Monday, September 8, 2014

The Worms Are Coming From Inside The House

Tonight I supply you with a very particular collection of maps, each sharing one trait: they all display a collection of cyberattacks happening at that moment. I might have opted to compare, contrast, pick the 'best' one and point you specifically there, but what appears to happen with these things is that each map takes a different subset of the attacks going on at any given moment. Some of them come from security companies trying to drum up business (because OMG the attacks are everywhere you need to be safe BUY OUR STUFF NOW), and they only show what they personally are picking up. Usually, it's the map's home base getting the bulk of the attacks. What I suggest, if this is a thing you want to look at, is to take all the maps as pieces of a larger puzzle.

*Kaspersky has this map, showing Russia as the most infected country, but then, Kaspersky is based in Russia.
*Norse, meanwhile, shows the United States as by a million miles the most infected, with St. Louis and San Francisco in particular getting a pounding, but then, Norse is based in San Mateo, California.
*Google, also based in California, also shows the US as the biggest target.
*Akamai, based in Cambridge, Massachusetts, again has the US as the big target and California in particular.
*Ditto for FireEye of Milpitas, California, but on their map South Korea takes almost as big a hit as the US does.
*Here's a map from the IT Security Research Group. The fact that the group's website URL ends in .de, hinting to their origins in Aachen, Germany, should tell you how much Germany gets tagged in their map.
*While on the map F-Secure, home base Finland may not be the most targeted, they do get an outsized share of the attention, and Europe in general takes the bulk of the damage. Depending on when you drop by, Finland may in fact be getting the most attacks.

Deutsche Telekom bucks the trend with their daily summary, being based in Germany but showing Germany only in roundabout 3rd-5th on a daily basis. They usually have Russia leading the attack list.

Other maps available that are a little more ambiguous in giving up that kind of information:
*Trend Micro (headquarters in Japan)
*Arbor Networks (headquarters in Burlington, Massachusetts)
*Team Cymru (based in Orlando, Florida)

No comments: