My school has a screen in the Cyber Security building that shows web attacks by countries in real time. It shows attackers, defenders, scanners, and two other things I don’t remember.
How can they possibly track all of the cyber attacks and also know where they’re coming from and going to?
In: 7
Each Internet package have a source and destination address. Even though the Internet addresses does not perfectly match the physical addresses you can locate them to a country with extremely high precision, and often to a specific city as well. There are also devices which can scan a package and guess if it is part of a cyber attack or not. This is what a firewall does bet these devices can now be very sophisticated. Again the accuracy of these devices is not perfect, the more packages it gets from an attack the more accurate it is. But it is able to block most of the attacks or at least warn network operators about the potential attacks.
Collecting worldwide statistics however is a different challenge. A lot of these firewalls and intrusion detectors are installed deep inside the network of corporations or service providers. And they do not want to give away this data without getting anything in return. Especially considering the potential privacy issues. But there are security providers who will help detect and mitigate attacks against you provided that you share some of your statistical data with them so they can use this. The data is anonymized as best as practically possible but things like origin and destination country is not that important. These companies often provide such attack maps as a way to raise awareness of the various cyber attacks that is taking place all the time hoping that more people will buy their products in order to protect themselves.
A lot of cybersecurity companies have “real time attack maps” [Check Point’s](https://threatmap.checkpoint.com/), [Fireeye](https://www.fireeye.com/cyber-map/threat-map.html), [Net Scout](https://www.netscout.com/ddos-attack-map).
So first off your school is using one of those, the way they get that data is they have sensors in their clients networks and monitor for that stuff, it’s easy enough to see what machine is connection to your network. From that connection you can get location, and since you know where the network you are on is. This doesn’t mean the information is always accurate, it’s fairly easy to spoof IP address, or hide behind proxies, VPNs, hacked machine etc.
TL:DR it’s companies literal jobs to do it, they put up those maps to show off.
Latest Answers