Last Updated on January 11, 2016
I have received many requests to publish a comparison of the aggregated statistics between 2014 and 2015 derived from the Cyber Attacks Timelines. S0, exactly like I did last year, I have spent some time comparing the data, extracting several interesting findings.
In general, 2015 has reported a more sustained activity, and this is easily and immediately visible from the Number of Monthly Attacks Chart. During 2015, the level of activity has always been higher, particularly in May, with the solely exception of October.
It is also interesting to compare the Motivations behind the attacks in 2014 and 2015. During 2015, the percentage of events motivated by Cyber Crime has raised from 62.3% to 67%, while hacktivism has lost three points (20.8% in 2015 vs. 24.9 in 2014). Cyber Espionage reported a small growth, whereas Cyber Warfare is essentially Stable.
It is also interesting to analyze the Drill Down chart of the motivation on a monthly basis.
The Top 10 Attack Techniques chart also shows some interesting findings. The percentage of unknown attacks is essentially the same in 2015 and 2014 (24.0% vs 23.3%). SQLi raised to 17.5% in 2015 from 12.8% in 2014, whilst defacements dropped to 12.4% from 14.8% reported in the previous year. Targeted attacks had a small growth in 2015 (10.5% vs 9.5%), DDoS is essentially stable (9.7% vs 9.3%) and Account Hijackings lost one point (8.8% vs 9.8%).
The real new entry of 2015 is Malvertising, but is also interesting to notice the sharp decrease of malware infections. The 2014 was in fact characterized by the Backoff malware that targeted multiple retailers (note: the category malware do not include malware used for targeted attacks).
The Top 10 Distribution of Targets confirms, also for 2015, Industries, Governments and Organizations on top of the attackers’ preferences. Actually all the first five positions are the same for both years, however 2015 has seen a major diversification of targets.
Similarly to 2014, 2015 has seen E-Commerce and Software companies on top of the Top 10 Industries chart. Retailers are out of the podium for 2015, since the third place is for Hotel and Hospitality. Security should be a priority for E-Commerce sites, but it looks like the lesson of 2014 was not learned.
Last but not least, similarly to 2014, Non-Profit entities rank at number one of the 2014 Top 10 Organizations chart. Maybe there is not enough budget for security.
As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.