The European Repository of Cyber Incidents (EuRepoC) is releasing the Global Dataset of Cyber Incidents in Version 1.3 as an extract of our backend database. This official release contains fully consolidated cyber incident data reviewed by our interdisciplinary experts in the fields of politics, law and technology across all 60 variables covered by the European Repository. Version 1.3 covers the years 2000 – 2024 entirely. The Global Dataset is meant for reliable, evidence-based analysis. If you require real-time data, please refer to the download option in our TableView or contact us for special requirements (including API access).

The dataset now contains data on 3416 cyber incidents which started between 01.01.2000 and 31.12.2024. The European Repository of Cyber Incidents (EuRepoC) gathers, codes, and analyses publicly available information from over 220 sources and 600 Twitter accounts daily to report on dynamic trends in the global, and particularly the European, cyber threat environment.

For more information on the scope and data collection methodology see: https://eurepoc.eu/methodology

Full Codebook available here

Information about each file

please scroll down this page entirely to see all files available. Zenodo only displays the attribution dataset by default.

Global Database (csv or xlsx):
This file includes all variables coded for each incident, organised such that one row corresponds to one incident - our main unit of investigation. Where multiple codes are present for a single variable for a single incident, these are separated with semi-colons within the same cell.

Receiver Dataset (csv or xlsx):
In this file, the data of affected entities and individuals (receivers) is restructured to facilitate analysis. Each cell contains only a single code, with the data "unpacked" across multiple rows. Thus, a single incident can span several rows, identifiable through the unique identifier assigned to each incident (incident_id).

Attribution Dataset (csv or xlsx):
This file follows a similar approach to the receiver dataset. The attribution data is "unpacked" over several rows, allowing each cell to contain only one code. Here too, a single incident may occupy several rows, with the unique identifier enabling easy tracking of each incident (incident_id). In addition, some attributions may also have multiple possible codes for one variable, these are also "unpacked" over several rows, with the attribution_id enabling to track each attribution.

Dyadic Dataset (csv or xlsx):
The dyadic dataset puts state dyads in the focus. Each row in the dataset represents one cyber incident in a specific dyad. Because incidents may affect multiple receivers, single incidents can be duplicated in this format, when they affected multiple countries.

Phishing, ransomware, and business malware have been the most widespread types of cyberattacks in the United States, resulting in data compromises. In 2024, 455 cases of phishing and its variations were detected. Ransomware followed in the second place, with 188 attacks.

In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

Overview This dataset is a comprehensive, easy-to-understand collection of cybersecurity incidents, threats, and vulnerabilities, designed to help both beginners and experts explore the world of digital security. It covers a wide range of modern cybersecurity challenges, from everyday web attacks to cutting-edge threats in artificial intelligence (AI), satellites, and quantum computing. Whether you're a student, a security professional, a researcher, or just curious about cybersecurity, this dataset offers a clear and structured way to learn about how cyber attacks happen, what they target, and how to defend against them.

With 14134 entries and 15 columns, this dataset provides detailed insights into 26 distinct cybersecurity domains, making it a valuable tool for understanding the evolving landscape of digital threats. It’s perfect for anyone looking to study cyber risks, develop strategies to protect systems, or build tools to detect and prevent attacks.

What’s in the Dataset? The dataset is organized into 16 columns that describe each cybersecurity incident or research scenario in detail:

ID: A unique number for each entry (e.g., 1, 2, 3). Title: A short, descriptive name of the attack or scenario (e.g., "Authentication Bypass via SQL Injection"). Category: The main cybersecurity area, like Mobile Security, Satellite Security, or AI Exploits. Attack Type: The specific kind of attack, such as SQL Injection, Cross-Site Scripting (XSS), or GPS Spoofing. Scenario Description: A plain-language explanation of how the attack works or what the scenario involves. Tools Used: Software or tools used to carry out or test the attack (e.g., Burp Suite, SQLMap, GNURadio). Attack Steps: A step-by-step breakdown of how the attack is performed, written clearly for all audiences. Target Type: The system or technology attacked, like web apps, satellites, or login forms. Vulnerability: The weakness that makes the attack possible (e.g., unfiltered user input or weak encryption). MITRE Technique: A code from the MITRE ATT&CK framework, linking the attack to a standard classification (e.g., T1190 for exploiting public-facing apps). Impact: What could happen if the attack succeeds, like data theft, system takeover, or financial loss. Detection Method: Ways to spot the attack, such as checking logs or monitoring unusual activity. Solution: Practical steps to prevent or fix the issue, like using secure coding or stronger encryption. Tags: Keywords to help search and categorize entries (e.g., SQLi, WebSecurity, SatelliteSpoofing). Source: Where the information comes from, like OWASP, MITRE ATT&CK, or Space-ISAC.

Cybersecurity Domains Covered The dataset organizes cybersecurity into 26 key areas:

AI / ML Security

AI Agents & LLM Exploits

AI Data Leakage & Privacy Risks

Automotive / Cyber-Physical Systems

Blockchain / Web3 Security

Blue Team (Defense & SOC)

Browser Security

Cloud Security

DevSecOps & CI/CD Security

Email & Messaging Protocol Exploits

Forensics & Incident Response

Insider Threats

IoT / Embedded Devices

Mobile Security

Network Security

Operating System Exploits

Physical / Hardware Attacks

Quantum Cryptography & Post-Quantum Threats

Red Team Operations

Satellite & Space Infrastructure Security

SCADA / ICS (Industrial Systems)

Supply Chain Attacks

Virtualization & Container Security

Web Application Security

Wireless Attacks

Zero-Day Research / Fuzzing

Why Is This Dataset Important? Cybersecurity is more critical than ever as our world relies on technology for everything from banking to space exploration. This dataset is a one-stop resource to understand:

What threats exist: From simple web attacks to complex satellite hacks. How attacks work: Clear explanations of how hackers exploit weaknesses. How to stay safe: Practical solutions to prevent or stop attacks. Future risks: Insight into emerging threats like AI manipulation or quantum attacks. It’s a bridge between technical details and real-world applications, making cybersecurity accessible to everyone.

Potential Uses This dataset can be used in many ways, whether you’re a beginner or an expert:

Learning and Education: Students can explore how cyber attacks work and how to defend against them. Threat Intelligence: Security teams can identify common attack patterns and prepare better defenses. Security Planning: Businesses and governments can use it to prioritize protection for critical systems like satellites or cloud infrastructure. Machine Learning: Data scientists can train models to detect threats or predict vulnerabilities. Incident Response Training: Practice responding to cyber incidents, from web hacks to satellite tampering.

Ethical Considerations Purpose: The dataset is for educational and research purposes only, to help improve cybersecurity knowledge and de...

Pay attention to the following cybersecurity statistics to learn how to protect yourself from attacks.

This dataset comprises 100,000 entries of synthesized cybersecurity incidents. It provides extensive details on various attack scenarios, target systems, and response measures. The data is structured across 15 columns, each capturing critical aspects of cybersecurity events, including:

Incident Details:

attack_type: Type of the cyberattack (e.g., DDoS, phishing, ransomware). target_system: Systems targeted during the attack. outcome: The result of the attack (e.g., success, failure). timestamp: Time of the attack occurrence. Attacker and Target Information:

attacker_ip: IP address of the attacker. target_ip: IP address of the target. Attack Metrics:

data_compromised_GB: Volume of data compromised in GB. attack_duration_min: Duration of the attack in minutes. attack_severity: Severity of the attack on a scale. Defense and Response:

security_tools_used: Security tools or defenses employed. response_time_min: Time taken to respond to the incident. mitigation_method: Method used to mitigate the attack. Contextual Information:

user_role: Role of the user or entity involved. location: Geographical location of the incident. industry: Industry targeted by the attack. This dataset is ideal for exploring patterns in cybersecurity incidents, evaluating the effectiveness of response strategies, and building predictive models to enhance security measures. Let me know if you'd like further analysis or visualization of the data!

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

Context

(U) My purpose is to analyze Amazon Web Services (AWS) honeypot data for any trends and/or correlations that could possibly be used in predictive cyber threat vectors. I spent a lot of time looking for data sets and most of the ones I found had no documentation and the data was hard to interpret just from the file. This data is well formatted and straight forward.

Content

(U) The AWS Honeypot Database is an open-source database including information on cyber attacks/attempts.

(U) Data has 451,581 data points collected from 9:53pm on 3 March 2013 to 5:55am on 8 September 2013.

Acknowledgements

http://datadrivensecurity.info/blog/pages/dds-dataset-collection.html Jay Jacobs & Bob Rudis

Inspiration

Your data will be in front of the world's largest data science community. What questions do you want to see answered?

To determine the effectiveness of any defense mechanism, there is a need for comprehensive real-time network data that solely references various attack scenarios based on older software versions or unprotected ports, and so on. This presented dataset has entire network data at the time of several cyber attacks to enable experimentation on challenges based on implementing defense mechanisms on a larger scale. For collecting the data, we captured the network traffic of configured virtual machines using Wireshark and tcpdump. To analyze the impact of several cyber attack scenarios, this dataset presents a set of ten computers connected to Router1 on VLAN1 in a Docker Bridge network, that try and exploit each other. It includes browsing the web and downloading foreign packages including malicious ones. Also, services like FTP and SSH were exploited using several attack mechanisms. The presented dataset shows the importance of updating and patching systems to protect themselves to a greater extent, by following attack tactics on older versions of packages as compared to the newer and updated ones. This dataset also includes an Apache Server hosted on the different subset on VLAN2 which is connected to the VLAN1 to demonstrate isolation and cross-VLAN communication. The services on this web server were also exploited by the previously stated ten computers. The attack types include: Distributed Denial of Service, SQL Injection, Account Takeover, Service Exploitation (SSH, FTP), DNS and ARP Spoofing, Scanning and Firewall Searching and Indexing (using Nmap), Hammering the services to brute-force passwords and usernames, Malware attack, Spoofing and Man-in-the-Middle Attack. The attack scenarios also show various scanning mechanisms and the impact of Insider Threats on the entire network.

[227+ Pages Report] Global Cyber Security Market size & share projected to hit a record value of USD 398.3 Billion by 2026 at an anticipated CAGR growth rate of 14.9% during the forecast period 2021-2026. Increasing use of technological measures in the sectors of retails, BSFI, information and technology, and manufacturing will boost the footprint of global cyber security market to a larger footprint.

The dataset contains data on 2889 cyber incidents between 01.01.2000 and 02.05.2024 using 60 variables, including the start date, names and categories of receivers along with names and categories of initiators. The database was compiled as part of the European Repository of Cyber Incidents (EuRepoC) project.

EuRepoC gathers, codes, and analyses publicly available information from over 200 sources and 600 Twitter accounts daily to report on dynamic trends in the global, and particularly the European, cyber threat environment.

For more information on the scope and data collection methodology see: https://eurepoc.eu/methodology

Codebook available here

Information about each file:

Global Database (csv or xlsx):
This file includes all variables coded for each incident, organised such that one row corresponds to one incident - our main unit of investigation. Where multiple codes are present for a single variable for a single incident, these are separated with semi-colons within the same cell.

Receiver Dataset (csv):
In this file, the data of affected entities and individuals (receivers) is restructured to facilitate analysis. Each cell contains only a single code, with the data "unpacked" across multiple rows. Thus, a single incident can span several rows, identifiable through the unique identifier assigned to each incident (incident_id).

Attribution Dataset (csv):
This file follows a similar approach to the receiver dataset. The attribution data is "unpacked" over several rows, allowing each cell to contain only one code. Here too, a single incident may occupy several rows, with the unique identifier enabling easy tracking of each incident (incident_id). In addition, some attributions may also have multiple possible codes for one variable, these are also "unpacked" over several rows, with the attribution_id enabling to track each attribution.

eurepoc_global_database_1.2 (json):
This file contains the whole database in JSON format.

The National Institute of Standards and Technology (NIST) provides a Cybersecurity Framework (CSF) for benchmarking and measuring the maturity level of cybersecurity programs across all industries. The City uses this framework and toolset to measure and report on its internal cybersecurity program. The foundation for this measure is the Framework Core, a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure/industry sectors. These activities come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) published standard, along with the information security and customer privacy controls it references (NIST 800 Series Special Publications). The Framework Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous functions: identify, protect, detect, respond, and recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The Framework Core identifies underlying key categories and subcategories for each function, and matches them with example references, such as existing standards, guidelines, and practices for each subcategory. This page provides data for the Cybersecurity performance measure. Cybersecurity Framework (CSF) scores by each CSF category per fiscal year quarter (Performance Measure 5.12) The performance measure dashboard is available at 5.12 Cybersecurity. Additional InformationSource: Maturity assessment /https://www.nist.gov/topics/cybersecurityContact: Scott CampbellContact E-Mail: Scott_Campbell@tempe.govData Source Type: ExcelPreparation Method: The data is a summary of a detailed and confidential analysis of the city's cybersecurity program. Maturity scores of subcategories within NIST CFS are combined, averaged, and rolled up to a summary score for each major category.Publish Frequency: AnnualPublish Method: ManualData Dictionary

Cyber attacks are a growing concern for small businesses during COVID-19 . Be Protected While You Work. Upgrade Your Small Business's Virus Protection Today! Before going for a Cyber security solutions for small to mid-sized businesses deliver enterprise-level protection.

Download this (Checklist for a Small Firm's Cybersecurity Program 2020-2021) data set to deploy secure functioning of various aspects of your small business including, employee data, website and more.This checklist is provided to
assist small member firms with limited resources to establish a cybersecurity program to identify and assess cybersecurity threats,
protect assets from cyber intrusions,
detect when their systems and assets have been compromised,
plan for the response when a compromise occurs and implement a plan to recover lost, stolen or unavailable assets. 
Train employees in security principles.
Protect information, computers, and networks from malware attacks.
Provide firewall security for your Internet connection.
Create a mobile device action plan.
 Make backup copies of important business data and information.
 Learn about the threats and how to protect your website.
 Protect Your Small Business site.
 Learn the basics for protecting your business web sites from cyber attacks at WP Hacked Help Blog

Created With Inputs From Security Experts at WP Hacked Help - Pioneer In WordPress Malware Removal & Security

In 2024, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered more than a quarter of the total cyberattacks. Organizations in the finance and insurance followed, with around 23 percent. Professional, business, and consumer services ranked third, with 18 percent of reported cyberattacks. Manufacturing industry and cyberattacks The industry of manufacturing has been in the center of cyberattacks in a long time. The share of cyberattacks targeting organizations in this sector in 2018 was at 10 percent, while in 2024, it amounted to 26 percent. The situation is even more compliacted when we look at the cyber vulnerabilities found in this sector. In 2024, critical vulnerabilities in manufacturing companies lasted 205 days on average. IT perspective and prevention With recent technology developments, cybersecurity is crucial to an organization’s success. Realizing this, companies have been gradually increasing cybersecurity investments. Thus, in 2024, the cybersecurity budget worldwide was forecast to increase to nearly 283 billion U.S. dollars. Roughly nine in ten board directors of companies worldwide in professional services and media and entertainment industries say they expect an increase in the cybersecurity budget.

Strengthen your cyber defense with our extensive, daily-updated WHOIS database. Accessible in CSV, JSON, and XML, it's a crucial asset for any security strategy.

Cybersecurity Dataset: Are We Ready in Latin America and the Caribbean? (2016)

This dataset supports the 2016 Cybersecurity Report, Are We Ready in Latin America and the Caribbean?, produced by the Inter-American Development Bank (IDB), Organization of American States (OAS), and Global Cyber Security Capacity Centre (GCSCC) at Oxford.

Data were collected via an online survey using the Cybersecurity Capability Maturity Model (CMM), developed by the GCSCC. The survey was translated into English and Spanish. Following a pilot phase, it was administered to a diverse group of national stakeholders across 32 countries in Latin America and the Caribbean.

The responses were aggregated, reviewed, cleaned, and supplemented with additional information from external sources to ensure completeness and accuracy.

Cyber Security Insurance Market Outlook

The global cyber security insurance market size was valued at approximately USD 11 billion in 2023 and is expected to grow significantly to reach around USD 44 billion by 2032, exhibiting a remarkable compound annual growth rate (CAGR) of roughly 16.5%. This robust growth is primarily driven by the increasing frequency and sophistication of cyber threats, which have compelled organizations across various sectors to invest in insurance solutions that can mitigate potential risks and financial losses associated with data breaches and cyber-attacks. As businesses continue to digitize their operations, the demand for comprehensive cyber security insurance policies is expected to rise exponentially, providing a substantial growth opportunity for insurance providers worldwide.

One of the key growth factors for the cyber security insurance market is the escalating number of cyber incidents globally. The digital transformation journey undertaken by many organizations has exposed them to a wider array of cyber threats, ranging from ransomware attacks to data breaches. These incidents not only result in significant financial losses but also damage brand reputation and customer trust. Consequently, businesses are increasingly recognizing the importance of having a robust insurance plan that can offer financial protection and support in the event of a cyber incident. Additionally, regulatory frameworks around data protection and privacy are becoming more stringent, prompting companies to adopt cyber insurance as part of their compliance strategies.

Moreover, the increasing awareness of cyber risks among small and medium-sized enterprises (SMEs) is another pivotal factor contributing to market growth. SMEs often lack the resources to invest in advanced cybersecurity measures, making them vulnerable to cyber-attacks. As a result, many are turning to cyber insurance as a viable solution to bolster their cyber risk management strategies. Insurers are responding by offering tailored policies suited to the specific needs and budgets of SMEs, thereby expanding their reach and increasing market penetration. This trend is expected to continue, driven by the realization among SMEs of the catastrophic consequences that cyber incidents can have on their operations.

Technological advancements and the proliferation of cloud-based services are also catalyzing the growth of the cyber security insurance market. The shift towards cloud computing and remote work has expanded the attack surface for cybercriminals, thereby elevating the risk of security breaches. In response, insurers are developing innovative products that cover cloud-specific risks, offering protection against potential vulnerabilities in cloud infrastructure. This adaptability and innovation in product offerings are attracting a wider range of customers and are likely to sustain market expansion over the forecast period.

Regionally, North America is expected to maintain its dominance in the cyber security insurance market, driven by the early adoption of technology and a well-established insurance sector. The region's strong regulatory landscape, coupled with the presence of major players, contributes to its leading position. However, Asia Pacific is projected to exhibit the highest growth rate, with a CAGR of over 18% during the forecast period. This growth is fueled by the rapid digitization of economies such as China and India, alongside increasing awareness of cyber risks. Europe is also anticipated to witness substantial growth due to stringent data protection regulations and increasing incidents of cyber threats across the region.

Coverage Type Analysis

The cyber security insurance market is segmented by coverage type, which includes data breach, cyber liability, business interruption, and others. Data breach insurance remains one of the most sought-after coverages, driven by the alarming increase in incidents where sensitive information is compromised. As cybercriminals develop more sophisticated methods to infiltrate systems, businesses are under immense pressure to protect their customer and employee data. Data breach insurance provides critical financial and support services, including coverage for legal fees, notification costs, and credit monitoring services, making it an essential component of an organization's risk management strategy.

Cyber liability insurance is another significant coverage type within the market, addressing the third-party claims associated with cyber incidents. This can include legal costs, settlements, and judgments related to data breaches

Healthcare Cyber Security Market Outlook

According to our latest research, the global healthcare cyber security market size in 2024 is valued at USD 17.2 billion, driven by the increasing digitization of healthcare systems and the rising frequency of cyber-attacks targeting sensitive medical data. The market is projected to grow at a CAGR of 16.8% during the forecast period, reaching approximately USD 49.6 billion by 2033. This robust growth is primarily fueled by the proliferation of electronic health records (EHRs), expanding telemedicine adoption, and stringent regulatory mandates for data protection in the healthcare sector.

One of the most significant growth factors for the healthcare cyber security market is the exponential rise in cyber threats and data breaches affecting healthcare organizations globally. With healthcare data being highly valuable on the black market, malicious actors are increasingly targeting hospitals, clinics, insurance companies, and pharmaceutical firms. The proliferation of connected medical devices and the Internet of Medical Things (IoMT) has further expanded the attack surface, making healthcare systems more vulnerable. As a result, organizations are investing heavily in advanced cyber security solutions and services to safeguard patient data, intellectual property, and critical infrastructure, propelling market growth.

Another key driver is the rapid digitization and integration of information technology in healthcare operations. The adoption of electronic health records, telehealth platforms, cloud-based applications, and mobile health apps has transformed patient care delivery but has also introduced new vulnerabilities. Regulatory frameworks such as HIPAA in the United States, GDPR in Europe, and similar mandates worldwide require healthcare providers to implement robust data protection strategies. This regulatory pressure, combined with the reputational and financial risks associated with data breaches, is compelling healthcare organizations to prioritize cyber security investments, further accelerating market expansion.

The growing complexity of healthcare networks, coupled with the need for interoperability and real-time data sharing, has created additional challenges in maintaining security. As healthcare systems integrate third-party vendors, cloud platforms, and mobile devices, the risk of unauthorized access and data leakage increases. The demand for comprehensive security solutions, including network security, endpoint security, application security, and cloud security, is surging. Moreover, the shift towards value-based care and the rise of remote patient monitoring are encouraging healthcare stakeholders to adopt proactive and holistic cyber security frameworks to ensure patient safety and operational continuity.

From a regional perspective, North America dominates the healthcare cyber security market, accounting for the largest revenue share in 2024, followed by Europe and Asia Pacific. The United States, in particular, leads the market due to high healthcare IT adoption, stringent regulatory requirements, and a significant number of cyber incidents reported annually. Europe is witnessing robust growth, driven by GDPR compliance and increasing investments in healthcare IT infrastructure. Meanwhile, the Asia Pacific region is emerging as a high-growth market, fueled by rapid digital transformation in healthcare, rising awareness about data protection, and government initiatives to strengthen cyber security frameworks. Latin America and the Middle East & Africa are also experiencing steady growth, albeit at a slower pace, as healthcare organizations in these regions gradually enhance their cyber security capabilities.

Component Analysis

The healthcare cyber security market is segmented by component into solutions and services, each playing a critical role in the overall security posture of healthcare organizations. Solutions encompass a wide range of software and hardware off

CTU Hornet 65 Niner is a dataset of 65 days of network traffic attacks captured in cloud servers used as honeypots to help understand how geography may impact the inflow of network attacks. The honeypots were placed in nine different geographical locations: Amsterdam, London, Frankfurt, San Francisco, New York, Singapore, Toronto, Bangalore, and Sydney. The data was captured from April 28th to July 1st, 2024.

The nine cloud servers were created and configured following identical instructions using Ansible [1] in DigitalOcean [2] cloud provider. The network capture was performed using the Zeek [3] network monitoring tool, which was installed on each cloud server. The cloud servers had only one service running (SSH on a non-standard port) and were fully dedicated to being used as a honeypot. No honeypot software was used in this dataset.

The dataset is composed of nine scenarios:

• Honeypot-Cloud-DigitalOcean-Geo-1: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-2: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-3: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-4: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-5: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-6: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-7: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-8: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
• Honeypot-Cloud-DigitalOcean-Geo-9: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files

References:

[1] Ansible IT Automation Engine, https://www.ansible.com/. Accessed on 08/28/2024.

[2] DigitalOcean, https://www.digitalocean.com/. Accessed on 08/28/2024.

[3] Zeek Documentation, https://docs.zeek.org/en/master/index.html. Accessed on 08/28/2024.

Funding:

The authors acknowledge support by the Strategic Support for the Development of Security Research in the Czech Republic 2019--2025 (IMPAKT 1) program, by the Ministry of the Interior of the Czech Republic under No. VJ02010020 -- AI-Dojo: Multi-agent testbed for the research and testing of AI-driven cyber security technologies.