Last Updated on May 24, 2015
I have finally found the time to aggregate the data of September (Part I and Part II) into statistics.
As usual, let us start with the analysis of the Daily Trend of Attacks, which shows quite an heterogeneous trend with two peaks exactly at the beginning of the month and in the middle (yes, curiously during a weekend).
The Motivations Behind Attacks chart sees an unprecedented peak of Cyber Crime events. Still at number one, a constant trend during the last months, but with a remarkable 70.8% (versus 56.3% of August). The trail of POS Malware, the Shellshock vulnerability, and other minor events, certainly left a noticeable. As usual, Hacktivism ranks at number two, far below, with a “modest” 18.1% (was 28.2% in August), while Cyber Espionage operations confirm a relatively important role (11.1%), despite slightly decreasing in comparison with 14.1% of the previous month.
The most noticeable aspect of the Distribution Of Attack Techniques is the surge of SQLi attacks (at number one among the “recognized” attacks with 15.3%, versus 9.9% of August). Defacements follow closely with 11.1%. The third rank is all for the Account Hijacking thanks to “The Fappening” affair.
Cyber Crime is on top of the Motivations, and as a consequence Industrial targets are on top of the Distribution of Targets Chart with a noticeable 40.3%, far beyond Governmental targets that, at last for this month, loose the crown (16.7%). The others are well behind, with the attacks towards single individuals (11.3%), which occupy steadily the third place.
A deeper look at the distribution of the industrial targets, shows a predominance of Software and Video Games targets (14% each). E-Commerce and Retail targets are immediately behind (10% each), sharing their position with Touristic targets, and immediately above Oil and Gas (7%).
Once again, please bear in mind that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.
Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).