BlackFog collected threat statistics on a global basis for 2019. These statistics capture all data exfiltration from devices over a 12 month period for Windows, Mac, Android and iOS.
In 2019 we saw a total of 3.12% of all data exfiltrated through the Dark Web with a high of 6.11% in May. This consists of any connection trying to anonymize traffic using the Onion Router or other anonymization services. This is commonly used when exfiltrating data from user devices.
| Threat | Percentage |
|---|---|
| Dark Web | 3.12 |
| PowerShell | 6.23 |
| Spyware | 2.34 |
| Direct IP | 41.14 |
| Russia | 15.85 |
| China | 2.62 |
PowerShell attacks averaged 6.23% through the year with a high of 10.69% in October. We have seen this fluctuate throughout 2019 and this seems to correlate strongly with the rise in ransomware at various times of the year. It remains a common Fileless technique for obfuscating code and dropping malware onto devices.
Spyware represents any threat that monitors user activity, collects passwords through key loggers, camera activation or forensic analysis. Spyware remained consistent throughout the year with an average of 2.34% across all threat vectors.
Direct IP’s are still being used to conceal the destination of network connections. Even some legitimate services persist in hard coding IP’s directly into their products. This is most commonly used to try and evade DNS registration and the origin of servers. Malware and ransomware rely on this to make connections to pools of servers. It represented 41.14% of all threats detected by BlackFog in 2019.
Exfiltration based on geography saw 15.85% of all data being exfiltrated to Russia. This has been consistent throughout the year and reflects the sheer volume of attacks originating from this geographic region. China represented 2.62% of exfiltrated traffic over the same period. This peaked at 4.58% in Q1 but has otherwise remained stable throughout 2019. This correlates well with the number of espionage indictments by the US government.
Major Threat Vectors
Related Posts
Ascension Ransomware Attack: Impact and Prevention Tips
Learn how the Ascension ransomware attack disrupted healthcare services, the financial consequences, and the cybersecurity lessons it taught. Also receive advice on protecting patient data and preventing similar attacks in the future.
Essential Data Loss Prevention Best Practices Every Firm Should Know
Following these seven data loss prevention best practices can help any firm reduce the risk of falling victim to threats like ransomware.
BlackFog Report Reveals Record Number of Ransomware Attacks from January to March
BlackFog reports a record-breaking surge in ransomware attacks Q1 2025, with 278 disclosed cases and a 113% rise in undisclosed incidents.
AI for Network Security and Monitoring: Enhancing Cyber Defense
What opportunities do AI ransomware protection tools offer to cybersecurity pros?
Ghost Ransomware: The New Cyber Menace Targeting 70+ Countries
Ghost ransomware is targeting 70+ countries. Learn how it works, who’s behind it, and how to stay protected in today’s cyber threat landscape.
Log4Shell – Understanding the Vulnerability and Mitigation Steps
Learn about Log4Shell, its impact on industries, and effective mitigation strategies. Discover how proactive defenses, like BlackFog's ADX technology, can protect your systems from ransomware and data exfiltration.