{"id":70191,"date":"2014-06-26T18:03:14","date_gmt":"2014-06-26T22:03:14","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-08-25T21:49:54","modified_gmt":"2021-08-26T01:49:54","slug":"whos-hacking-who","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/whos-hacking-who\/","title":{"rendered":"Who’s Hacking Who?"},"content":{"rendered":"

Update –<\/strong> The hacking map function seems to have been shut down – I got an error message “All access to this object has been disabled.<\/strong>”<\/p>\n

\"Who's<\/a>A new animated map of the Internet<\/strong> created by the U.S.-based computer security firm Norse<\/a><\/strong> helps cyber-defenders<\/strong> visualize where hackers are coming from and illustrate just how ubiquitous hacking<\/strong> is around the world according to a recent article<\/a> by Maya Kosoff<\/a> from BusinessInsider<\/a>. <\/em><\/p>\n

\"Norse<\/a>St. <\/a>Louis-based\u00a0Norse offers a product call IPViking<\/a><\/strong> which displays a map and lists of the countries doing the most hacking<\/strong>, the countries getting hacked the most, and the types of attacks<\/strong> happening.\u00a0Quartz<\/a><\/em> noted the animated map looks kind of like the vintage video game Missile Command<\/a>.<\/p>\n

Norse, founded by a former intelligence expert with the U.S.\u2019s Department of Homeland Security<\/a> explained to<\/a> Smithsonian Magazine<\/em><\/a> how the system works;<\/p>\n

attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure<\/strong>, representing actual worldwide cyber attacks by bad actors.<\/em><\/p>\n

\"Who's<\/a><\/p>\n

BI<\/em> continues that the map doesn’t show all the hacking going on in the world, it could be a representative snapshot<\/strong> of today’s hacking ecosystem. A snapshot of the stats shows some of the baseline back-and-forth hacking attempts. Today, over 5 hours,<\/p>\n

The top attack types:<\/p>\n

    \n
  1. SSH port 22 <\/a>– 6,308 attacks<\/li>\n
  2. SIP port 5060<\/a> – 2,380 attacks<\/li>\n
  3. Microsoft-DS port 445<\/a> – 2,317 attacks<\/li>\n
  4. MS-SQL-S port 1433<\/a> – 2,193 attacks<\/li>\n
  5. DNS port 53<\/a> – 2,182 attacks<\/li>\n
  6. HTTP-Alt port 8080<\/a> – 2,007 attacks<\/li>\n
  7. SNMP port 161<\/a> – 1,367 attacks<\/li>\n
  8. MS-term-services port 3389<\/a> – 1,327 attacks<\/li>\n<\/ol>\n

    Internet Attacks<\/h2>\n\n\n\n\n\t\n\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t
    Rank<\/th># of Attacks sent<\/th>Attack Origins<\/th>Rank<\/th># of Attacks received<\/th>Attack Target<\/th>\n<\/tr>\n<\/thead>\n
    1<\/td>12,216<\/td>China<\/td>1<\/td>27,667<\/td>United States<\/td>\n<\/tr>\n
    2<\/td>7,827<\/td>United States
    \n<\/td>    		2<\/td>1,161<\/td>Thailand<\/td>\n<\/tr>\n
    3<\/td>2,446<\/td>Mil\/Gov<\/td>3<\/td>1,077<\/td>Hong Kong<\/td>\n<\/tr>\n
    4<\/td>2,161<\/td>Netherlands<\/td>4<\/td>682<\/td>Canada<\/td>\n<\/tr>\n
    5<\/td>1,899<\/td>France<\/td>5<\/td>655 <\/td>Portugal<\/td>\n<\/tr>\n
    6<\/td>1,351<\/td>Russia<\/td>6<\/td>650<\/td>Australia<\/td>\n<\/tr>\n
    7<\/td>1,331<\/td>Canada<\/td>7<\/td>600<\/td>Singapore<\/td>\n<\/tr>\n
    8<\/td>717<\/td>Hong Kong<\/td>8<\/td>469<\/td>Netherlands<\/td>\n<\/tr>\n
    9<\/td>627<\/td>Thailand<\/td>9<\/td>458<\/td>France<\/td>\n<\/tr>\n
    10<\/td>495<\/td>Bulgaria<\/td>10<\/td>411<\/td>Bulgaria<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\nInternet Attacks as logged by Norse IPViking on 6-25-14 approx. 11:00 to 16:00 <\/span>\n\n

    rb-<\/em><\/strong><\/p>\n

    I have posted a couple of good maps on here<\/a> before.<\/a> This map relays a lot of good info while being mesmerizing also. The amount of malicious traffic flying at U.S. sites is staggering. The attacker’s emphasis is on basic network services, SSH, SIP, AD, SQL, DNS, HTTP, SNMP. Attacks on the basic services we rely on reinforce the urgency for U.S. network users to get their basics in order. The U.S. and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries.<\/em><\/p>\n

    Now for the really scary part. This IPViking map only reveals the tip of the hack-attack iceberg. It only shows penetration attempts against Norse’s network of “honeypot” traps<\/a>. The real number of hack attempts lighting up interwebs at any given moment is far, far greater than this cool piece of big data mining can ever possibly show.<\/span><\/em><\/p>\n

    Related articles<\/h6>\n