About these ads
Home > Botnets, Security > A (Graphical) World of Botnets and Cyber Attacks

A (Graphical) World of Botnets and Cyber Attacks


Update 3/12/2013: I should also mention the Deutsche Telekom Security Tachometer

We live in a World made of Botnets and cyber attacks! While I am typing these few words in my keyboard, other fingers somewhere else in the Globe are moving quickly through the keys, firing stream of bits against their targets.

For thwarting this malicious landscape, trying to understand the evolving trends, more and more security companies and organizations collect data from their security endpoint or network devices spread all over the Globe, and send it to the cloud to be analyzed with big data algorithms. The purpose is to reduce the time between the release of a threat and the availability of an antidote. The same data can also be used to build spectacular maps that show in real time the status of the Internet, a quite impressive and worrisome spectacle! Here a short list of resources:

HoneyMap

Probably the most impressive: the HoneyMap shows a real-time visualization of attacks detected by the Honeynet Project‘s sensors deployed around the world. The Map shows “automated scans and attacks originating from infected end-user computers or hijacked server systems”. This also means that an “attack” on the HoneyMap is not necessarily conducted by a single malicious person but rather by a computer worm or other forms of malicious programs. Please Notice that, as the creators of the Project declare, many red dots means there are many machines which are attacking our honeypots but this does not necessarily imply that those countries are “very active in the cyberwar”

HoneyMap

Akamai Real-Time Web Monitor

Akamai monitors global Internet conditions around the clock. With this real-time data the company identifies the global regions with the greatest attack traffic, measuring attack traffic in real time across the Internet with their diverse network deployments. Data are collected on the number of connections that are attempted, the source IP address, the destination IP address and the source and destination ports in real time. The packets captured are generally from automated scanning trojans and worms looking to infect new computers scanning randomly generated IP addresses. Values are measured in attacks per 24 hours (attacks/24hrs).

Akamai

Securelist Statistics (Kaspersky Lab)

The information collected by Kaspersky Security Network is shown in the Securelist Statistics section. In the corresponding navigable map, the user can select Local Infections, Online Threats, Network Attacks and Vulnerabilities with Map, Diagrams or Ratings format in a time scale of 24 hours, one week or one month.

SecureList

Trend Micro Global Botnet Map

Trend Micro continuously monitors malicious network activities to identify command-and-control (C&C) servers, making the ability to rapidly identify and correlate bot activity critical. The real-time map indicates the locations of C&C servers and victimized computers that have been discovered in the previous six hours.

Trend Map

Shadowserver

The Shadowserver Foundation, managed by volunteer security professionals, gathers intelligence from the Internet via honeyclients, honeypots, and IDS/IPS Systems. The maps are made converting all of the IP addresses of the aggressor, the Command and Control and the target of the DDoS attack in coordinates and placing those points on a map. The maps are updated once a day and are available for DDoS activity and Botnet C&Cs.

shadowserver

Arbor’s Threat Level Analysis System (ATLAS)

Through its relationships with several worldwide service providers and global network operators, Arbor provides insight and on global DDoS attack activity, Internet security and traffic trends. Global Activity Map shows data in terms of scan sources, attack sources, phishing websites, botnet IRC Servers, Fast Flux bots.

ATLAS

About these ads
  1. May 12, 2013 at 11:42 am

    Thanks, for this great summary of source of real time information.

  2. Shivanthan
    September 30, 2013 at 1:59 pm

    Thanks for the great compilation..

  3. January 13, 2014 at 12:07 pm

    Great post Paolo! Good to see there are more tools to visualise the attacks in real time so people are more aware and hopefully something positive can be done to prevent future attacks. You could also try Google’s Digital Attack Map in addition to the suggestions above.

    • January 13, 2014 at 1:09 pm

      Yes you are right, I believe I should update the post with Google’s Digital Attack Map. Thanks!

  1. February 1, 2013 at 9:31 am
  2. February 1, 2013 at 10:04 am
  3. February 1, 2013 at 9:59 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 2,996 other followers