Professional Documents
Culture Documents
Cyber Attack Maps
Cyber Attack Maps
Cyber Attack Maps
The jury is still out on whether it is actually beneficial to understand cyber-attack maps and how
they function.
Some Information Security industry experts claim that these maps aren’t useful at all, that
they’re simply used as a sales tool by cybersecurity solution providers.
However, other experts believe that while these threat maps have no practical usage for
mitigating attacks, threat maps can be used to study past attack styles, to recognize raw data
behind DDoS attacks, or to even report outages on certain dates and times to their customer base.
Another essential point to keep in mind about the source of the attacks: even though these maps
pinpoint particular countries launching attacks against others, that doesn’t mean the actual source
of the attack is the same as the attacker location.
In actuality, the source of an attack is often forged, which means that it appears as though it was
initiated from a certain country, but it is not from that country at all. When the map shows the
correct location, it’s often not the real attacker behind the cyber-attack, but rather an infected
computer working for a botnet.
Another noteworthy fact is that the largest attacks usually originate from high bandwidth nations,
who are perfectly suited to launching huge attacks from thousands of infected devices led from
more isolated locations.
One more important point to note is that while these maps provide valuable cyber-attack
information, it is impossible to fully map all digital attacks online because they are constantly
changing. These maps update regularly (usually hourly, but some are in real time), but they
cannot show everything.
Arbor Networks ATLAS® global threat intelligence system has gathered and presented the data,
which comes from a worldwide analysis of 300+ ISPs with over 130 Tbps of live traffic. This
map’s stats are updated hourly, but the digital map also allows you to explore historical data sets.
When you open the map, it detects your current location and displays stats for your country, also
including top local attacks and infections from the past week.
On-Access Scan
On-Demand Scan
Mail Anti-Virus
Web Anti-Virus
Intrusion Detection Scan
Vulnerability Scan
Kaspersky Anti-Spam
Botnet Activity Detection
CheckPoint designed the ThreatCloud map, which is another cyber-attack map offering a hi-tech
way to detect DDoS attacks from around the globe. It’s not the most advanced map in our list,
but it does succeed in showing live stats for recent attacks.
ThreatCloud displays live stats, which include new attacks, the source of the attacks, and their
various destinations. Another interesting feature is the “Top targets by country” feature, which
offers threat stats for the past week and month, as well as the average infection rate and
percentage of most frequent attack sources for some countries.
At the time of this writing, the Philippines was the top country attacked, with the United States in
second.
General live attack activity will be shown in order of attack type, severity and geographic
location. You can also see a day/night map under the attack map which is interesting.
If you click on a country name, you will see statistics for incoming and outgoing attacks, as well
as overall activity in the country. The different colors on the map represent the type of attack, for
example:
Another feature of the Fortinet Threat Map is the ongoing statistics on the bottom left hand
corner of the page. For example, number of Botnet C&C attempts per minute and number of
malware programs utilized per minute.
This company controls a big portion of today’s global internet traffic. With the vast amounts of
data it gathers, it offers real-time stats pinpointing the sources of most of the biggest attacks
anywhere around the globe.
It also cites the top attack locations for the past 24 hours, letting you choose between different
regions of the world.
This map is displayed in various languages. You can change the language by clicking on the
language tab on the top right corner of the page. This map also includes helpful learning
resources such as a glossary and a library.
The goal is this map is to detect and show live activity for infected malicious and phishing
domain URLs. When you load the map, the results will be shown in four columns which include
infections per second, live attacks, botnets involved, and the total number of affected countries.
When you click on any location on the map, you will see additional details about the malicious
incident, such as time, ASN, organization, and country code.
You can also filter the display options using the “filter” tab in the upper right-hand corner of the
webpage.