1/06/2015

Who’s Attacking Whom? Realtime Attack Trackers

It seems nearly every day we’re reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it’s often difficult to visualize this type of activity. In this post, we’ll take a look at multiple ways of tracking online attacks and attackers around the globe and in real-time.

A couple of notes about these graphics. Much of the data that powers these live maps is drawn from a mix of actual targets and “honeypots,” decoy systems that security firms deploy to gather data about the sources, methods and frequency of online attacks. Also, the organizations referenced in some of these maps as “attackers” typically are compromised systems within those organizations that are being used to relay attacks launched from someplace else.

The Cyber Threat Map from FireEye recently became famous in a 60 Minutes story on cyberattacks against retailers and their credit card systems. This graphic reminds me of the ICBM monitors from NORAD, as featured in the 1984 movie War Games (I’m guessing that association is intentional). Not a lot of raw data included in this map, but it’s fun to watch.

FireEye's "Cyber Threat Map"
FireEye’s “Cyber Threat Map”

My favorite — and perhaps the easiest way to lose track of half your workday (and bandwidth) comes from the folks at Norse Corp. Their map — IPViking — includes a wealth of data about each attack, such as the attacking organization name and Internet address, the target’s city and service being attacked, as well as the most popular target countries and origin countries.

Norse's IPViking attack map is fun to watch, but very resource-intensive.
Norse’s IPViking attack map is eye candy-addictive, but very resource-intensive.

Another live service with oodles of information about each attack comes from Arbor NetworksDigital Attack map. Arbor says the map is powered by data fed from 270+ ISP customers worldwide who have agreed to share anonymous network traffic and attack statistics. This is a truly useful service because it lets you step back in time to attacks on previous dates going all the way back to June 2013.

The Digital Attack Map from Arbor networks is powered by data shared anonymously by 270 ISPs.
The Digital Attack Map from Arbor networks is powered by data shared anonymously by 270 ISPs.

Kaspersky‘s Cyberthreat Real-time Map is a lot of fun to play with, and probably looks the most like an interactive video game. Beneath the 3-D eye candy and kaleidoscopic map is anonymized data from Kaspersky’s various scanning services. As such, this fairly interactive map lets you customize its layout by filtering certain types of malicious threats, such as email malware, Web site attacks, vulnerability scans, etc.

Kaspersky's Cyberthreat Real-time Map is probably the closest of them all to a video game.
Kaspersky’s Cyberthreat Real-time Map is probably the closest of them all to a video game.

The Cyberfeed, from Anubis Networks, takes the visitor on an automated tour of the world, using something akin to Google Earth and map data based on infections from the top known malware families. It’s a neat idea, but more of a malware infection map than an attack map, and not terribly interactive either. In this respect, it’s a lot like the threat map from Finnish security firm F-Secure, the Global Botnet Threat Activity Map from Trend Microand Team Cymru‘s Internet Malicious Activity Map.

The Cyberfeed from AnubisNetworks takes you on a global tour of malware infections.
The Cyberfeed from AnubisNetworks takes you on a global tour of malware infections.

The Honeynet Project‘s Honey Map is not super sexy but it does include a fair amount of useful information about real-time threats on honeypot systems, including links to malware analysis from Virustotal for each threat or attack.

The Honeynet Project's Honey Map
The Honeynet Project’s Honey Map

Additionally, the guys at OpenDNS Labs have a decent attack tracker that includes some nifty data and graphics.

Data from OpenDNS's Global Network graph.
Data from OpenDNS’s Global Network graph.

If all these maps are a bit too Hollywood for you, then you’ll love the simplicity and humor behind PewPew, which derives its name from the added sound effects. Might want to turn the volume down on your computer’s speakers before visiting this map (especially if you’re at work while viewing it).

Speaking of attacks, some of you may have noticed that this site was unreachable for several hours over the last few days. That’s because it has been under fairly constant assault by the same criminals who attacked Sony and Microsoft’s gaming networks on Christmas Day. We are moving a few things around to prevent further such disruptions, so you may notice that some of the site’s features are a tad flaky or slow for a few days. Thanks for your patience as we sort this out.  And Happy New Year, dear readers!

Update, 1:25 p.m. ET: An earlier version of this post incorrectly stated that the PewPew service was fed with data supplied by Mandiant. The story above has been changed to reflect that.
This entry was posted on Monday, January 5th, 2015 at 9:31 am
read more: