The Importance of Data (Part I)

Last Updated on July 1, 2015

In information security, raw data is an important piece of information to understand the threat landscape, however it must be opportunely correlated to create value added.

In these terms, as a security department, we monitor the attackers and, more in general, the security events in our infrastructure.  The ultimate goal is to identify patterns and, possibly, to anticipate future threats.

We also aim to raise awareness, and for this reason, with the intention to create a benchmark, we have decided to show the security trend on several verticals (Education, Energy, Finance, Government, Healthcare, Military, Social Network, Software, Video Games). For the scope of our analysis, we have decided not to consider the general category of industry focusing only on the above verticals and considering “traditional” attack techniques (that is we do not have considered attacks classified as targeted).

In this preliminary phase, we have selected the data collected by Hackmageddon since it is, in a certain way, already treated and our purpose was only to identify “macro” trends.

1. We have started by identifying which information could be useful for our purposes, and we have created a first graph representing the “timeline of cyber-attacks”. To do so, we have collected, for each month, the “Motivations Behind Attacks” data. The graph, representing the data set starting from January 2012, is shown below (it is interesting to notice the decreasing trend of hacktivism in comparison to cyber crime):

2. From all the available information, we have decided to extract the data of each selected vertical and cross correlate it with each attack category, to show a global repartition of the attacks for each “Target Category”. The outstanding graph is shown below:

As a further example, the graph below shows the drill-down of the attack distribution for a specific target category ( “Education”):

3. Another interesting way to elaborate the data consists in representing the drill-down graph for each “Attack Category”. The result is shown below:

The next graph, is the drill down of the data above for a single category (Cyber-crime):

4. The following chart shows the correlation between “Target Category” and “Attack Category”:

The second graph, below, is the drill-down of the “Target Category” for a single“Attack Category” (cyber Crime):

We have also performed some “year over year” elaborations, but they will be published in a next post. For more information, feel free to contact me: @dotnerk

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in the timelines, aiming to provide an high level overview of the “cyber landscape”.