Skip to content
BlackFog collected threat statistics on a global basis for the first 9 months of 2019 (threat statistics Q3 2019). What follows is a summary of the data exfiltration across all endpoints including Windows, Mac, Android and iOS devices.
Dark Web
BlackFog saw a steady decline in Dark Web exfiltration over the quarter representing 1.69% of traffic, a decrease from both Q1 and Q2. However, BlackFog saw a dramatic increase in PowerShell attacks in Q3 at 7.86%, which is the highest we have seen for the year, up from 3.51% in the previous quarter. This reflects the increased use of the PowerShell for fileless attacks and the increase in the number of ransomware attacks globally.
Geographic Exfiltration
BlackFog reported a decrease in data exfiltrated to Russia this quarter, totaling 13.5% compared to 19.43% in the previous quarter. Exfiltration to China remained relatively stable at 2.13% compared with 2.62% in the previous quarter.
Direct IP’s and Spyware
No significant changes were found with other core statistics. Spyware represented 1.57%, and the use of direct IP’s for communicating with servers represented 37.03% of all attacks.
Major Threat Vectors
Share This Story, Choose Your Platform!
Related Posts
LotAI: How Attackers Weaponize AI Assistants for Data Exfiltration
What happens when attackers use your approved AI tools as a data exfiltration channel? New research reveals how the LotAI technique turns Copilot and Grok into covert C2 relays.
The State of Ransomware: February 2026
BlackFog's state of ransomware February 2026 measures publicly disclosed and non-disclosed attacks globally.
Steaelite RAT Enables Double Extortion Attacks from a Single Panel
Steaelite is a newly emerging RAT that unifies credential theft, data exfiltration, and ransomware in a single web panel, accelerating double extortion attacks.
ClawdBot and OpenClaw: When Local AI Becomes A Data Exfiltration Goldmine
ClawdBot stores API keys, chat histories, and user memories in plaintext files, and infostealers like RedLine, Lumma, and Vidar are already targeting it.
West Harlem Group Assistance Stops Ransomware and Cryptojacking with BlackFog ADX
West Harlem Group Assistance secures its community mission by preventing ransomware and cryptojacking with BlackFog ADX.
Why Traditional Security Fails To Deal With Advanced Persistent Threats
Learn why advanced persistent threats remain a growing cybersecurity risk in 2026 and where organizations must focus to address them.