We live in a World made of Botnets and
cyber attacks! While I am typing these few words in my keyboard, other
fingers somewhere else in the Globe are moving quickly through the keys,
firing stream of bits against their targets.
For thwarting this malicious landscape,
trying to understand the evolving trends, more and more security
companies and organizations collect data from their security endpoint or
network devices spread all over the Globe, and send it to the cloud to
be analyzed with big data
algorithms. The purpose is to reduce the time between the release of a
threat and the availability of an antidote. The same data can also be
used to build spectacular maps that show in real time the status of the
Internet, a quite impressive and worrisome spectacle! Here a short list
of resources:
Probably the most impressive: the HoneyMap shows a real-time visualization of attacks detected by the Honeynet Project‘s
sensors deployed around the world. The Map shows “automated scans and
attacks originating from infected end-user computers or hijacked server
systems”. This also means that an “attack” on the HoneyMap is not
necessarily conducted by a single malicious person but rather by a
computer worm or other forms of malicious programs. Please Notice that,
as the creators of the Project declare, many red dots means there are
many machines which are attacking our honeypots but this does not
necessarily imply that those countries are “very active in the cyberwar”
Akamai monitors global Internet
conditions around the clock. With this real-time data the company
identifies the global regions with the greatest attack traffic,
measuring attack traffic in real time across the Internet with their
diverse network deployments. Data are collected on the number of
connections that are attempted, the source IP address, the destination
IP address and the source and destination ports in real time. The
packets captured are generally from automated scanning trojans and worms
looking to infect new computers scanning randomly generated IP
addresses. Values are measured in attacks per 24 hours (attacks/24hrs).
The information collected by Kaspersky Security Network is shown in the Securelist Statistics section. In the corresponding navigable map, the user can select Local Infections, Online Threats, Network Attacks and Vulnerabilities with Map, Diagrams or Ratings format in a time scale of 24 hours, one week or one month.
Trend Micro Global Botnet Map
Trend Micro continuously monitors malicious network activities to identify command-and-control (C&C) servers, making the ability to rapidly identify and correlate bot activity critical. The real-time map indicates the locations of C&C servers and victimized computers that have been discovered in the previous six hours.
The Shadowserver Foundation, managed by
volunteer security professionals, gathers intelligence from the Internet
via honeyclients, honeypots, and IDS/IPS Systems. The maps are made
converting all of the IP addresses of the aggressor, the Command and
Control and the target of the DDoS attack in coordinates and placing
those points on a map. The maps are updated once a day and are available
for DDoS activity and Botnet C&Cs.
Through its relationships with several
worldwide service providers and global network operators, Arbor provides
insight and on global DDoS attack activity, Internet security and
traffic trends. Global Activity Map shows data in terms of scan sources,
attack sources, phishing websites, botnet IRC Servers, Fast Flux bots.
