebSphere Application Server Cross-Site Request Forgery |
143222 |
|
Android.OS.Adware |
119148 |
|
Wetransfer |
118011 |
|
Cookie stealing detected |
116781 |
|
Malurl.Gen.NC |
112957 |
The most common attack in our survey, listed with the threat signature "Malurl.Gen.XO", is also known as "Bad Rabbit." This malware attempts to install Flash Player by telling the end-user that a update is necessary. It's fairly common, and continues to be rampant.
As for when they happen, the time series below shows peaks in cyberattack activity since 2017.
Interestingly, the most commong region-on-region attacks of the same type are domestic, all happening within the United States:
|
Category |
Region |
(Count) |
|---|---|---|
|
W32/A-cf3b99e8!Eldorado |
United States -> United States |
5131 |
|
trojandownloader:win32/awavs.gen!a.z |
United States -> United States |
5130 |
|
W32/S-938aca6d!Eldorado |
United States -> United States |
5120 |
|
W32/VB.FMRD-0417 |
United States -> United States |
5117 |
|
Jeefo Adware |
United States -> United States |
5117 |
|
JS/Cosmu.A.gen |
United States -> United States |
5087 |
|
JS/Comele.A.gen |
United States -> United States |
5086 |
|
PDF/CollabExpl.A!Camelot |
United States -> United States |
5078 |
|
W32/Trojan.SZZM-2603 |
United States -> United States |
5072 |
|
W97M/Downldr |
United States -> United States |
5069 |
The most common domestic-on-domestic attack, noted by signature W32/A-cf3b99e8!Eldorado, is a more "standard" virus that targest Windows Operating System machines. It's adware - trojaned into your computer via advertisements on the web. Its purpose is to download advertisements to your computer as a way for advertisers to get more eyeballs on their messages.
Be careful out there.
