Last Updated on January 11, 2016

I have received many requests to publish a comparison of the aggregated statistics between 2014 and 2015 derived from the Cyber Attacks Timelines. S0, exactly like I did last year, I have spent some time comparing the data, extracting several interesting findings.

In general, 2015 has reported a more sustained activity, and this is easily and immediately visible from the Number of Monthly Attacks Chart. During 2015, the level of activity has always been higher, particularly in May, with the solely exception of October.

2015 Number of Daily Attacks

It is also interesting to compare the Motivations behind the attacks in 2014 and 2015. During 2015, the percentage of events motivated by Cyber Crime has raised from 62.3% to 67%, while hacktivism has lost three points (20.8% in 2015 vs. 24.9 in 2014). Cyber Espionage reported a small growth, whereas Cyber Warfare is essentially Stable.

Motivations 2014 vs 2015

It is also interesting to analyze the Drill Down chart of the motivation on a monthly basis.

Motivations 2014 vs 2015

The Top 10 Attack Techniques chart also shows some interesting findings. The percentage of unknown attacks is essentially the same in 2015 and 2014 (24.0% vs 23.3%). SQLi raised to 17.5% in 2015 from 12.8% in 2014, whilst defacements dropped to 12.4% from 14.8% reported in the previous year. Targeted attacks had a small growth in 2015 (10.5% vs 9.5%), DDoS is essentially stable (9.7% vs 9.3%) and Account Hijackings lost one point (8.8% vs 9.8%).

The real new entry of 2015 is Malvertising, but is also interesting to notice the sharp decrease of malware infections. The 2014 was in fact characterized by the Backoff malware that targeted multiple retailers (note: the category malware do not include malware used for targeted attacks).

Top 10 Tecniques 2015 vs 2014

The Top 10 Distribution of Targets confirms, also for 2015, Industries, Governments and Organizations on top of the attackers’ preferences. Actually all the first five positions are the same for both years, however 2015 has seen a major diversification of targets.

Top 10 Targets 2015 No Border Top 10 Targets 2014 No Border

Similarly to 2014, 2015 has seen E-Commerce and Software companies on top of the Top 10 Industries chart. Retailers are out of the podium for 2015, since the third place is for Hotel and Hospitality. Security should be a priority for E-Commerce sites, but it looks like the lesson of 2014 was not learned.

Top 10 Industries 2015 no border Top 10 Industries 2014 no border

Last but not least, similarly to 2014, Non-Profit entities rank at number one of the 2014 Top 10 Organizations chart. Maybe there is not enough budget for security.

Top 10 Organizations 2015 no border2 Top 10 Organizations 2014 no border

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, andfeel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

This Post Has 7 Comments

  1. Cheryl

    Do you know of an attack last year on Israeli power plants similar to the Ukraine incident last December? I have been searching for information on it but can’t find anything. thanks

  2. Jean Francois Rohard

    The monthly number of cyber attacks is worldwide? Seems a too low number…

    1. Paolo Passeri

      These are not all the attacks happening worldwide, but only the main ones appearing in the news.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.