Back

Which Countries are Most Dangerous? Cyber Attack Origin – by Country

banner-alert

CyberProof’s Cyber Threat Intelligence (CTI) team performed an analysis of the most dangerous countries in 2021. We conducted research to identify the most common origins of cyber attacks, basing our research on the verified indicators seen during attacks. 

In our investigation, we used IP addresses reported in open-source feeds – as well as in premium feeds that we maintain and monitor. These feeds include indicators from various types of attacks and sources: 
  • Phishing campaigns
  • Malware campaigns
  • Ransomware Command and Control (C&C) servers
  • SSH and FTP attacks
  • Web-application attacks
  • Unique Indicators of Compromise (IOCs) from the dark web

We analyzed all IP addresses in these feeds during 2021, identified their geolocation, by country – and came up with a means of rating each of the countries. 

We conducted research to identify the most common origins of cyber attacks, basing our research on the verified indicators seen during attacks. 

Highest 10 Countries of Origin for Cyber Attacks

Based on our research, the ten countries that served as the place of origin for the highest number of cyber attacks, in 2021, include:

Diagram 1

Highest 10 Countries of Origin for Cyber Attacks

  1. China – 18.83%
  2. United States – 17.05%
  3. Brazil – 5.63%
  4. India – 5.33%
  5. Germany – 5.10%
  6. Vietnam – 4.23%
  7. Thailand – 2.51%
  8. Russia – 2.46%
  9. Indonesia – 2.41%
  10. Netherlands – 2.20%

Note that some of the IP addresses in these feeds represent legitimate services (such as cloud infrastructure), which were abused by threat actors to launch the attacks.


For more information about how to use targeted threat intelligence to protect an enterprise from cyber attack, contact us.