Real-Time Cyber-Attack Map Shows Scope of Global Cyber War

Norse Live Attack Map 3
Norse's real-time cyberattack map shows less than 1 percent of attacks on the threat intelligence firm's own network. Norse

An interactive map that visualizes the global cyber war in real time has been making the rounds on social media in recent days. It shows a steady flow, or sometimes deluge, of cyber-attacks—depicted as colorful, laser-esque beams—traversing the screen...and it is captivating audiences.

Norse

“Hypnotized watching the Norse cyber-attack map,” one user's tweet began.

“China is cyber attacking America NOW!,” another exclaimed.

But what exactly are we looking at here?

“The attacks you are seeing are actually on Norse’s infrastructure,” Jeff Harrell, Norse’s vice president of product, tells Newsweek over the phone. That’s right, the unrelenting attacks you’re watching are only the ones being waged against a single company.

Furthermore: “This is also far less than 1 percent of the data we receive at any given time,” he added. Essentially, your browser would freeze if Norse tried to show everything. It also means that you’re just getting a sampling of attacks—any origin or destination patterns you’ve noticed may have little significance when compared to the whole picture, most of which you’re not seeing.

Norse is a threat intelligence firm based in Foster City, California, that gathers information on attacks happening to its infrastructure, records where they’re coming from and lets its customers know to block the malicious IP addresses. “We take the first hit so our customers don’t have to,” Harrell said.

He wouldn’t elaborate on who those clients are, other than to say they include financial service and high tech companies, as well as government agencies such as the Department of Energy (with which it has a $1.9 million contract).

The firm actually attracts attacks on its network through its 8 million speciality sensors, which it has scattered across 50 countries. This is why attacks appear consistently to hit seemingly unexpected locales, like St. Louis, Missouri (where Norse’s administrative offices and some sensors are located). The sensors are designed to look like common PCs, Macs, X-ray machines and ATMs—systems typically targeted.

But something the map can’t convey: There often isn’t a hooded bad man waging each attack, as stereotypical stock images would have you believe. It’s probably grandma’s malware-infected computer; most of the attacks are automated, carried out by bots that you got from clicking the wrong email.

While Norse’s cyber-attack map is years old and was last updated in April, Harrell says it gets renewed attention every time something major happens. Last year, it was when Facebook went down. This year, it seems to be the massive breach of the U.S. Office of Personnel Management's (OPM) systems, which compromised the personal information of more than 21 million prospective, current and former government workers.