tips tools api

SecurityTrails Blog · Jun 25 · SecurityTrails team

Top 10 Cyber Attack Maps for Visualizing Digital Threat Incidents

Reading time: 9 minutes

A new study by Bromium shows that digital crime revenue has grown to $1.5 trillion dollars annually in illicit profits. Popular websites including GitHub, EA and many others face bigger, more sophisticated attacks every day, falling victim to the growing trend of cybercrime.

Who’s attacking me? Where are these attacks coming from? What’s the top attacker host? When facing an attack, we can find answers to these questions by exploring the logs, then performing lookups for all available information.

This can be done when you’re facing an isolated low- to mid-size DDoS attack. With bigger attacks however, you can’t waste time performing manual lookups. Fortunately, that’s the perfect scenario when automated anti-DDoS mitigation systems play their game.

Now let’s suppose that you aren’t DDoSed, that you merely want to access top digital attack information from cybersecurity incidents around the world. Where would you look? You can try ISP’s stats or check out anti-DDOS providers, or you can see what’s going on right now by using digital attack maps.

Watching cyber attacks can be a creative way to show how cybersecurity works on a global scale, and how malicious packets interact between countries. That’s why we’re showing you today’s top 10 most interesting cybersecurity attack maps.

What’s a cyber attack map?

A cyber attack map is just a fancy, graphical way to show how the Internet works. Day by day, millions of cyber threats hit new victims; some of them performing counter attack, others mitigating the attacks and remaining passive. While some of these malicious activities are manually-targeted cyber attacks, most of them are botnets dedicated to shutting down infrastructures and causing chaos among organizations.

Most current digital attack maps share a few common facts:

  • They are wrongly advertised as “live maps”—most do not show live attack data, but records of past attacks.
  • They are focused on showing Distributed Denial of Service (DDoS) attacks only, and not other types of cybercrime.
  • They only show anonymous traffic data.

Are cyber attack maps really useful?

Some infosec industry experts believe these maps aren’t useful at all, that they’re merely used as a sales tool by cybersecurity solution providers.

Based on our experience, while these threat maps have no practical usage for mitigating attacks, they can be utilized to explore historical attack trends, to understand raw data behind DDoS attacks (which, most of the time, is not intuitive for new technical users) or to report outages on certain dates to their customer base.

Something important to keep in mind, about the source of the attacks: while these maps locate specific countries launching attacks against others, that doesn’t mean the actual source of the attack is the same as the attacker location.

Most of the time, the source of an attack is forged, made to appear as though it was initiated from a certain country When it shows the right location, it’s often not the real attacker behind the dirty work, but an infected computer working for a botnet.

Another interesting fact: the biggest attacks often come from high bandwidth nations, perfectly suited to launching giant attacks from thousands of infected devices commanded from remote locations.

One of the most popular digital maps used to be the famous “norse attack map”; however, that live threat map is now gone, and others have taken its place. So, let’s learn about the top alternatives to the norse attack map.

Arbor Networks DDoS Attack Map

Arbor Networks brings you one of today’s most popular attack maps. This map is dedicated to tracking down incidents related to DDoS attacks around the globe.

Arbor Networks attack map

The data is gathered by the Arbor Networks ATLAS® global threat intelligence system, coming from a worldwide analysis of 300+ ISPs with over 130 Tbps of live traffic. Stats are updated hourly, but the digital map also allows you to explore historical data sets.

Its features include:

  • Show stats per country
  • View attack source + destination
  • Show different types of attacks (large, unusual, combined, etc.)
  • Color-coded attacks by type, source port, duration and destination port
  • Show size of the DDoS attack in Gbps
  • Get embed code to insert the map in your own website
  • Sort by TCP connection, volumetric, fragmentation and application

Kaspersky Cyber Malware and DDoS Real-Time Map

The Kaspersky cyber threat map is one of the most complete maps we’ve seen so far, as well as the best when it comes to graphical interface.

Kaspersky cyber threat map

Once you load the map, it detects your current location and show you stats for your country, including historical top local infections for the last week.

Kaspersky stats

Activities detected by the map:

  • On-Access Scan
  • On-Demand Scan
  • Mail Anti-Virus
  • Web Anti-Virus
  • Intrusion Detection Scan
  • Vulnerability Scan
  • Kaspersky Anti-Spam
  • Botnet Activity Detection

It also offers some really cool features, including:

  • Switch to globe view
  • Toggle map color
  • Zoom in/out
  • Enable/disable demo mode
  • Embed map using iframe

ThreatCoud Live Cyber Attack Threat map

ThreatCloud from CheckPoint is another cyber attack map offering a sophisticated way to detect DDoS attacks all over the world. It’s not the most advanced in our list, but it does a good job of showing live stats for today’s and yesterday’s attacks.

Taking a quick look at their live stats, we see new attacks coming in, the source of the attacks and their various destinations. Another interesting thing we find is the “Top targets by country” feature, which offers threat stats for the previous week and month, as well as the average infection rate and percentage of most frequent attack sources for some countries.

ThreatCloud Attack Map

Akamai Real-Time Web Attack Monitor

Akamai is another great alternative if you’re looking for an attack visualization map.

This company controls a big portion of today’s global internet traffic. With the vast amounts of information it gathers, it’s able to offer real-time stats identifying the sources of most of the biggest attacks anywhere in the world.

Akamai attack visualization map

Its map cites the top attack locations for the past 24 hours, letting you choose between different regions of the world, such as the Americas, Europe, Middle East, Africa, Asia Pacific and Japan.

Fortinet Threat Map

The Fortinet Threat Map displays malicious network activity filtered by geographic regions. This attack map will show you various international sources of attack and their destinations.

General live attack activity will be shown in orderof attack type, severity and geographic location.

Fortinet Threat Map

Country-based statistics for incoming and outgoing attacks and overall activity can be found by clicking on any country name. The different colors seen in the map indicate the type of attack, for example:

  • Execution (remote execution attacks)
  • Memory (memory-related attacks)
  • Link (Attack from a remote location)
  • DoS (Denial of Service attacks)
  • Generic attacks

Threat Butt Hacking Attack Map

Threat Butt offers one of the coolest digital attack maps around, not because of a wide range of features, but because of its retro design, including that smile-inducing Atari sound that brings us back to our childhood gaming days.

Threat Butt Hacking Attack Map

The map is a basic black and green design, with red lines extending to countries where attacks are detected. In the footer you’ll see descriptive information about each attack, including origin country, IP address, destination, as well as a few funny captions, for example:

jpn (XX.XX.XX.XX) uses Metasploit against usa (YY.YY.YY.YY.YY) — it's probably fine ¯\_(ツ)_/¯
usa (XX.XX.XX.XX) uses EULA Violation! against usa (YY.YY.YY.YY.YY) — It's good for business!
can (XX.XX.XX.XX) uses whatever is at the top of an F-Secure report against usa (YY.YY.YY.YY.YY) — IT'S CYBER POMPEII !
ita (XX.XX.XX.XX) uses industry-leading inappropriate SSL certificates against jpn (YY.YY.YY.YY.YY) — NSA tells us we can't tell you if it worked
chn (XX.XX.XX.XX) uses Slammer against bgr (YY.YY.YY.YY.YY) — IT'S SUPER EFFECTIVE!

LookingGlass Phishing/Malicious URL Map

The LookingGlass real-time map shows actual data from Looking Glass threat intelligence feeds, such as:

  • Cyveillance Infection Records Data Feed
  • Cyveillance Malicious URL Data Feed
  • Cyveillance Phishing URL Data Feed

It’s fully dedicated to detecting and showing live activity for infected malicious and phishing domain URLs. Once you load it, the results will be shown in four columns relating infections per second, live attacks, botnets involved and the total number of affected countries.

LookingGlass Phishing/Malicious URL Map

By clicking on any location on the map, you’ll get additional details about the malicious incident, such as time, ASN, organization and country code.

Talos Spam and Malware Map

Talos is another security company offering a free digital attack map. The threats seen in this map are detected by Talos attack sensors, as well as culled from thirdparty feeds. The information displayed is completely dedicated to revealing the world’s top spam and malware senders.

While playing with the map we found that it lets us sort the top 10 cyber attack sender lists by country as well as by top malware senders.

Talos Spam and Malware Map

Additional information about these senders can be seen by clicking their names, which reveals the exact IP address of the server that sent the spam/malware, hostname, last day of the detection, as well as reputation status.

Also, when you click the hostname it displays extended information about the network owner, as well as reputation details, email volume average and volume change.

Sophos Threat Tracking Map

The Sophos map is not a real time map, but a static threat tracking map. It’s data comes from SophosLabs monitoring and malware research activities.

Threats are visualized by three central graphics:

  • Today’s Malicious Web Requests
  • Today’s Blocked Malware
  • Today’s Web Threats
Sophos Threat Tracking Map

At the end you’ll find a Threat Geography map which allows you to click on any affected location to find out more details about spam issues. Examples include:

  • Infected websites (including the malware/virus name).
  • Spam source (including subject, source IP and exact location)
  • Email malware source (including subject, source IP and exact location)
Threat Geography map

FireEye Cyber Threat Map

The FireEye Cyber Threat Map is the last map we recommend, basically because this one doesn’t bring a lot of features to the table. It only shows origin, destination, total number of attacks and some interesting stats about the previous 30 days, such as top attacker countries and top most attacked industries.

FireEye Cyber Threat Map

Final thoughts

Cyber attacks, along with spam and malware infections, are increasing in frequency more than ever. While the cyber attack maps we’ve explored won’t help mitigate these malicious activities, it’s always useful to have a clear view of the top threats in action all around us.

When looking at these digital attack maps it’s clear that no one in this hyper-connected world has ever been really safe from network threats, so the important question here is… What are you doing to prevent cyber crime in your online company?

If you’re a part of any public or private cybersecurity team, start with the basics: explore your attack surface by performing security audits, to reduce the vulnerabilities in your organization.


Try our free API service to integrate our cybersecurity intelligence platform with your own apps. Or take a look at SurfaceBrowser™, our enterprise infosec intelligence tool built to discover your exposed digital surface. Book a demo with our sales team today, or grab our 7-day trial deal for only $49.