Cyber-Security Threats Origins and their Analysis

Abstract

The number of cyber-attacks on the Internet increases greatly and this trend does not seem to stop any time soon. The spread of malware is fuelled by various factors, with the technology and Internet access becoming relatively affordable globally and forced home-office of various professions, which increases the possible threat exposure time. Threat actors also employ various attack vectors, often utilizing some form of position deception to hide their activity from the authorities. Depending on the attacker’s skillset, motivation and available resources, the attack may prevail into successful data breach, theft or data integrity violation. These outcomes may sometimes have tragic consequences. Without access to any kind of private data banks, this work was limited only to publicly available sources alongside with their drawbacks. This paper proposes a tool which is able to accept various sources of data, be it providers of suspicious IP address lists, lists containing IP addresses that are known to be part of any kind of TOR/VPN network, blocklists that contain various data and lastly also geolocation databases as means of gathering intel about IP addresses that are either part of suspicious lists or inside of manual queries. The proposed tool was then tested on publicly available data and the results, originating mainly from generated maps and graphs of various categories, alongside with the actual tool were compared to other cyber-threats origin information services and to other statistics about the situation in the online field.