Exactly as I did one year ago, I have decided to publish the aggregated statistics related to all the events (a total of 1061 cyber attacks) that I collected during 2016. Again, I want to stress that the data for the statistics is derived from the timelines that I build on a (more or less) bi-weekly basis. The timelines collect the major cyber events of the related months chosen among the ones published by open sources (such as blogs or news site). Of course each event reports the sources for the sake of completeness.
The statistics cannot obviously be comprehensive, but the purpose is just to give an overview of the threat landscape.
That being said, it’s time to analyze the data!
In comparison to 2015, during 2016 I have collected a slightly larger number of events (1061 vs 1017). The Monthly attacks chart shows that the level of activity was similar in the first 5 months. Then 2016 experienced a peak in the central months, and starting from September, 2015 registered a more consistent activity, at least until December when 2016 experienced a new tail of events.
It is also interesting to compare the Motivations in 2015 and 2016. During 2016, the percentage of events motivated by Cyber Crime raised from 67% to 72.1%, while hacktivism dropped to 14.2% from 20.8%. Cyber Espionage was essentially stable (9.8% vs 9.2%), whereas Cyber Warfare has nearly doubled its share (4.3% vs 2.4%) even if the overall value is still low.
And the Drill Down chart of the motivations on a monthly basis highlights the differences. Clearly the Summer 2016 was hot also from an Infosec perspective.
The main finding from the Top 10 Attack Techniques is the percentage of unknown attacks soaring to 33.1% in 2016. Account Hijackings also experienced a noticeable growth to 15.1% from 8.8% in 2015. Targeted attacks reported a light growth (11.6% vs 10.5%), similarly to DDoS (11.3% vs 9.7%) and malware (8.0% vs 6.4%). Last but not least, both SQLi and defacement attacks reported a considerable drop (maybe related to the decreasing impact of hacktivism among the motivations), while malvertising is essentially stable (1.8% vs 2.1%).
The Top 10 Distribution of Targets confirms, also for 2016, industries and governments on top of the attackers’ preferences. Unlike 2015, single individuals stand at number three, pushing organizations out of the podium. This matches the soar in account hijackings that we have seen in the Top 10 attack techniques charts.
2016 has seen software companies leading the Top 10 Industries chart, ahead of hotel and hospitality, and video games. Curiously software companies ranked at the second place in 2015, just ahead of hotel and hospitality. E-Commerce entities, which ranked at place number one in 2015, slid at at number four.
Political Parties rank at number one of the Top 10 Organizations chart, ahead of non-profit (they were at number one in 2015 and Sport).
I hope you have read the introduction, so you will be aware that the sample must be taken very carefully since it refers only to discovered attacks included in my timelines, aiming to provide an high level overview of the “cyber landscape”.
In any case, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated).