Update – The hacking map function seems to have been shut down – I got an error message “All access to this object has been disabled.”
A new animated map of the Internet created by the U.S.-based computer security firm Norse helps cyber-defenders visualize where hackers are coming from and illustrate just how ubiquitous hacking is around the world according to a recent article by Maya Kosoff from BusinessInsider.
St. Louis-based Norse offers a product call IPViking which displays a map and lists of the countries doing the most hacking, the countries getting hacked the most, and the types of attacks happening. Quartz noted the animated map looks kind of like the vintage video game Missile Command.
Norse, founded by a former intelligence expert with the U.S.’s Department of Homeland Security explained to Smithsonian Magazine how the system works;
attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors.
BI continues that the map doesn’t show all the hacking going on in the world, it could be a representative snapshot of today’s hacking ecosystem. A snapshot of the stats shows some of the baseline back-and-forth hacking attempts. Today, over 5 hours,
The top attack types:
- SSH port 22 – 6,308 attacks
- SIP port 5060 – 2,380 attacks
- Microsoft-DS port 445 – 2,317 attacks
- MS-SQL-S port 1433 – 2,193 attacks
- DNS port 53 – 2,182 attacks
- HTTP-Alt port 8080 – 2,007 attacks
- SNMP port 161 – 1,367 attacks
- MS-term-services port 3389 – 1,327 attacks
Internet Attacks
| Rank | # of Attacks sent | Attack Origins | Rank | # of Attacks received | Attack Target |
|---|---|---|---|---|---|
| 1 | 12,216 | China | 1 | 27,667 | United States |
| 2 | 7,827 | United States | 2 | 1,161 | Thailand |
| 3 | 2,446 | Mil/Gov | 3 | 1,077 | Hong Kong |
| 4 | 2,161 | Netherlands | 4 | 682 | Canada |
| 5 | 1,899 | France | 5 | 655 | Portugal |
| 6 | 1,351 | Russia | 6 | 650 | Australia |
| 7 | 1,331 | Canada | 7 | 600 | Singapore |
| 8 | 717 | Hong Kong | 8 | 469 | Netherlands |
| 9 | 627 | Thailand | 9 | 458 | France |
| 10 | 495 | Bulgaria | 10 | 411 | Bulgaria |
rb-
I have posted a couple of good maps on here before. This map relays a lot of good info while being mesmerizing also. The amount of malicious traffic flying at U.S. sites is staggering. The attacker’s emphasis is on basic network services, SSH, SIP, AD, SQL, DNS, HTTP, SNMP. Attacks on the basic services we rely on reinforce the urgency for U.S. network users to get their basics in order. The U.S. and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries.
Now for the really scary part. This IPViking map only reveals the tip of the hack-attack iceberg. It only shows penetration attempts against Norse’s network of “honeypot” traps. The real number of hack attempts lighting up interwebs at any given moment is far, far greater than this cool piece of big data mining can ever possibly show.
Related articles
- A secure cloud can keep an enterprise safe from attack (cloudentr.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.