Cyberwars: Who's attacking whom - and how?

7 months ago by Joshua Fruhlinger in Facts
iStock Credit:ryccio

Modern warfare, in many respects, takes place at a keyboard rather than a gun. As the United States is still reeling from revelations about armies of internet trolls who have manipulated domestic discourse, countless other bot and troll armies are wielding digital warfare as we go about our daily lives. Once the stuff of basement-dwelling hackers, cyber warfare is becoming tools of world government and nefarious data miners.

While it's the stuff of government agencies to suss out the bad guys from the good, we can at the very least understand who's doing bad things on the internet to whom. 

We recently began tracking digital attacks that cloud-security firm ZSclaer ($NASDAQ:ZS) publishes in order to better understand malicious digital activity and, ultimately, track change over time in order to predict trends.

Since we began tracking attacks in April, the most common attacks - of all types - were from Mexican IP addresses on US IP addresses. Here are the top-10 region-on-region attacks:

Region

Value (Sum)

Mexico -> United States

189915097

Colombia -> United States

95071490

Belgium -> United States

79280027

United States -> United States

27710906

United States -> Belgium

13632305

United States -> Russian Federation

9664398

United States -> Saudi Arabia

7354498

Europe -> Netherlands

6477445

United States -> Germany

5621040

France -> Netherlands

4903162

The types of attacks are varied, with malware attacks that attempt to install software being the most common:

Category

Description (Count)

Malurl.Gen.XO

461913

Js.Coinminer.Gen.LZ

457074

Malurl.Gen.UZ

225181

Malurl.Gen.LV

222929

Malurl.Gen.DM

207859

IBM WebSphere Application Server Cross-Site Request Forgery

143222

Android.OS.Adware

119148

Wetransfer

118011

Cookie stealing detected

116781

Malurl.Gen.NC

112957

The most common attack in our survey, listed with the threat signature "Malurl.Gen.XO", is also known as "Bad Rabbit." This malware attempts to install Flash Player by telling the end-user that a update is necessary. It's fairly common, and continues to be rampant.

As for when they happen, the time series below shows peaks in cyberattack activity since 2017.

Interestingly, the most commong region-on-region attacks of the same type are domestic, all happening within the United States:

Category

Region

(Count)

W32/A-cf3b99e8!Eldorado

United States -> United States

5131

trojandownloader:win32/awavs.gen!a.z

United States -> United States

5130

W32/S-938aca6d!Eldorado

United States -> United States

5120

W32/VB.FMRD-0417

United States -> United States

5117

Jeefo Adware

United States -> United States

5117

JS/Cosmu.A.gen

United States -> United States

5087

JS/Comele.A.gen

United States -> United States

5086

PDF/CollabExpl.A!Camelot

United States -> United States

5078

W32/Trojan.SZZM-2603

United States -> United States

5072

W97M/Downldr

United States -> United States

5069

The most common domestic-on-domestic attack, noted by signature W32/A-cf3b99e8!Eldorado, is a more "standard" virus that targest Windows Operating System machines. It's adware - trojaned into your computer via advertisements on the web. Its purpose is to download advertisements to your computer as a way for advertisers to get more eyeballs on their messages.

Be careful out there.

Joshua Fruhlinger

Joshua has been writing about technology, lifestyle, and business for over 20 years. He's one of the original writers and editors for Engadget, and still writes a...

Learn more about Thinknum data today Request demo

Request a demo

We would love to show you how Thinknum will benefit your investment process. To get started, fill out the form and we'll contact you shortly to schedule your demo.

The best of media, delivered to you

Get a newsletter of our most popular stories of the week.