Which Countries are Most Dangerous? Cyber Attack Origin – by Country

Which Countries are Most Dangerous? Cyber Attack Origin – by Country

By Niv DavidPur

January 4, 2022

CyberProof’s Cyber Threat Intelligence (CTI) team performed an analysis of the most dangerous countries in 2021. We conducted research to identify the most common origins of cyber attacks, basing our research on the verified indicators seen during attacks. 

In our investigation, we used IP addresses reported in open-source feeds – as well as in premium feeds that we maintain and monitor. These feeds include indicators from various types of attacks and sources: 
  • Phishing campaigns
  • Malware campaigns
  • Ransomware Command and Control (C&C) servers
  • SSH and FTP attacks
  • Web-application attacks
  • Unique Indicators of Compromise (IOCs) from the dark web

We analyzed all IP addresses in these feeds during 2021, identified their geolocation, by country – and came up with a means of rating each of the countries. 

We conducted research to identify the most common origins of cyber attacks, basing our research on the verified indicators seen during attacks. 

Highest 10 Countries of Origin for Cyber Attacks

Based on our research, the ten countries that served as the place of origin for the highest number of cyber attacks, in 2021, include:

Diagram 1Highest 10 Countries of Origin for Cyber Attacks

  1. China – 18.83%
  2. United States – 17.05%
  3. Brazil – 5.63%
  4. India – 5.33%
  5. Germany – 5.10%
  6. Vietnam – 4.23%
  7. Thailand – 2.51%
  8. Russia – 2.46%
  9. Indonesia – 2.41%
  10. Netherlands – 2.20%

Note that some of the IP addresses in these feeds represent legitimate services (such as cloud infrastructure), which were abused by threat actors to launch the attacks.

 


For more information about how to use targeted threat intelligence to protect an enterprise from cyber attack, contact us.

Niv DavidPur
Written by Niv DavidPur
Niv is a Senior Cyber Threat Intelligence Specialist at CyberProof responsible for delivering actionable and tailored threat intelligence, optimizing and developing intelligence-related methodologies and assimilating threat intelligence outputs in the security operations of CyberProof. Prior to CyberProof, Niv was a Sr. Intelligence Analyst at IntSights researching cyber threats originating from dark web hacking communities, conducting HUMINT operations to identify new cyber-related trends and sources, and involved in creating tools to deliver gathered intelligence. Niv served in the intelligence unit in the Israeli Defense Force as an OSINT researcher and managed an intelligence gathering department.