After the two timelines (part I and part II), I can finally publish the corresponding cyber attacks statistics. This month I have analyzed 196 events, and the clear decrease compared to October (when the analyzed events were 223) is mainly due to the aggregated breach of October 28, when 34 millions of records belonging to 17 different companies were put on sale together on the dark web.
The Daily Trend of Attacks chart shows a constant trend, characterized by a plateau in the third week.
Clearly the events driven by cyber crime characterize the Daily Breakdown chart, but this is not a surprise at all.
The Motivations Behind Attacks chart shows indeed Cyber Crime on top with 86.7%, up from 82.5% of October. Cyber Espionage drops to 8.2% from 12.6% from 11.4%, while Cyber Warfare and Hacktivism get a tiny 1% each, respectively from 2.2% and 0.4% of the previous month.
Malware is still on top of the Attack Techniques, with 42.9%, up from 38.1% of October. Account hijackings are stable at number two among the known attack techniques with 11.7% very close to the 12.1% of the last month. And for the first time, attacks carried out exploiting unpatched vulnerabilities are at number three with 6.6%. Google, Apple, Oracle and Microsoft were several of the vendors whose weaknesses were exploited over the last month.
Similarly to October and September, attacks against multiple targets lead the Distribution of Targets chart with 21.9% (from 20.2% of October), ahead of healthcare (with 11.2%) and individuals (9.7%).
As always bear in mind that the sample refers exclusively to the attacks included in my timelines, available from public sources such as blogs and news sites. Obviously the sample cannot be complete, but only aims to provide an high level overview of the threat landscape.
Finally, please support my work, sharing the content, and of course follow @paulsparrows on Twitter for the latest updates. Also feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).