Is it Useful to Understand Cyber Attack Maps?

The jury is still out on whether it is actually beneficial to understand cyber-attack maps and how
they function.

Some Information Security industry experts claim that these maps aren’t useful at all, that
they’re simply used as a sales tool by cybersecurity solution providers.

However, other experts believe that while these threat maps have no practical usage for
mitigating attacks, threat maps can be used to study past attack styles, to recognize raw data
behind DDoS attacks, or to even report outages on certain dates and times to their customer base.

Another essential point to keep in mind about the source of the attacks: even though these maps
pinpoint particular countries launching attacks against others, that doesn’t mean the actual source
of the attack is the same as the attacker location.

In actuality, the source of an attack is often forged, which means that it appears as though it was
initiated from a certain country, but it is not from that country at all. When the map shows the
correct location, it’s often not the real attacker behind the cyber-attack, but rather an infected
computer working for a botnet.

Another noteworthy fact is that the largest attacks usually originate from high bandwidth nations,
who are perfectly suited to launching huge attacks from thousands of infected devices led from
more isolated locations.

One more important point to note is that while these maps provide valuable cyber-attack
information, it is impossible to fully map all digital attacks online because they are constantly
changing. These maps update regularly (usually hourly, but some are in real time), but they
cannot show everything.

The Most Popular Cyber Attack Maps

1. Arbor Networks DDoS Attack Map

 Arbor Networks is one of the most popular attack maps. This map is devoted to tracking down
attack episodes related to DDoS attacks around the world.

Arbor Networks ATLAS® global threat intelligence system has gathered and presented the data,
which comes from a worldwide analysis of 300+ ISPs with over 130 Tbps of live traffic. This
map’s stats are updated hourly, but the digital map also allows you to explore historical data sets.

Its features include:

 Stats for each country

 The attack source and destination

 Various types of attacks (large, uncommon, combined, etc)
 Color-coded attacks by type, source port, duration and destination port
 The size of the DDoS attack in Gbps
 The embed code so you can attach the map in your own website
 Sort by TCP connection, volumetric, fragmentation and application

2. Kaspersky Cyber Malware and DDoS Real-Time Map

 The Kaspersky cyber threat map is one of the most comprehensive maps available, and it also
serves as the best when it comes to graphical interface. It also looks amazingly sleek, although of
course, what it signifies is Internet devastation.

When you open the map, it detects your current location and displays stats for your country, also
including top local attacks and infections from the past week.

Here are the activities detected by the cybermap Kaspersky:

 On-Access Scan
 On-Demand Scan
 Mail Anti-Virus
 Web Anti-Virus
 Intrusion Detection Scan
 Vulnerability Scan
 Kaspersky Anti-Spam
 Botnet Activity Detection

Here are some other features this map offers:

 Switch to globe view

 Toggle map color
 Zoom in/out
  Enable/disable demo mode
 Embed map using iframe
 Buzz tap which includes helpful articles

3. ThreatCoud Live Cyber Attack Threat map

CheckPoint designed the ThreatCloud map, which is another cyber-attack map offering a hi-tech
way to detect DDoS attacks from around the globe. It’s not the most advanced map in our list,
but it does succeed in showing live stats for recent attacks.

ThreatCloud displays live stats, which include new attacks, the source of the attacks, and their
various destinations. Another interesting feature is the “Top targets by country” feature, which
offers threat stats for the past week and month, as well as the average infection rate and
percentage of most frequent attack sources for some countries.

At the time of this writing, the Philippines was the top country attacked, with the United States in
second.

4. Fortinet Threat Map

The Fortinet Threat Map features malicious network activity within various geographic regions..
In addition, this attack map will display various international sources of attack and their
destinations. It may not be as visually exciting as some of the others, but it is easy to understand.

General live attack activity will be shown in order of attack type, severity and geographic
location. You can also see a day/night map under the attack map which is interesting.

If you click on a country name, you will see statistics for incoming and outgoing attacks, as well
as overall activity in the country. The different colors on the map represent the type of attack, for
example:

 Execution (remote execution attacks)

 Memory (memory-related attacks)
 Link (Attack from a remote location)
 DoS (Denial of Service attacks)
 Generic attacks

Another feature of the Fortinet Threat Map is the ongoing statistics on the bottom left hand
corner of the page. For example, number of Botnet C&C attempts per minute and number of
malware programs utilized per minute.

5. Akamai Real-Time Web Attack Monitor

 Another great attack visualization map is Akamai Real-Time Web Attack Monitor.

This company controls a big portion of today’s global internet traffic. With the vast amounts of
data it gathers, it offers real-time stats pinpointing the sources of most of the biggest attacks
anywhere around the globe.

It also cites the top attack locations for the past 24 hours, letting you choose between different
regions of the world.

This map is displayed in various languages. You can change the language by clicking on the
language tab on the top right corner of the page. This map also includes helpful learning
resources such as a glossary and a library.

6. LookingGlass Phishing/Malicious URL Map

The LookingGlass real-time map shows actual data from Looking Glass threat intelligence feeds,
including:

 Cyveillance Infection Records Data Feed

 Cyveillance Malicious URL Data Feed
 Cyveillance Phishing URL Data Feed

The goal is this map is to detect and show live activity for infected malicious and phishing
domain URLs. When you load the map, the results will be shown in four columns which include
infections per second, live attacks, botnets involved, and the total number of affected countries.

When you click on any location on the map, you will see additional details about the malicious
incident, such as time, ASN, organization, and country code.

You can also filter the display options using the “filter” tab in the upper right-hand corner of the
webpage.