Last Updated on May 24, 2015
This post has been possible thanks to the contribution of
@piz69, who kindly (and patiently) took care to aggregate the data for 2013!
Finally we can consolidate the data related to 2013 and draw some global stats summarizing the infosec landscape for the past year. Of course this data cannot absolutely pretend to be exhaustive, but rather we could define the charts as macro-indicators of the threat landscape and the corresponding trend, since the sources of the timelines (from which the stats are derived) are open and therefore only show cyber attacks that were discovered and gained space in the news.
Before drilling down into the data for the past year, it’s worth to have a look to the trend of the last three years (with the caveat that data for 2011 are incomplete as it was consolidated into a form comparable with 2012 and 2013 only starting from September).
Apparently 2012 and 2013 have a very different shape: 2012 shows a constant trend (with a high activity between May and June), while, after an initial peak, the line for 2013 experiences a progressive decrease, reaching a stable state. This is probably due to the minor influence of attacks motivated by hacktivism throughout the year (see the next chart).
A closer look to 2013 allows to understand the influence of the motivations throughout the different months. The initial part of the year is characterized by hacktivism. Cyber Crime is quite constant and ends up dominating the second half. This trend does not mean a decrease of hacktivism, but rather a different connotation throughout the year: the global-scale operations executed by the Anonymous have progressively been replaced by local phenomena (for instance the cyber attacks in India and Pakistan). Also the first months of the year are influenced by the DDos attacks of Izz ad-Din al-Qassam Cyber Fighters against US Banks.
Exploring the motivations shows a slight advantage of Cyber Crime (47%) over Hacktivism (44%), well above Cyber Espionage (5%) and Cyber Warfare (4%).
DDoS leads the chart of known Attack Techniques (23%) ahead of SQLi (19%) and Defacements (14%). It’s also worth to mention the rank number five achieved by Account Hijacking (with 9%) and the growing influence of Targeted Attacks ranking at number six with 6%.
Governments and Industries have been the most preferred targets for Cyber Attackers with similar values (respectively 23% and 22%). Targets belonging to finance rank at number three (7%), immediately ahead of News (6%) and Education (5%).
And, last but not least, the Top 10 Countries chart is lead by US which suffered nearly 1 attack on 2, well ahead of UK (5%) and India (3%).
As usual, bear in mind that the sample must be taken very carefully since it refers only to discovered attacks, published in the news, and included in my timelines. The sample cannot be exhaustive but only aims to provide an high level overview of the “cyber landscape”.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012. You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
This Post Has 8 Comments
Hi, I was just wondering what the source of this information is. Is it all just from various news sources? Is there a central document where all the info has been compiled?
The source is taken from the timelines that I compile every month. After each timelines all the links to the sources are indicated. Unfortunately there is not a central repository for the moment (I should organize it better).
This is great info. Do you have data on cyber attacks by CMS? I’m especially interested in WordPress–does it have more or less than its share of attacks?
I could have them but the data is not so well organised, so extracting the attacks to CMS could take a while.
It’s debatable whether “Defacement” could be treated as an attack technique, because Account Hijacking and SQLi itself could lead to defacement of a website.
You are right. The term is inappropriate, in any case what I want to stress is the final outcome of the attack (for example if data was leaked via an SQL Injection or via a malware, or the site was “simply” defaced). In this latter case, as you correctly pointed out, the initial attack could be done via SQLi, but the result is different if it is only done to change a site. I think this is the best to provide the idea on the consequences of an attack, even if the term “attack technique” is inappropriate. Any suggestion is welcome!
It would be good to know what the units on the x axis are?
They indicate the number of attacks. Of course I cannot track all the attacks that happen every second, but also the most remarkable ones that gain space in the media and are particularly noticeable (in term of impact, for instance the value of the information leaked or the value of the target itself). Hope it helps to clarify.