The Norse Attack Map is awesome, if you've never seen it before, you need to check it out, it's mesmerizing!
In fact you'll probably lose at least half a day just looking at it.
But what is the Norse Attack Map exactly and what does it all mean? It certainly looks cool, but is it accurate?
In this blog post, I'll explain exactly what it is that you're seeing.
What is the Norse Attack Map?
The Norse Attack Map is basically an interactive map, created by Norse Corporation, which shows, in real-time, global cyber attacks, in the form of colourful laser beams which zip across your screen.
Each laser beam is a real attack and the color of the laser beam represents the type of attack that is happening at that time.
Below the map is a table which shows the country of origin for each attack, the target’s city and service that is being attacked, the type of attack and a bunch of other information such as the port numbers used, the attackers IP Address and the most popular target countries and countries of origin.
It doesn't show every attack that is going on in the world as that would be impossible, given the sheer number of them happening at any one time, and in any case, your browser wouldn't be able to cope with it and would run out of memory. But what the map does show is a sample of real-time attacks on Norse's own network infrastructure.
Creating honey pots for the attackers
The cyber attack map is basically a visual representation of cyber attacks on 8 million 'honey pots' scattered around the world, which the has firm purposely set up in attempt to lure hackers and more commonly, automated tools that attack computer networks and build botnets to carry out further attacks on their behalf.
The honey pots themselves are actually threat intelligence sensors that the company maintain but are designed to look like PC's, servers, internet infrastructure, banks, ATMs and even Microsoft Exchange servers. Basically they try to mimic as much online infrastructure as possible to make it look desirable to be hacked and also because these are the kind of machines that are typically targeted.
Once the honeypots are attacked, the attacking machines or hackers are then tricked into giving out the IP Addresses which the company then uses to keep track of their online activities.
So the company can see which systems are being attacked or have been hit with malware which zombifys that system into becoming part of a botnet which is then used to carry out further attacks.
The Norse Attack Map is pretty cool in my eyes, but take the actual data with a pinch of salt. They are real attacks, but on hardware and systems specifically set up to lure cyber attacks. Having said that, if nothing else, it does give you an idea of the sheer scale of cyber attacks that are going on today and it shows that most of them are actually automated.
It also shows that the bulk of attacks originate from either China or the US!
Be sure to check the map at different times, as you might see some large scale attacks (which look pretty spectacular too!).
What do you guys think? Are you a fan of the Norse Attack Map?
Personally I think it's very cool, but it definitely doesn't help my security paranoia!