Have you ever wondered just how many computers in the world have been infected by malware? Well, now there's a real-time map where you can see all the infected machines communicating back to the hackers who created the malware.
There are already online maps that exist to show cyberattacks occurring in the world based on news reports, but security intelligence firm SecurityScorecard's map is a bit different – it is able to map cyberattacks and malware infections in real time thanks to an extensive network of honeypot servers and DNS sinkholes.
The malware infections map is interesting because it is able to show all the different families of malware that are still active and causing mischief on people's computers and servers, and where in the world infections are at their worst. This is due to SecurityScorecard's network of DNS sinkholes set up in various data centres around the world, which are set up to attract and intercept communications of active malware infections that are attempting to "phone home" to the administrative Command and Control (C&C) server where the malware originated from.
Each dot on the map represents a live infection that the firm is currently monitoring, and the information collected by the DNS sinkholes is then analysed by SecurityScorecard and the IP address correlated to a corporate enterprise or government agency. It is this technology that the firm used to identify 10,000 infected machines in Nasa's internal network after reports that the space agency had been hacked.
The firm then reverses the Domain Generation Algorithms (DGA) of the malware samples to determine the domain names used by the C&C servers and takes over the domain names, which allows SecurityScorecard researchers to then see every single device that has been infected by that particular strain of malware.
SecurityScorecard is also offering a free instant security assessment to companies and organisations who can see how well-protected their networks are from the outside, based on looking at the network's DNS health, web app security, IP reputation, network security, endpoint security, hacker chatter, cubit score, password exposure, patching cadence and social engineering.